The requirement could be made more specific, providing a maximum variance that would trigger review. Otherwise, the requirement would have to be taken as applying on an ongoing basis resulting in continuous review and, in principle, a requirement to seek a greater insured sum where there is growth in business.
Alternatively, complying with the minimum period of review should provide the service provider with comfort that interim changes in the size of the business would not require a reassessment of the sum insured.
The approach is welcome; there are however concerns:
1. Whilst the calculation of the sum insured is a necessary first step, the impact on the business will be the cost of insuring the sum concerned. The EMA has attempted to obtain estimates of premiums that would be applied by insurance providers but has to date received no estimates. This is a matter of concern as a small market in such policies is likely to increase costs, and depending on the calibration of the premiums, may make the service commercially unviable. We therefore ask that the EBA postpone the issuing of the Guidelines until the availability of policies has been confirmed, and the value of premiums has been established. The EBA could then consider re-calibrating the formula to ensure a reasonable and commercially viable PII regime.
2. Whilst the calculation contemplates a payment initiation service provider (“PISP”) or account information service provider (“AISP”) offering such services to third party payment service users (“PSUs”), it is also likely that such services are also harnessed by payment institutions (“PIs”) or electronic money institutions (“EMIs”) for their own account. An EMI may for example act as a PISP in order to facilitate payments from its own customers for the purchase of e-money. In this context it would be acting as both the PISP and payee in the payment transaction.
In such circumstances, liability is only likely to arise in relation to claims by the payer. The payee (i.e. the EMI) would not instigate a claim against itself, acting as a PISP. There is, therefore, some merit in reducing the sum insured where a payment service provider (“PSP”) acts as a PISP or AISP for its own benefit as a payee or client. A reduction of at least 50% would be appropriate in such circumstances.
We have separately set out in our answer to question 6 below arguments for excluding EMIs and PIs entirely from the requirement to obtain PII insurance, based on their existing own funds obligations.
3. Whilst outside of the scope of the Guidelines, the provisions of Level 1 PSD2 text do not address the risk exhibited by credit institutions (“CIs”) undertaking the same activities. CIs have no obligation to hold own funds or to seek insurance for third-party payment provider (“TPP”) services (i.e. payment initiation and account information services) and could conceivably develop considerable business operations that would have the same risk characteristics as those operated by PIs or EMI, but not offer redress to claimants in the event of a significant failure or incident. We propose that the EBA consider how such a risk would be addressed and make its views known.
There is additionally the impact on the level playing field for payment services. PIs and EMIs will have a higher cost base when offering TPP services, and will, therefore, be unable to compete with equivalent offerings of CIs. This is not an acceptable outcome and cannot be the intention of the legislators. We propose that this discrepancy be subject to review and a report prepared to set out the extent of the preference afforded to CIs.
4. During the process of seeking estimates for PII premiums from insurance firms, it became apparent that insurers would be unlikely to offer cover without also setting out a range of restrictions or limitations on any insurance policy. The value of the premium will necessarily be informed by the scope of the claims that are possible, and insurers will, therefore, seek to limit their exposure – and consequently the premiums requested - by defining the circumstances under which a claim would entertained. To this extent, we propose that the EBA consider setting out a number of limitations that would be acceptable, and would help define the scope of the liability that must be insured. This could, for example, include all claims made under Articles 73, 89 and 90, but accept that liability may be limited under contract for other losses as set out under Articles 91 and 92. These could, for example, exclude consequential loss, or claims by third parties not involved in the payment transaction.
1. Claims made can be an indicator of risk; successful claims or claims where compensation is paid out are, however, a more meaningful indicator. There is a range of factors that could give rise to spurious or unfounded claims; this is evident, for example, in general dispute resolution practices. In the online environment, frivolous or vexatious claims can be made relatively easily, and campaigns can be built in short periods of time. If these are seen to have a direct effect on the cost base of the PISP or AISP, their impact will be disproportionate and the PISP/AISP will be disadvantaged, even where there is no fault shown.
Giving credence to claims that are not proven is also contrary to general legal principles where persons are only penalised where a claim is proven.
We propose focusing on proven or settled claims, as the risk indicator for this criterion.
2. Indicators that are effectively measures of the size of the business currently placed under the “risk profile” criterion may be better placed within the “size of activity” criterion. We are of the view that the number of contracts, number of initiated payment transactions (for PISPs) and the number of different payment accounts accessed (for AISPs) are all size-related criteria.
The inclusion of the aforementioned indicators in the “risk profile” criterion may have the effect of double counting the contribution of size to the overall risk. We propose placing these indicators within the “size of activity” criterion, thus ensuring they provide discrete contributions to the overall measurement of risk.
Whilst PSD2 text suggests that non payment services impact risk, and the EBA has taken the view that this may impact the ability of the provider to make payments, we believe the indicator should be nuanced, and should, for example, consider circumstances where the other business increases the ability of the TPP (i.e. a PISP or an AISP) to make payment. We suggest examining whether it is possible to draft criteria that distinguish between other business that makes a positive contribution to the TPP’s stability from that which erodes its financial standing.
As set out under question 3 above, there is a risk of double counting size related indicators, and these would benefit from being combined.
The EBA has modelled the method of calculation on the own funds calculations in PSD2, notably Method B (Art 9 (1)). The key modification being that the ‘size of activity’ indicator calculation is based on the annual total value of transactions whereas Method B uses the indicator of one twelfth of the annual transaction value in its formula.
This results in the PII calculation being excessively large when compared with the own funds requirements of PIs processing the same annual value of transactions. Basing the ‘size of activity’ indicator on the monthly average amount of transactions would be more representative of the liabilities faced by PISPs and provide for a level playing field between the two types of institution.
1. We would welcome guidance from the EBA regarding the “specific characteristics of comparable guarantees and the criteria for their implementation”, as required under PSD2 Article 5, paragraph 4 (d).
2. We believe the existing own funds requirements for PIs and for EMIs under PSD2 and EMD2 are sufficient guarantees to cover any liabilities arising as a result of the situations outlined in Articles 73, 89, 90 and 92. We do not believe the ongoing capital requirement imposed on credit institutions for the offering of payments business is significantly different in quantum to that which results from the calculation of own funds for EMIs and PIs under EMD2 and PSD2.
The main difference is initial capital requirement, but Recital 35 of PSD2 states that PII is required because it would be disproportionate to impose an own funds requirement on PISPs and AISPs, and not initial capital.
Accordingly, we propose that PIs and EMIs should be excluded from the requirement to have PII when they offer payment initiation and account information services because they are already subject to own funds requirements.
This interpretation is not inconsistent with the provisions of level 1 text in PSD2 at Article 5(2) and (3) that refers to PII requirement when an entity applies for authorization or registration to undertake PIS or AIS business. This text can reasonably be interpreted as applying to applicants seeking ‘sole’ authorization for AIS and PIS services.
The rationale for such an interpretation and approach is the creation of a level playing field between Credit Institutions, EMIs and PIs offering such services. Sole providers of PIS and AIS services that are not subject to ongoing own funds requirements on the other hand will be required to obtain PII cover.
[Issuing of payment instruments and/or acquiring of payment transactions"]"