We partially agree with the structure of the formula (ref to §3.2.1) covering various types of risks, but we disagree with the level of % defined to determine the minimum PII amount.
The objective for both AIS and PIS is to control the fraud risk, which depends on:
i) the number of accounts that are accessible
ii) but also, on the financial capacity of the account holders, where the AIS has to retrieve information from and has access to. The risks for low financial level on accounts or high financial saving account are not the same. This is not reflected in the PII minimum monetary amount formula.
NO, we disagree
We ask EBA to consider:
Value of indemnity received
• In §45, §46, §47 the EBA guideline refers to the number of claims received from payment service users and ASPSPs.
We consider the value of the indemnity or claims received are very difficult information’s to collect for the CA.
A claim is not always related to fraud risks. A claim can be introduced for multiple reasons. How to classify the claims and to get a proper treatment between CA of different countries?
Number of contracts
• In §54 and §55 the EBA guideline refers to the number of contracting parties.
We believe that for the PIS the number of the contracting parties (including subsidiary) is not a relevant indicator of the risk profile of the company.
Number of initiated payments
• In §57 and §58 the EBA guideline refers to the number N of initiated payments.
The driver N (number of initiated payments) and the 2.5% level in the grid (point e: slice above 1M contracts) will lead to a very high PII amount for successful PIS companies. For a PIS that would initiate hundreds of millions of payments, the PII could reach several millions €.
-> It should be capped to a maximum PII or the grid should be in line with the PSD (article 9 - Method B – cf. table) grid % i.e. 0.25% for last tier >250M€.
Number of different payment accounts accessed
• In the 61§ and 62§ the EBA guideline refers to the number of accounts accessed.
The driver N number of accounts and the 2.5% grid (for > 10M accessed payment accounts) will lead to very high PII/comparable guarantee.
• This grid leads to too high PII costs for AIS.
Furthermore, we would also like to mention that based on current version of EBA RTS for strong customer authentication and access to account, a strong customer authentication of the consumer will be performed by the ASPSP (except in case of bilateral agreement, which should be an exception) for PIS and AIS services. This concept of strong authentication by the bank of the consumer should also significantly reduce the level of risk that an operation could be performed without the consent of the consumer. We recommend EBA considers those ‘customer authentication’ policies when determining the criteria for risk evaluation and also the value of the grid.
NO, we disagree
• §65 imposes to a Payment Institution (that has already its regulatory capital obligation computed e.g. via Method B) to add the PII/comparable guarantee for AIS or PIS services. We think that this is overestimating the necessary coverage and a too costly protection of end users affecting the tariffs of the services.
• For a Payment Institution having already regulatory obligation (as entering in possession of Third Party funds), we consider that if a PIS or AIS service is linked to the PI services, the requirement should not impose any additional PII/comparable guarantee on top of the PI regulation obligations (as it will cover twice the same transaction).
Request for Clarification
• We understand in §67 that “non-regulated services” offered on top of the AIS and/or PIS services will lead to an additional PII/comparable guarantee of 50K€ for the add-on.
But this additional amount is independent of the size of the non-regulated business compared to AIS / PIS business.
No, we disagree
EBA should consider for PIS.
Size of activity criterion
• §70 is requesting a far too high PII/collateral amount, by asking 2.5% of the total value of the transaction initiated by PIS over the last year.
As an example: a processor that would initiate transaction like Ideal in the Netherland (currently, Ideal count for 222M initiated payments/Y, assuming an average amount of i.e. 40 Euro per initiated payment) the PII/collateral amount that would be required could reach several hundred millions euros, looking only to the lowest grid this is accounting for:
222M payment X 40€ X 2.5% = 222M€ of PII
The level of % in the grid applied on transaction value is unrealistic, as it will add cost to the PIS and will make the business unprofitable.
• It is also not in line with Method B of the PSD1, for which the last tiers is 0.25% (above 250M€ of transaction value)
EBA should consider for AIS.
• §71 results also in very high PII with the 2.5% grid of the number of clients that have used AIS in the last 12 months. This indicator (number of clients) is redundant with the indicator in §62 in the risk profile indicator (related to the number of accounts that can be accessed).
• EBA should clarify if a client that performs 10 transactions every day needs to be accounted for as “one client” or for “365 clients” or “3650 clients”?
We request EBA to explain why the PI PSD method B cannot be applied to PIS/AIS ?
We request EBA to clarify:
(1) Assuming a company has already a professional indemnity insurance covering its professional activities and this coverage is above the PII amount computed for PIS /AIS.
Will it be considered as compliant?
(2) In example 1 (§80/§81) for the second term “type of activity criteria”:
Why to add 50K€, as the PIS does not intend to provide other services than the PIS?
[Issuing of payment instruments and/or acquiring of payment transactions"]"