There is no explicit listing of business models. This is reasonable and we appreciate this decision since an explicit mentioning may evoke the false impression that certain innovative business models will not fall within the definitions of the PSD2. It has to be emphasized that the aim of the Level-Playing-Field should not be affected by this. An information flow on the level of the Competent Authorities to accepted business models seems reasonable not at least to support the aim of the EBA to prevent disproportionate long approval procedures.
The EU-wide cooperation between competent authorities on special business models under PSD2 is especially important as some of the innovative and already quite successful models were not considered, when PSD2 was finalised. One major example is the future acceptance of structures, in which a licensed/registered TPP performs Payment Initiation as well as Account Information Services on behalf of another company that implements these services as a feature in their product range. Examples for these further companies are:
- Payment Feature Providers (using a licensed PISP to integrate a PIS into their product): e-commerce use cases, factoring companies, credit transfer by photo or accounting and receivables management application provider
- Data Benefit Provider (using a registered AISP to integrate an AIS into their product): account change/alert/monitoring providers, comparison portals or credit portals (in the latter case for risk management/credit rating purposes)
Today’s advanced market developments show an urgent need for this structure. Established innovations and successful use cases would be hindered to a large extent, if these described business models cannot be implemented in a legally watertight way. Especially context-related use cases of PIS and AIS are a major driver of the PSD2-intended innovation. End users tend to share their personal data in cases of benefits, such as more convenient and automated user processes for example. And there is still considerable room for more innovative business concepts on that PSD2-basis, which will lead to further economic growth for the European market. However and only if it is not unnecessarily over-regulated.
The law and regulatory requirements have to involve itself on a second level, i.e. to meet these newly developed market needs and make sure that the processes requested by the consumer are built and maintained in a secure way, instead of generally limiting the consumer’s freedom. Given the business model and strategies of Payment Feature Providers and Data Benefit Providers, who only make use of PIS/AIS as a small component of their product range do not aim at becoming a licensed PISP or registered AISP. That is why today they already make use of other market participants to access the financial resources of their B2C-clients. They want a full PSD2-compliant service support by a regulated PISP/AISP besides their IT infrastructure needs. They would rather forgo successful consumer friendly features than applying for an own authorisation/registration.
Moreover, bundling PISP as well as bundling AISP provide other benefits for the overall market, as their acceptance would lead to increased consumer and data protection as well as IT security by implementing centrally enforceable and effectively controllable standards from the perspective of EU-wide and national competent authorities as well as by the establishment of high-quality API infrastructure standards. To boost this effect, the EBA should consider to clarify on an European Level that licensed/registered PISP/AISP, who offer their services to Payment Feature and Data Benefit Providers should implement the following measures (and accordingly describe these processes to the CA, when applying for authorisation/registration):
1. User agreements with end users to make sure the regulated TPP's responsibilities according to PSD2 are directly prescribed and transparent for the end user plus.
2. „Know Your Payment Feature/Data Benefit Provider“-Processes, i.e. processes to make sure that the regulated TPP checks background/integrity/compliance of his unregulated partners.
Chapter 4.1, Guideline 18 on the professional indemnity insurance (PII) or comparable guarantee describes the provision of the according insurance contract as well as a record of how the applicant has calculated the minimum amount in compliance with EBA Guidelines CP/2016/12. It has to be considered by EBA, that the separate consultation on the EBA Guidelines CP/2016/12 showed that the required PII by PISP/AISP could turn into a market barrier instead of the intended relief.
At first sight, the market welcomed the intended alternative of a PII/comparable guarantee compared to own funds requirements for PISPs/AISPs. However, over the course of dealing with the requirements in detail, we are afraid that the intended relief could turn out to be a market barrier for TPPs. The provided feedback by TPPs as part of the separate consultation EBA-CP-2016-12 should be taken into account before finalising Chapter 4.1 Guideline 18 of the guidelines on authorisation/registration. Especially with regard to the request, that EBA should actively involve European and national Insurers Associations to discuss the consultation concerns and/or request official statements with regard to the actual intent to provide PISPs/AISPs with according PII policies before both guidelines under consultation are finalised. Only the insurance market itself can make a final assessment, if and under which conditions it is actually able to offer a compliant PII.