2018_4172 Interpretation of 'Active request for account information'

Question ID: 2018_4172
Legal act: Directive 2015/2366/EU (PSD2)
Topic: Strong customer authentication and common and secure communication (incl. access)
Article: 67
COM Delegated or Implementing Acts/RTS/ITS/GLs/Recommendations: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
Article/Paragraph: Article 36 (5)(b) RTS SCA
Type of submitter: Credit institution
Subject matter: Interpretation of 'Active request for account information'
Question: How should 'active request for account information' by a Payment Service User (PSU) be interpreted the wording of article 36(5)(a)(b) of the RTS SCA?
Background on the question: Account servicing payment service providers (ASPSPs) want to offer the best customer experience, however also needs clarity what an active request for information of the PSU actually is (as these are not part of the 4x a day limitation). Currently it is unclear which actions a customer needs to do (i.e. only opening the app or to swipe/push a button in the app) are needed to update the information showed in the account information overview.
The implications are mainly around the resources involved with increasing bandwidth of IT infrastructure. A liberal interpretation of the concept of an ‘active request’ implies more requests/traffic to the API and, thus it is expected by our engineers, a higher infrastructure bandwidth would be required. A liberal interpretation might in example be that opening up an AIS app by a user is already an active request to refresh his/her AIS information – rather than having to perform a separate in app action like hitting a refresh button.
Submission date: 30/07/2018
Final publishing date: 14/12/2018
Final answer: Article 36(5)(b) of Commission Delegated Regulation (EU) 2018/389 states that the Account Information Service Provider (AISP) shall be able to access the relevant and necessary information from the account servicing payment service provider (ASPSP) “whenever the payment service user (PSU) is actively requesting such information”. The reference to ‘active request’ refers to the PSU being in session at the time of the request and proactively performing an action, predefined by the AISP, to request such information. It does not include the case where the PSU has given a mandate to an AISP to access whenever possible or the case where the AISP is mandated to refresh automatically the information whenever the PSU is accessing the AISP application(s).
Status: Final Q&A
Answer prepared by: Answer prepared by the EBA.

Disclaimer

The Q&A refers to the provisions in force on the day of their publication. The EBA does not systematically review published Q&As following the amendment of legislative acts. Users of the Q&A tool should therefore check the date of publication of the Q&A and whether the provisions referred to in the answer remain the same.

Organisation and governance

Legal and policy framework

Careers

Supervisory convergence

Direct supervision and oversight

Information for consumers

Ad hoc activities

Risk analysis

Reporting frameworks

Data

Publications

Media centre

Disclaimer