Information session about fit and proper assessments DNB
On Tuesday 28th May from 3:00-4:45 PM CET DNB will organize an online information session about fit and proper assessments.
Read more Information session about fit and proper assessments DNBYou are using an outdated browser. DNB.nl works best with:
Published: 12 November 2019
Wanneer is sprake van een vergunningplicht indien rekeninginformatiedienstverlening uitgevoerd wordt door met elkaar samenwerkende partijen?
Answer 1: A licence requirement applies if a party enters into a contract or agreement with an account holder for providing an account information service.
If a licensed account information service provider outsources its retrieval of payment data from an account-servicing payment service provider to a third party, then a contract or agreement will be presumed to have been concluded with the payment service user for providing account information service via the licensed account information service provider. The same applies if this party has access to or may have access to the personal payment data of the user of the payment service, or if it has a relevant security token giving access to such data. This means that the third party is also subject to a licence requirement.
Explanatory notes
Performing a PSD2 account information service upon request consists of two key elements: 1) retrieving the payment service user's payment data from the user's account-servicing payment service provider (generally a bank); and 2) providing consolidated account information to the payment service user (or to a third party, subject to a request by the payment service user. Also see Question 3). The majority of account information service providers are engaged in activities falling under both key elements. These activities can also be performed by two different parties working in collaboration.
The licence requirement applies to both parties under certain conditions.
Answer 2: The answer is yes, but only if the party retrieving the data has no access to the account holder's personal payment details or a security token providing such access. This party only provides the link to the API of the account-servicing payment service provider. It merely transmits the data of the account-servicing payment service provider to the account information service provider. A party such as this has no autonomous access to the current account. It provides a service of a purely technical nature. In this case, the account information service provider is subject to the relevant outsourcing rules pursuant to the Financial Supervision Act. These rules include provisions applying to the account information service provider or the payment initiation service provider with regard to the security of sensitive payment data. The provisions of the General Data Protection Regulation also apply to the account information service provider and the technical service provider.
Answer 3: Under certain circumstances, a third, unlicensed party may engage in the actual processing of the retrieved payment data.
The law defines an account information service as an online service for providing consolidated information on one or more current accounts held by a payment service user with one or more other payment service providers. Data is considered to be consolidated account information if the original information is retrieved from one or more current accounts by the account information service provider from the account-servicing payment service provider for a specific period of time. The account information (consisting of more-or-less raw data) can be provided to the payment service user, who may also provide the account information service provider with consent in accordance with the GDPR to transmit the information to a third party.
The legal definition of account information service does not specify the recipient of consolidated account information1.
This third party may engage in the actual processing (categorisation etc.) of retrieved payment data. In this case, the third party will fall outside the scope of PSD2 and will not be subject to a licence requirement. However, the payment service user must have concluded a contract or agreement for account information services with the other account information service provider that retrieves relatively 'raw’ data for a specific period of time at the request of the payment service user.
[1] Also see EBA Q&A 4098 Clarification on whether a particular business model type constitutes the provision of an account information service as defined by Article 4 (16) of PSD2.
On Tuesday 28th May from 3:00-4:45 PM CET DNB will organize an online information session about fit and proper assessments.
Read more Information session about fit and proper assessments DNBDe Nederlandsche Bank (DNB) is looking forward to hosting its annual seminar on the deposit guarantee scheme (DGS) with the theme “Navigating New Horizons: Exploring the Future of the Dutch Deposit Guarantee”. The seminar will be held on Wednesday 5 June 2024.
Read more Deposit guarantee scheme (DGS) seminar: “Navigating New Horizons: Exploring the Future of the Dutch Deposit GuaranteeDe Nederlandsche Bank (DNB) imposed an instruction on Triodos Bank N.V. (Triodos) on 6 March 2019. DNB found that Triodos was in non-compliance with statutory requirements in the area of customer integrity.
Read more Instruction for Triodos Bank N.V. in 2019 for failing to conduct sound and ethical operational managementHow does one bring the professional oath to life in daily practice? Representatives from the financial sector and the supervisory authorities tackled this question at the DNB seminar on the professional oath in late 2022.
Read more The professional oath in daily practiceWe use cookies to optimise the user-friendliness of our website.
Read more about the cookies we use and the data they collect in our cookie notice.