If an account holder authorises through their bank a third party such as an accounting firm to initiate payments, does such a service qualify as PSD2 service 7? In providing such services, is the bank allowed to use the API developed for use under the PSD2?
No, if an account holder requests their bank to authorise a third party such as an accounting firm to initiate payments through a dedicated channel, this does not qualify as service 7. This is because PSD2 service 7 involves an account holder requesting a third party to initiate a payment from their bank account on their behalf. There is no need for the account holder to request their bank to authorise the third party. The bank may use a dedicated technical link if an account holder requests their bank to authorize a third party to initiate paymenst. But it is also allowed to use the API developed for use under the PSD2 for that aim.
Again, the regular requirements for sound and ethical operational management obviously apply, and the bank must safeguard a secure connection with the third party. Unlike activities requiring a licence under PSD2 service 7, a bank itself must weigh the interests involved in considering whether it wishes to provide these services to third parties that are not subject to a licence requirement.
If a bank's customers requests their bank to share their payment data with a third party such as an accounting firm, do such services qualify as activities requiring a licence under PSD2 service 8? In providing such services, is the bank allowed to use the API developed for use under the PSD2?
No, sharing payment data with a third party at the request of a bank's customer does not qualify as service 8. This is because account information services subject to a licence requirement referred to as PSD2 service 8 involve an account holder requesting a third party to retrieve and process data from their bank on their behalf without the account holder informing the bank about this or instructing it to do so. Such third parties must be licensed as payment institutions by DNB.
The bank may choose its own method of communicating with the third party to share the payment data at the customer's request. It may use a dedicated technical link for that aim under its own responsibility. But it is also allowed to use the API developed for use under the PSD2.
The regular requirements for sound and ethical operational management apply, which is why the bank must safeguard a secure connection with the third party. Unlike activities requiring a licence under PSD2 service 8, a bank itself must weigh the interests involved in considering whether it wishes to provide these services to third parties that are not subject to a licence requirement.
There are two new regulatory developments of relevance to banks regarding their crypto asset exposures. Firstly, the Capital Requirements Regulation 3 (CRR3) includes a transitional regime on banks’ direct crypto asset exposures.
Read more New rules for the crypto exposures of banks
The final texts of the Capital Requirements Regulation 3 (CRR3) and the Capital Requirements Delegation 6 (CRD6) were published on 19 June 2024. With this new banking package, the final Basel 3 reforms are implemented in the European Union.
Read more Publication new banking package CRR3/CRD6
On June 6th, DNB started the public consultation of the 2024 amendment round of the Deposit Guarantee Scheme (DGS) Policy Rules for banks. Parties are requested to submit responses to the consultation to DNB by 19 July at the latest.
Read more Start consultation amendments DGS Policy Rules 2024
This week, the European Supervisory Authorities (EBA, EIOPA and ESMA – ESAs) have published their final reports on greenwashing in the financial sector.
Read more European Supervisory Authorities publish reports on greenwashing in the financial sector
