Outdated browser

You are using an outdated browser. DNB.nl works best with:

16 July 2019 Supervision Supervision label Q&A

Question 1

If a bank's customers requests their bank to share their payment data with a third party such as an accounting firm, do such services qualify as activities requiring a licence under PSD2 service 8? In providing such services, is the bank allowed to use the API developed for use under the PSD2?

 

Question 2

If an account holder authorises through their bank a third party such as an accounting firm to initiate payments, does such a service qualify as PSD2 service 7? In providing such services, is the bank allowed to use the API developed for use under the PSD2?


Answer 1

No, sharing payment data with a third party at the request of a bank's customer does not qualify as service 8. This is because account information services subject to a licence requirement referred to as PSD2 service 8 involve an account holder requesting a third party to retrieve and process data from their bank on their behalf without the account holder informing the bank about this or instructing it to do so. Such third parties must be licensed as payment institutions by DNB.

The bank may choose its own method of communicating with the third party to share the payment data at the customer's request. It may use a dedicated technical link for that aim under its own responsibility. But it is also allowed to use the API developed for use under the PSD2.

The regular requirements for sound and ethical operational management apply, which is why the bank must safeguard a secure connection with the third party. Unlike activities requiring a licence under PSD2 service 8, a bank itself must weigh the interests involved in considering whether it wishes to provide these services to third parties that are not subject to a licence requirement.

 

Answer 2

No, if an account holder requests their bank to authorise a third party such as an accounting firm to initiate payments through a dedicated channel, this does not qualify as service 7. This is because PSD2 service 7 involves an account holder requesting a third party to initiate a payment from their bank account on their behalf. There is no need for the account holder to request their bank to authorise the third party. The bank may use a dedicated technical link if an account holder requests their bank to authorize a third party to initiate paymenst. But it is also allowed to use the API developed for use under the PSD2 for that aim.

Again, the regular requirements for sound and ethical operational management obviously apply, and the bank must safeguard a secure connection with the third party. Unlike activities requiring a licence under PSD2 service 7, a bank itself must weigh the interests involved in considering whether it wishes to provide these services to third parties that are not subject to a licence requirement.

sector

  • Banks
  • Electronic money institutions
  • Exchange transaction
  • Payment institutions