EBA Proposes to Amend Open Standards Under PSD2

The proposed amendments to the regulatory technical standards on strong customer authentication and secure communication under the Payment Services Directive (PSD2) aim to address a number of issues in the application of 90-day exemption from strong customer authentication for account access; this is particularly so in cases where account servicing payment service providers have not made use of the exemption and request strong customer authentication for each account access, or where they request strong customer authentication more frequently than every 90-days, as allowed by the regulatory standards. To address the impact of these identified issues on account information service providers’ services, EBA is proposing to introduce a new mandatory exemption from strong customer authentication for the specific use case when the access is done through an account information service provider that is subject to certain safeguards and conditions aimed at ensuring the safety of the customer data. For the other separate case where customers access the data directly, EBA is proposing to retain the exemption in Article 10 to be voluntary as is currently the case, as no specific issues have been identified in such cases. However, to ensure a level playing field among all payment service providers, EBA is also proposing to extend the 90-day timeline in Article 10 of the regulatory standards for the renewal of strong customer authentication to the same 180-day period for the renewal of strong customer authentication when the account data is accessed through an account information service provider. 

The opinion on treatment of client funds under the DGS Directive delivers on the request to submit a final report with recommendations and aims to inform the European Commission’s proposals for a revised DGS Directive, which the European Commission intends to publish in the fourth quarter of 2021. It should be noted that the opinion does not concern the much more prevalent cases, when depositors place their funds directly with a bank, including instances when financial institutions place their own funds with a bank. In its assessment on fund protection, EBA observed that there are discrepancies in relation to the protection of client funds by DGSs across the European Union and within the member states, depending on what sort of entity deposits them on behalf of its clients. Thus, in its opinion, EBA recommends the European Commission to

• Clarify the DGS Directive to ensure that client funds deposited with a credit institution by other credit institutions, payment institutions, e-money institutions and investment firms are covered by a DGS in case the credit institution holding client funds were to fail,
• Include a definition of client funds specifying that it includes funds deposited by entities on behalf of their clients, to provide clarity on the distinction between the own liquidity of the entity placing a deposit and the funds placed on behalf of clients.
• Clarify the Directive to ensure that, in principle, client funds placed by entities that are currently excluded from coverage under Article 5(1) of the Directive and are not already captured in this opinion are also covered.
• Clarify, in the Directive that, where national law allows, DGSs are free to choose whether to reimburse funds in beneficiary accounts directly to the ultimate beneficiaries or to the beneficiary account of the account holder in another credit institution.
• Ensure that client funds are taken into account when calculating contributions to DGS funds, with details to be set out in a revision of the EBA Guidelines on methods for calculating contributions to DGSs.

Related Links

• Press Release PSD2 Consultation
• Press Release on DGSD2 Opinion

Comment Due Date: November 25, 2021

Keywords: Europe, EU, Banking, DGSD, PSD2, Own Funds, Regulatory Capital, Basel, Open Banking, EBA