The European Banking Authority has published a Consultation on “Draft Guidelines on the information to be provided for … authorization as [a] payment institution [or] e-money institution and for the registration as [an] account information service provider“.
The EBA’s draft Guidelines specify:
- the types of information that applicants are required to submit, to meet the requirements in the second Payment Services Directive; and
- information requirements in respect of the process applicants must have in place to file, monitor, track, and restrict access to, sensitive payment data; their business continuity arrangements; internal anti-money laundering controls and other matters.
The Guidelines will apply in full to payment and e-money institutions. Only some, or some parts, of the Guidelines will apply to account information service providers and payment initiation service providers.
The deadline for submission of comments is 3 February 2017.
Why does this matter?
Articles 5 to 11 of PSD2 give us some idea, and these Guidelines give us a better idea, what an application for authorisation as a payment institution, an account information service provider or a payment initiation service provider, will have to include. This makes them sound as if they’re only likely to be of interest to applicants, rather than existing authorisation holders – but that’s not necessarily true. For example, this information is part of, and it reflects, the minimum conditions that must be met to secure an authorisation. So it has the potential to form part of the conditions for granting authorisation which, if not continuously met, could lead to the withdrawal of an authorisation too (see article 13(1)(c)). The consultation might therefore be of interest to existing authorisation holders as well.