Find out more about new regulated payment service activities.
As part of promoting the development and use of innovative online payment services, PSD2 brings two types of payment services activity under regulation for the first time - account information and payment initiation services.
Providers of payment accounts accessible on-line must allow third-party providers to access user accounts (with the user's explicit consent). These third parties – providers of account information services (AISPs) and payment initiation services (PISPs) - will be regulated under PSD2 with corresponding permissions and obligations.
Account Information Services
Under PSD2 an ‘account information service’ is an online service which provides consolidated information to a payment service user on one or more payment accounts held by that payment service user with other payment service providers. These services already exist in the UK.
Payment Initiation Services
Under PSD2, a ‘payment initiation service’ is an online service to initiate a payment order at the request of a payment service user from a payment account held at another payment service provider with the user’s consent and authentication.
The new rules bring payment initiation services within the scope of regulation. They ensure that PISPs receive access to payment accounts and place requirements on them to ensure security for users. PSD2 will:
- bring PISPs within the scope of regulation
- ensure that AISPs can receive access to payment accounts
- place requirements on PISPs to ensure security for users
Our role in regulating AIS and PIS providers
We are responsible for ensuring AISPs and PISPs are registered or authorised. For businesses that only carry on account information services, there is an option to become a ‘registered account information service provider’. These providers have no capital requirements and need to meet fewer conditions than authorised firms. Businesses that provide payment initiation services must be authorised and must have a minimum of €50,000 in initial capital (or higher if they provide certain other payment services). Both AISPs and PISPs have to hold professional indemnity insurance (PII). The EBA has developed Guidelines on PII.
Providing access to customers’ payment accounts for providers of AIS and PIS
Businesses that provide ‘payment accounts’ that are accessible online to their customers will have to give AISPs and PISPs access to these accounts, with the user’s consent and authentication. Under PSD2, providers of payment accounts are referred to as ‘account servicing payment service providers’ (ASPSPs).
Expectations for the third party access provisions in PSD2
The European Banking Authority has developed regulatory technical standards that introduce standards for common and secure communications between ASPSPs and AISPs or PISPs. These technical standards are expected to take effect from September 2019. We issued a joint communication with the Treasury which sets out our expectations of firms in the pre-RTS period.
The joint communication also reflects our views around the use of application programming interfaces (APIs) standards, such as those being developed by the Open Banking Implementation Entity, as the basis on which secure access to payment accounts could be provided in future.