Applications under PSD2

PSD2 makes some important changes to the scope of regulation in the UK. Read more about the new information firms will have to provide, both when we authorise or register them and if they are currently authorised or registered.

Authorisation and registration requirements under PSD2

PSD2 has been implemented in the UK through the Payment Services Regulations 2017 (PSRs 2017). We issued a consultation to reflect the Treasury’s new regulations in April 2017. This included some proposals relating to authorisation, and changes to our perimeter guidance to throw further light on the specific types of business and activity that will need to be authorised or registered under PSD2. We issued a smaller, follow-up consultation on certain authorisation and registration forms under PSD2 in July 2017. We published our Policy Statement in September 2017 confirming the revised Approach Document and Handbook changes following consultation feedback.

New applications for authorisation or registration

Firms can apply to be authorised or registered under the PSRs 2017, or the Electronic Money Regulations (EMRs) as amended by the PSRs 2017 from 13 October 2017. Find out more on how to prepare for PSD2 if you want to become, or you are already a payment institution or an e-money Institution.

New information required at authorisation

Prospective payment and e-money institutions, applying under the PSRs 2017 and amended EMRs respectively, will have to provide more information than they do currently, including:

  • Procedures for incident reporting.
  • Processes in place to file, monitor, track and restrict access to sensitive payment data.
  • Principles and definitions they apply for collecting statistical data on performance, transactions and fraud.
  • Arrangements for business continuity and the procedure for testing and reviewing these plans.
  • Security policy, including risk assessment and mitigation measures to adequately protect payment service users against identified risks, including fraud and illegal use of sensitive and personal data.
  • Description of checks on agents and branches.
  • Professional indemnity insurance held (for firms that propose providing account information or payment initiation services).

Security requirements for providers of account information or payment initiation services seeking authorisation or registration under Payment Services Directive 2 (PSD2)

European Banking Authority (EBA) guidelines

The EBA has developed guidelines for competent authorities on the exact information required for applicants to become authorised payment institutions and authorised e-money institutions. This also applies to firms which only provide account information services who will be able to seek registration, and will have to provide us with less information than firms which seek full authorisation.

Guidelines on the information to be provided for the authorisation as payment institutions and e-money institutions and for the registration as account information service providers 

Information requirements and transitional provisions for existing firms

PSD2 contains transitional provisions to allow existing authorised payment institutions, authorised e-money institutions and small e-money institutions to continue to provide payment services and issue e-money until 12 July 2018. If these firms want to carry on providing payment services after this date, they must have provided us with the information set out above before 13 April 2018.

Existing small payment institutions may carry on their activities until 12 January 2019. If they want to continue providing these services after this date then they will have to apply to us before 13 October 2018 and give us any relevant information we request if they have not already done so.

Key dates for existing firms authorised/registered under PSD1

Firm type

Can provide new information from:

Must provide new information by:

... in order to continue providing payment services on or after:

Authorised payment institutions 

13 October 2017

13 April 2018

13 July 2018

Authorised e-money institutions (Authorised EMIs)

13 October 2017

13 April 2018

13 July 2018

Small e-money institutions
(Small EMIs)

13 October 2017

13 April 2018

13 July 2018

Small payment institutions
(Small PIs)

13 October 2017

13 October 2018

13 January 2019