Response to consultation on the Guidelines on the criteria on how to stipulate the minimum monetary amount of the professional indemnity insurance under PSD2
Go back
• The two examples provided by the EBA in section 3.2.8 on how to apply the formula foresee the coverage of about 30% to 50% of the annual transaction volume. In our opinion, PISPs should be obliged to cover at least a minimum of 50% of their transaction volume.
• Regarding the subjective scope of these Guidelines, PIIs should not be limited to PISP and AISP but extended to payment service providers issuing card-based payment instruments for obtaining the availability of funds from the ASPSP. These providers will issue direct debit requests for obtaining a transfer of funds. This activity might be as risky as any other payment transaction and should also be covered.
• According to article 71 of PSD2, in case of an unauthorized or incorrectly executed transaction, payment service users must notify “without undue delay on becoming aware of any such transaction giving rise to a claim, including that under article 89, and no later than 13 months after the debit date”. Therefore, the EACB believes that PII must be valid at least 13 months after the last transaction or account information request.
• Finally, it would also be useful to clarify whether a PII is required also from credit institutions providing PIS or AIS or both. Currently, credit institutions are required to take such risks into account within the framework of their operational risk management and solvency requirement for operational risk. In any event, the EACB would like to stress that overlapping requirements should not be imposed.
Question 1: Do you agree with the requirement that competent authorities require undertakings to review, and if necessary re-calculate, the minimum monetary amount of the PII or comparable guarantee, and that they do so at least on an annual basis, as proposed in Guideline 8?
The EACB considers that it is not possible to have the certainty that the total amount of damages will not exceed the minimum monetary amount of the professional indemnity insurance (PII), especially if the forecasted number of transactions of a new Payment Initiation Service Provider (PISP) is lower than the processed volume and a major incident occurs. Therefore, PISPs should have to adapt the insurance value to its transaction volume more often than once a year.Question 2: Do you agree with the formula to be used by competent authorities when calculating the minimum monetary amount of the PII or comparable guarantee as proposed in Guideline 3? Please explain your reasoning
The EACB partially agrees with the formula to be used by competent authorities when calculating the minimum monetary amount of the PII. Please, find below specific comments on some of the indicators that are used to calculate the amount for each criterion.Question 3: Do you agree with the indicators under the risk profile criterion and how these should be calculated, as proposed in Guideline 5? Please explain your reasoning.
The EACB does not fully agree with the indicators under the risk profile criterion. Particularly, we consider that the value of historical complaints received during the last 12 months is not necessarily an indicator of the number of complaints in the future.Question 4: Do you agree how the indicators under the type of activity criterion should be calculated, as proposed in Guideline 6? Please explain your reasoning.
The EACB has no specific comments to make on the calculation of the indicators under the type of activity criterion.Question 5: Do you agree how the indicators under the size of activity criterion should be calculated, as proposed in Guideline 7? ? Please explain your reasoning
According to paragraph 7.3, new PISP/AISP (i.e. those that have not been offering their services during the last 12 months) are required to use forecasted values (i.e. number of all transactions initiated/number of clients forecasted) to calculate the size of their activity. For that purpose, PISP/AISP have to use the values as forecasted in the business plan and/or programme of operations that they are required to present as part of their applications for authorization/registration. The EACB considers that this method of calculation which is described in paragraphs 7.3 and 7.4 of Guideline 7 does not ensure that the forecasted value will cover the real value of the transactions. Instead, we would like to propose the use of the average number of all transactions initiated (for PISP) or the average number of clients (for AISP) during the last 12 months of similar operators (having same characteristics) in the relevant market.Question 6: Do you think the EBA should consider any other criteria and/or indicators to ensure that the minimum amount is adequate to cover the potential liabilities of PISPs/AISPs in accordance with the Directive? Please explain your reasoning.
The EACB has no specific comments to make in the framework of this question.Question 7: Do you have any other comments or suggestions that you think the EBA should consider in order to ensure that the minimum amount is adequate to cover the potential liabilities of PISPs/AISPs in accordance with the Directive? Please explain your reasoning.
The EACB would like to make the following comments to ensure that PIIs cover all potential liabilities of third-party providers in accordance with PSD2:• The two examples provided by the EBA in section 3.2.8 on how to apply the formula foresee the coverage of about 30% to 50% of the annual transaction volume. In our opinion, PISPs should be obliged to cover at least a minimum of 50% of their transaction volume.
• Regarding the subjective scope of these Guidelines, PIIs should not be limited to PISP and AISP but extended to payment service providers issuing card-based payment instruments for obtaining the availability of funds from the ASPSP. These providers will issue direct debit requests for obtaining a transfer of funds. This activity might be as risky as any other payment transaction and should also be covered.
• According to article 71 of PSD2, in case of an unauthorized or incorrectly executed transaction, payment service users must notify “without undue delay on becoming aware of any such transaction giving rise to a claim, including that under article 89, and no later than 13 months after the debit date”. Therefore, the EACB believes that PII must be valid at least 13 months after the last transaction or account information request.
• Finally, it would also be useful to clarify whether a PII is required also from credit institutions providing PIS or AIS or both. Currently, credit institutions are required to take such risks into account within the framework of their operational risk management and solvency requirement for operational risk. In any event, the EACB would like to stress that overlapping requirements should not be imposed.