Response to consultation on the Guidelines on the criteria on how to stipulate the minimum monetary amount of the professional indemnity insurance under PSD2
Go back
The objective for both AIS and PIS is to control the fraud risk, which depends on:
i) the number of accounts that are accessible
ii) but also, on the financial capacity of the account holders, where the AIS has to retrieve information from and has access to. The risks for low financial level on accounts or high financial saving account are not the same. This is not reflected in the PII minimum monetary amount formula.
We ask EBA to consider:
Value of indemnity received
• In §45, §46, §47 the EBA guideline refers to the number of claims received from payment service users and ASPSPs.
We consider the value of the indemnity or claims received are very difficult information’s to collect for the CA.
A claim is not always related to fraud risks. A claim can be introduced for multiple reasons. How to classify the claims and to get a proper treatment between CA of different countries?
For PIS
Number of contracts
• In §54 and §55 the EBA guideline refers to the number of contracting parties.
We believe that for the PIS the number of the contracting parties (including subsidiary) is not a relevant indicator of the risk profile of the company.
Number of initiated payments
• In §57 and §58 the EBA guideline refers to the number N of initiated payments.
The driver N (number of initiated payments) and the 2.5% level in the grid (point e: slice above 1M contracts) will lead to a very high PII amount for successful PIS companies. For a PIS that would initiate hundreds of millions of payments, the PII could reach several millions €.
-> It should be capped to a maximum PII or the grid should be in line with the PSD (article 9 - Method B – cf. table) grid % i.e. 0.25% for last tier >250M€.
For AIS
Number of different payment accounts accessed
• In the 61§ and 62§ the EBA guideline refers to the number of accounts accessed.
The driver N number of accounts and the 2.5% grid (for > 10M accessed payment accounts) will lead to very high PII/comparable guarantee.
• This grid leads to too high PII costs for AIS.
Furthermore, we would also like to mention that based on current version of EBA RTS for strong customer authentication and access to account, a strong customer authentication of the consumer will be performed by the ASPSP (except in case of bilateral agreement, which should be an exception) for PIS and AIS services. This concept of strong authentication by the bank of the consumer should also significantly reduce the level of risk that an operation could be performed without the consent of the consumer. We recommend EBA considers those ‘customer authentication’ policies when determining the criteria for risk evaluation and also the value of the grid.
• §65 imposes to a Payment Institution (that has already its regulatory capital obligation computed e.g. via Method B) to add the PII/comparable guarantee for AIS or PIS services. We think that this is overestimating the necessary coverage and a too costly protection of end users affecting the tariffs of the services.
• For a Payment Institution having already regulatory obligation (as entering in possession of Third Party funds), we consider that if a PIS or AIS service is linked to the PI services, the requirement should not impose any additional PII/comparable guarantee on top of the PI regulation obligations (as it will cover twice the same transaction).
Request for Clarification
• We understand in §67 that “non-regulated services” offered on top of the AIS and/or PIS services will lead to an additional PII/comparable guarantee of 50K€ for the add-on.
But this additional amount is independent of the size of the non-regulated business compared to AIS / PIS business.
EBA should consider for PIS.
Size of activity criterion
• §70 is requesting a far too high PII/collateral amount, by asking 2.5% of the total value of the transaction initiated by PIS over the last year.
As an example: a processor that would initiate transaction like Ideal in the Netherland (currently, Ideal count for 222M initiated payments/Y, assuming an average amount of i.e. 40 Euro per initiated payment) the PII/collateral amount that would be required could reach several hundred millions euros, looking only to the lowest grid this is accounting for:
222M payment X 40€ X 2.5% = 222M€ of PII
The level of % in the grid applied on transaction value is unrealistic, as it will add cost to the PIS and will make the business unprofitable.
• It is also not in line with Method B of the PSD1, for which the last tiers is 0.25% (above 250M€ of transaction value)
EBA should consider for AIS.
• §71 results also in very high PII with the 2.5% grid of the number of clients that have used AIS in the last 12 months. This indicator (number of clients) is redundant with the indicator in §62 in the risk profile indicator (related to the number of accounts that can be accessed).
• EBA should clarify if a client that performs 10 transactions every day needs to be accounted for as “one client” or for “365 clients” or “3650 clients”?
(1) Assuming a company has already a professional indemnity insurance covering its professional activities and this coverage is above the PII amount computed for PIS /AIS.
Will it be considered as compliant?
(2) In example 1 (§80/§81) for the second term “type of activity criteria”:
Why to add 50K€, as the PIS does not intend to provide other services than the PIS?
Question 1: Do you agree with the requirement that competent authorities require undertakings to review, and if necessary re-calculate, the minimum monetary amount of the PII or comparable guarantee, and that they do so at least on an annual basis, as proposed in Guideline 8?
YES, we agree on the principle of a minimum PII.Question 2: Do you agree with the formula to be used by competent authorities when calculating the minimum monetary amount of the PII or comparable guarantee as proposed in Guideline 3? Please explain your reasoning
We partially agree with the structure of the formula (ref to §3.2.1) covering various types of risks, but we disagree with the level of % defined to determine the minimum PII amount.The objective for both AIS and PIS is to control the fraud risk, which depends on:
i) the number of accounts that are accessible
ii) but also, on the financial capacity of the account holders, where the AIS has to retrieve information from and has access to. The risks for low financial level on accounts or high financial saving account are not the same. This is not reflected in the PII minimum monetary amount formula.
Question 3: Do you agree with the indicators under the risk profile criterion and how these should be calculated, as proposed in Guideline 5? Please explain your reasoning.
NO, we disagreeWe ask EBA to consider:
Value of indemnity received
• In §45, §46, §47 the EBA guideline refers to the number of claims received from payment service users and ASPSPs.
We consider the value of the indemnity or claims received are very difficult information’s to collect for the CA.
A claim is not always related to fraud risks. A claim can be introduced for multiple reasons. How to classify the claims and to get a proper treatment between CA of different countries?
For PIS
Number of contracts
• In §54 and §55 the EBA guideline refers to the number of contracting parties.
We believe that for the PIS the number of the contracting parties (including subsidiary) is not a relevant indicator of the risk profile of the company.
Number of initiated payments
• In §57 and §58 the EBA guideline refers to the number N of initiated payments.
The driver N (number of initiated payments) and the 2.5% level in the grid (point e: slice above 1M contracts) will lead to a very high PII amount for successful PIS companies. For a PIS that would initiate hundreds of millions of payments, the PII could reach several millions €.
-> It should be capped to a maximum PII or the grid should be in line with the PSD (article 9 - Method B – cf. table) grid % i.e. 0.25% for last tier >250M€.
For AIS
Number of different payment accounts accessed
• In the 61§ and 62§ the EBA guideline refers to the number of accounts accessed.
The driver N number of accounts and the 2.5% grid (for > 10M accessed payment accounts) will lead to very high PII/comparable guarantee.
• This grid leads to too high PII costs for AIS.
Furthermore, we would also like to mention that based on current version of EBA RTS for strong customer authentication and access to account, a strong customer authentication of the consumer will be performed by the ASPSP (except in case of bilateral agreement, which should be an exception) for PIS and AIS services. This concept of strong authentication by the bank of the consumer should also significantly reduce the level of risk that an operation could be performed without the consent of the consumer. We recommend EBA considers those ‘customer authentication’ policies when determining the criteria for risk evaluation and also the value of the grid.
Question 4: Do you agree how the indicators under the type of activity criterion should be calculated, as proposed in Guideline 6? Please explain your reasoning.
NO, we disagree• §65 imposes to a Payment Institution (that has already its regulatory capital obligation computed e.g. via Method B) to add the PII/comparable guarantee for AIS or PIS services. We think that this is overestimating the necessary coverage and a too costly protection of end users affecting the tariffs of the services.
• For a Payment Institution having already regulatory obligation (as entering in possession of Third Party funds), we consider that if a PIS or AIS service is linked to the PI services, the requirement should not impose any additional PII/comparable guarantee on top of the PI regulation obligations (as it will cover twice the same transaction).
Request for Clarification
• We understand in §67 that “non-regulated services” offered on top of the AIS and/or PIS services will lead to an additional PII/comparable guarantee of 50K€ for the add-on.
But this additional amount is independent of the size of the non-regulated business compared to AIS / PIS business.
Question 5: Do you agree how the indicators under the size of activity criterion should be calculated, as proposed in Guideline 7? ? Please explain your reasoning
No, we disagreeEBA should consider for PIS.
Size of activity criterion
• §70 is requesting a far too high PII/collateral amount, by asking 2.5% of the total value of the transaction initiated by PIS over the last year.
As an example: a processor that would initiate transaction like Ideal in the Netherland (currently, Ideal count for 222M initiated payments/Y, assuming an average amount of i.e. 40 Euro per initiated payment) the PII/collateral amount that would be required could reach several hundred millions euros, looking only to the lowest grid this is accounting for:
222M payment X 40€ X 2.5% = 222M€ of PII
The level of % in the grid applied on transaction value is unrealistic, as it will add cost to the PIS and will make the business unprofitable.
• It is also not in line with Method B of the PSD1, for which the last tiers is 0.25% (above 250M€ of transaction value)
EBA should consider for AIS.
• §71 results also in very high PII with the 2.5% grid of the number of clients that have used AIS in the last 12 months. This indicator (number of clients) is redundant with the indicator in §62 in the risk profile indicator (related to the number of accounts that can be accessed).
• EBA should clarify if a client that performs 10 transactions every day needs to be accounted for as “one client” or for “365 clients” or “3650 clients”?
Question 6: Do you think the EBA should consider any other criteria and/or indicators to ensure that the minimum amount is adequate to cover the potential liabilities of PISPs/AISPs in accordance with the Directive? Please explain your reasoning.
We request EBA to explain why the PI PSD method B cannot be applied to PIS/AIS ?Question 7: Do you have any other comments or suggestions that you think the EBA should consider in order to ensure that the minimum amount is adequate to cover the potential liabilities of PISPs/AISPs in accordance with the Directive? Please explain your reasoning.
We request EBA to clarify:(1) Assuming a company has already a professional indemnity insurance covering its professional activities and this coverage is above the PII amount computed for PIS /AIS.
Will it be considered as compliant?
(2) In example 1 (§80/§81) for the second term “type of activity criteria”:
Why to add 50K€, as the PIS does not intend to provide other services than the PIS?