Question ID
2021_5763
Legal act
Directive 2015/2366/EU (PSD2)
Topic
Strong customer authentication and common and secure communication (incl. access)
Article
Article 98
COM Delegated or Implementing Acts/RTS/ITS/GLs/Recommendations
Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
Article/Paragraph
Article 32.3
Type of submitter
Competent authority
Subject matter
Obstacle to the provision of payment initiation and account information services
Question

Should Article 32.3 of Regulation (EU) 2018/389, read together with paragraphs 33 to 41 of the Opinion of the European Banking Authority on obstacles under Article 32(3) of the RTS on SCA and CSC, be interpreted so as to consider that interface implementations that require, in a redirection approach, Payment Initiation Services Providers (PISPs) to always transmit the payer’s IBAN to initiate a payment order, are an obstacle to the provision of payment initiation services because the payment service user is required to manually enter their IBAN while in the PISP’s domain? Should Article 32.3 of Regulation (EU) 2018/389 be interpreted identically where the interface implementations require Account Information Service Providers (AISPs) to always transmit the IBAN(s) of the account(s) to be accessed, therefore requiring the payment service user to manually enter their IBAN(s) while in the AISP’s domain?

Background on the question

The European Banking Authority clarified in paragraph 34 of its Opinion on obstacles to the provision of third party provider services under PSD2, EBA/Op/2020/10, of 4 June 2020 that interface implementations that, in a redirection approach, require Payment Service Users (PSUs) to manually input their IBAN into the Account Servicing Payment Service Provider (ASPSP)’s domain in order to be able to use AISPs/PISPs services, are an obstacle. There are ASPSPs that are of the view that paragraphs 33 to 41 of this EBA Opinion cannot be construed as prohibiting interface implementations that require Third Party Providers (TPPs) to provide the IBAN for either or both AIS or PIS purposes. These ASPSPs are of the view that such interface implementations, which cause both PISPs and AISPs to have to request manual IBAN entry from PSUs into their own domain, do not create an obstacle within the meaning of Article 32.3 of Regulation (EU) 2018/389. The EBA should clarify the existence or inexistence of an obstacle for Payment Initiation Services (PIS) and Account Information Services (AIS) journeys separately.

Submission date
Final publishing date
Final answer

Directive 2015/2366/EU (PSD2) and the Commission Delegated Regulation (EU) 2018/389 do not require payment service users (PSUs) to enter the international bank account number (IBAN) manually into the domain of payment initiation service providers (PISPs) or account information service providers (AISPs) when executing a payment initiation service or an account information service respectively.

Article 32(3) of the Delegated Regulation prescribes that ‘account servicing payment service providers that have put in place a dedicated interface shall ensure that this interface does not create obstacles to the provision of payment initiation and account information services’.

Q&A 2019_4854 clarified that account servicing payment service providers (ASPSPs) ‘should not reject the requests received from PISPs in a redirection or decoupled approach, simply because the PISP has not transmitted to the ASPSP the relevant account details’.

In accordance with the requirement of Article 36(1)(a) of the Delegated Regulation and the clarification provided in paragraph 34 of the EBA Opinion on obstacles under Article 32(3) of the RTS on SCA and CSC (EBA/OP/2020/10), the same principle applies to the provision of account information services.

Accordingly, ASPSPs should not reject the requests received from AISPs simply because the AISP has not transmitted to the ASPSP the relevant account details.

Status
Final Q&A
Answer prepared by
Answer prepared by the EBA.

Disclaimer

The Q&A refers to the provisions in force on the day of their publication. The EBA does not systematically review published Q&As following the amendment of legislative acts. Users of the Q&A tool should therefore check the date of publication of the Q&A and whether the provisions referred to in the answer remain the same.