10 answers for banks, EMIs & PIs that (may) have to comply.
1. Am I within the scope of PSD2?
As a financial institution, a bank with a full banking license, a payment institution or an e-money institution, ask yourself the following: Are my accounts payment accounts?
2. What if my payment accounts aren’t yet accessible online?
The final PSD2 implementation date is September 14, 2019. If your online access is not yet live, you have nine months to get your dedicated interface running before it launches.
3. What are the key elements of PSD2 implementation?
Sandbox: A testing facility that you make available to Third Party Providers (TPPs) six months prior to the interface’s launch (nine months prior with an exemption)
Exemption: Optional Fallback Exemption, requested from the National Competent Authority (CSSF in Luxembourg), lets you avoid contingency measures if the dedicated platform is not available in time (see # 9 below)
Production Environment: Gives TPPs’ access to Payment Service User (PSU) accounts
Developer Portal: Assists TPPs with technical integration
4. What are my implementation options?
Develop your own PSD2 connectors: this gives you full control but requires substantial resources, expertise & maintenance
Use a shared PSD2 platform: offered by an external provider, this shared platform lowers implementation & maintenance costs & brings together diverse PSD2 expertise. However, you rely on an external provider.
5. What is a typical PSD2-compliant product?
A PSD2-compliant financial institution offers specific technical components:
- An API gateway that’s accessible to TPPs
- An authentication & consent management module
- A developer portal
- Publicly available statistics & KPIs
The features of FINOLOGEE’s PSD2 for Banks solution facilitate those components:
- A high-performance environment for API access management
- An authentication stack that implements third-party solutions & consent management
- Implementation of multiple standards (STET, Berlin Group & UK Open Banking)
- Exhaustive third-party documentation
- A developer/TPP sandbox
6. Do I have to provide KPI reporting & TPP assistance?
Yes, you should assist TPPs with any technical question & openly publish KPIs to allow performance comparisons between your interface & your PSD2 dedicated interfaces. FINOLOGEE provides, on your behalf, technical support to the TPPs working on the implementation of the APIs available through your platform. Our team helps them problem solve & supplies additional information. We also manage KPI data, displaying it clearly & efficiently to financial institutions.
7. What are my obligations when outsourcing my PSD2 API to a PFS?
As a regulated entity, PSD2 requires that you outsource to a Professional of the Financial Sector (PFS) regulated in Luxembourg, such as FINOLOGEE. We have a double “PSF de Support” license (Art 29-1 & 29-4) & are supervised by Luxembourg’s regulatory authority, the CSSF. As a Luxembourg-based FinTech & RegTech specialist, FINOLOGEE offers a Software-as-a-Service solution (SaaS) for financial institutions to become PSD2-compliant. If you choose to outsource your PSD2 dedicated interface solution to FINOLOGEE, all you have to do is send a notification to your National Competent Authority (NCA).
8. Does PSD2 only cover technical requirements?
Nope. Ever since the PSD2 appeared on ASPSP’s agenda, FINOLOGEE has worked closely with the Big Four & law firms to address market needs. We contribute our software solution, while advisory firms facilitate implementation pilot projects. On top of this optional project management & coordination, the role of advisory firms can extend to software & solution architecture, testing, infrastructure implementation & managed services; as well as fallback exemption requests & outsourcing notifications. They also conduct gap & impact analysis, including change management advise based on PSD2-driven adaptations.
9. What exactly is a fallback exemption request?
As a financial institution within the scope of PSD2 that provides a dedicated interface (API) to third-party AISPs & PISPs, you should consider applying for the fallback exemption to avoid letting these third-party providers use your standard web banking should your API be unavailable. An application file containing the following should be submitted to the regulator:
- An assessment stating that the dedicated platform meets RTS obligations (Article 32)
- Comparisons between the availability & performance of the dedicated interface & those of your own client interface
- Clarification on how the “widely used” condition is met by third-party providers
FINOLOGEE provides you all the information needed to demonstrate that the platform meets KPI & .
10. How long will it take me to become PSD2 compliant?
It takes two weeks to deploy the testing facility for TPPs once we receive your initial feedback & three months to deploy the production environment, assuming a clearly defined SCA method, standard protocol & relationship between the financial institution & FINOLOGEE.
Communicated by Finologee
Publié le 09 octobre 2019