Account information services and payment initiation services
The PSD2 establishes and regulates two new activities associated with the execution of online payments and access to payment accounts:
- Payment Initiation Service (PIS): users can initiate a payment order online (for example when buying online) without having to interact directly with their account’s payment service provider. The payment initiation service provider (engaged to provide this service) will access the account and initiate the transaction on behalf of the payer. Under the PSD2, a payment service provider providing and maintaining a payment account for a payer is called Account Servicing Payment Service Provider (ASPSP). Payment Initiation Service Providers (PISPs) only have access to the information that is absolutely necessary to execute the payment in question, and always with the payer’s explicit consent.
- Account Information Service (AIS): enables users (consumers and enterprises) to consolidate, for instance in a single app, information on their payment accounts that are accessible online held with one or more payment service providers (usually banks). The services provided by Account Information Service Providers (AISPs) give users an overall view of their financial situation, even if they hold accounts with different institutions and in different Member States.
To supplement the PSD2, the European Banking Authority has drawn up a set of regulatory technical standards (RTS) establishing common and secure open standards of communication, which were officially published as the Commission Delegated Regulation (EU) 2018/389 of 27 November 2017. These standards are directly applicable in all Member States from 14 September 2019 onwards, with both AISPs and PISPs having to apply the rules of access to payment accounts in full.
According to the regulatory technical standards, each ASPSP with payment accounts that are accessible online should offer at least one access interface enabling secure communication with AISPs and PISPs.
For that purpose, each ASPSP may decide whether to develop a dedicated interface, such as an Application Programming Interface (API), or to allow the use of the existing interface for the identification and communication with its payment service users, i.e. the user’s interface (homebanking or app, for instance).
Should the ASPSP opt for a dedicated interface, it may be exempted from the provision of a fallback mechanism if the dedicated interface complies with all the required conditions.
Exemption from the fallback mechanism
Banco de Portugal may exempt ASPSPs from the obligation to set up such a fallback mechanism, provided that dedicated interfaces meet all of the following conditions:
- their levels of service, availability and performance are similar to those of the customers’ interface;
- they have been designed and tested to the satisfaction of the AISPs and PISPs;
- they have been widely used for at least 3 months by AISPs and PISPs;
- any problem brought forward by AISPs and PISPs has been resolved without undue delay.
In the event that the exempted dedicated interfaces fail to comply with the required conditions, the granted exemptions mat be revoked.
On 4 December 2018 the EBA published the Guidelines on the conditions to benefit from an exemption from the contingency mechanism under Article 33(6) of Regulation (EU) 2018/389, detailing the conditions that ASPSPs must meet in order to be exempted from the obligation to set up a fallback mechanism in place according to the RTS.
Prior to granting exemptions Banco de Portugal must consult the EBA to ensure a consistent application of the assessment criteria by all national competent authorities.
Portuguese ASPSPs that wish to benefit from the exemption must send their application to Banco de Portugal in a timely manner. For that purpose, ASPSPs must fill in the following forms (in Portuguese only):
- Assessment of communication interfaces;
- Assessment of dedicated communication interfaces on the conditions to benefit from an exemption from the contingency mechanism.
ASPSPs whose dedicated interfaces are exempted from setting up the contingency mechanism by Banco de Portugal, under the terms of Article 33(6) of Commission Delegated Regulation (EU) 2018/389, are listed here.
The EBA has published on its website a set of questions and answers on the PSD2 as well as several clarifications provided by the EBA working group on APIs under PSD2.