Input to Members of the European Parliament on the PSD2 RTS proposal covering banks obligations
|
|
- Hillary Knight
- 6 years ago
- Views:
Transcription
1 Input to Members of the European Parliament on the PSD2 RTS proposal covering banks obligations ESBG (European Savings and Retail Banking Group) Rue Marie-Thérèse, 11 - B-1000 Brussels ESBG Transparency Register ID October 2017
2 ESBG White Paper Input to Members of the European Parliament on the PSD2 RTS proposal and its relation to GDPR in respect of banks obligations 1. The issue: Finding the right equilibrium between security and privacy on the one hand and access to consumer data on the other hand a complicated balance between PSD2 and GDPR This White Paper aims to summarize certain challenges identified in the discussions concerning the Commission s current proposal, presented in May, for the Regulatory Technical Standard (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) for the revised Payments Services Directive (PSD2). This paper also underlines the complicated relationship between PSD2 and the General Data Protection Regulation (GDPR), which if not considered jointly can potentially lower consumer protection, decrease the level of innovation and increase the risk of fraud and misuse. To reduce risks of cyber security, PSD2 requires strong customer authentication when making electronic payments and demands secure communication interfaces between banks and Third Party Providers (TPPs). However, if the Commission s RTS proposal from May is adopted, there will be new challenges, market confusion and an increase in risks for both consumers and operators, since their proposal allows for a form of upgraded screen scraping through the introduction of a fall-back option when the dedicated interface is not working properly. In the first Payments Services Directive, two objectives were security and consumer protection. However, PSD2 contains an additional objective concerning increased innovation and competition by introducing a level playing field through TPP access to customer accounts. If it had been seen as an acceptable option to compromise the first two objectives in favour of the latter it would not have been necessary to address legacy TPP access methods (i.e. screen scraping) in the directive. Without a proper balance between these objectives, ESBG cannot see a well-functioning implementation of the directive, and therefore, we have concerns that the Commission s proposed fall-back solution does not address the security requirements as set out in the directive. Additionally, several stakeholders have expressed their disagreement with this Commission proposal. For instance, the European Banking Authority (EBA), who in a recent Opinion 1 stated that the fallback solution increases cost, fragmentation compromising the development of APIs, provides a competitive disadvantage to new entrants, a lack of improved technical reliability, incompatibility with PSD2 s security requirements, supervisory constraints, and unclear consumer understanding and consent. Similarly, consumer organisations, including BEUC 2, stated to be against what is now denominated as screen scraping. The consumer would have to give the third party their security credentials while the third party would have access to data which is not necessary for the service it is providing. In fact, in their February RTS proposal, the EBA effectively prohibited screen scraping and instead mandated the use of a dedicated interface, or Application Programming Interface (API), for the communication between the TPP and the bank. This position was welcomed by the banking industry despite the substantial investments required in these new interfaces. ESBG believes that the EBA in their RTS has achieved a fair compromise amongst the objectives in the directive, which is also possible to implement in practice, as these dedicated interfaces would especially serve the interest of consumers. 1 Op %29.pdf 2 2
3 In addition, the GDPR empowers the customer to control or restrict the information accessed by such third parties through the requirement that whoever manages personal information must receive customer or owner consent before revealing such data to third parties. The method proposed in the EBA RTS proposal requiring banks and other payment service providers to have dedicated interface solutions in place caters for such required sensitive personal information handling. This would also maintain a high level of customer protection while at the same time allowing all third parties, including TPPs, to access the payment account in line with both GDPR and PSD2. Given the points raised by the EBA in their RTS proposal, data protection equals a high level of consumer protection, and a fair balance needs to be sought. This was also raised by VP Dombrovskis in his Eurofi speech 3. The ESBG believes that with its RTS proposal the EBA has also achieved a practical compromise between the objectives in both PSD2 and GDPR. Therefore, ESBG is calling upon the Members of the European Parliament to take the interests of consumers and industry participants into account when judging the Commission s proposed RTS. 2. Screen Scraping vs. Application Programming Interface Today, TPPs mainly rely on screen scraping technology to gain access to the information held by a bank. Screen scraping is when a customer is required to provide their bank account credentials when using a TPP application, e.g. an accounts aggregator or a payment initiator. The TPP accesses the client s account through the respective customer interface (the internet bank) by logging in with the customers credentials and collects or scrapes the data. This practice is called screen scraping (see top layer in the picture on the next page). The aim of PSD2 is inter alia to regulate access to consumer accounts in a secure way. There are numerous issues to take into account in practice, such as: These providers are not regulated at all and are in fact impersonating the customers vis-à-vis the banks by requesting customers to hand over their security credentials although most banking terms and conditions prohibit customers to do so; and These providers, in fact, after logging on with the customer credentials, have access to essentially the same data a customer sees when he or she logs in to his or her internet bank; this includes data such as the customer s current and savings accounts, insurance, loans or mortgages taken out, investment and credit card accounts, joint current accounts and accounts on which the customer has a mandate. This would in almost every case include sensitive payment data. This access may also include accounts of children, parents, companies, associations and products such as pension accounts and all their related balances. Contrary to what data protection rules require, the providers would receive this access without the bank having the opportunity to ask for customer consent or to safeguard that consent was given beforehand. Due to the third-party uses of the consumers own security credentials, banks today cannot distinguish the third party providers from the customer. If the TPPs instead access clients data and services via dedicated interfaces (i.e. APIs), and not through the client s interface (i.e. screen scraping), they would need to clearly identify themselves and the bank could ensure that the TPP has been authorized by the competent authority. This would also enable banks to understand what data the TPP is mandated to access by the user (or regulation) thus strengthening the customer s ability to control which data is to be shared
4 Screen scraping prevents the customer from controlling or limiting the information accessed by a TPP. It is also difficult for a bank to track to whom the client s data is forwarded and what data is mandated by the user to access. Both are legal requirements in PSD2 that the bank needs to adhere to, and these will also be valid requirements under the GDPR from 25 May Additionally, APIs can be based around proven global standards. Banking communities are already at work developing these APIs. The industry is betting on these APIs to help the whole industry move forward, avoiding the creation of a different API by each bank and thus preventing TPPs from having to connect their user interfaces to APIs with diverse setups. This makes it even more pressing that policymakers should forego introducing exemptions and placing banks and consumers at risk just for the sake of a limited number of legacy players. In this way, a level playing field can be maintained. In its latest proposal, the European Commission seems to have instead decided to re-open the door to some form of upgraded screen scraping through the introduction of a fall-back option for cases in which the dedicated interface is not working properly. Under this proposal, banks would need to build three parallel interfaces instead of one (see diagram below). A clear missing ban of screen scraping could provide a wrong incentive to TPPs, and also banks, not to invest in a dedicated interface which at the end is contrary to the objectives of the PSD2 and GDPR. Additionally, it is not clear who would decide whether the dedicated interface is working properly or not, as this cannot reasonably be left fully in the hands of one party (the TPPs). 3. GDPR and PSD2 The method proposed in the PSD2 RTS proposal from the EBA, requiring banks and other payment service providers to have efficient dedicated interface solutions in place caters for such required 4
5 personal information handling. This would also maintain a high level of customer protection while at the same time allowing all third parties, including TPPs, to access the payment account in compliance with both GDPR and PSD2. GDPR requires that whoever manages personal information must receive customer or owner consent before revealing such data to third parties, empowering the customer to control or restrict the information accessed by such third parties. In the banking environment, this pertains to the account holder. However, we believe that the word consent is not used in a consistent manner between PSD2 and GDPR. The consent mentioned in PSD2: Art 94.2: Payment service providers shall only access, process and retain personal data necessary for the provision of their payment services, with the explicit consent of the payment service user is assumed to be different from the consent used in GDPR: Art 6.1.a: Processing shall be lawful only if and to the extent that at least one of the following applies: (a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes. Our belief is that, for payment initiation, consent relates first to consent to access the customer s payment account, subsequently consent to execute a payment (a specific amount from a specific account to a specific beneficiary) and finally consent to hold data related to the specific payment transaction. The access and the execution are here ancillary to the primary consent related to the holding of the data. Therefore, clarification is required on such aspects. In addition, GDPR is a Regulation and PSD2 is a Directive, and different Competent Authorities in each Member State handle both; and that PSD2 compliance does not imply GDPR compliance. In addition, PSD2 does not point to GDPR (as PSD2 did not exist when GDPR was negotiated) and potential fines under GDPR can be significant for banks. Therefore, a coherent application of the relevant provisions of the different pieces of legislation is required, especially between GDPR and PSD2. 4. Concerns related to data As expressed by the European Parliament 4, many FinTech developments are directly based on the innovative use of data. However, the current EU-legal framework on data is quite complicated, with several overlapping pieces of legislation. Hence, to avoid putting European FinTech actors at a competitive disadvantage, it is necessary to ensure a coherent application of the relevant provisions of the different pieces of legislation in place, such as the GDPR, PSD2, AMLD4 and the NIS Directive. In the Report, the European Parliament rightfully calls upon the Commission to take into consideration both the trends of higher data collection and use and remote verification, as well as the related risks, in particular with regard to the GDPR and the PSD2 and Know-Your-Customer rules, so as to allow for better access for consumers to cross-border FinTech services; this emphasises that data protection measures must be put in place and that consumers should be given a choice in how data is used and collected, in line with the GDPR. 4 European Parliament Report on FinTech: the influence of technology on the future of the financial sector (2016/2243(INI)) 5
6 About ESBG (European Savings and Retail Banking Group) ESBG The Voice of Savings and Retail Banking in Europe ESBG brings together nearly 1000 savings and retail banks in 20 European countries that believe in a common identity for European policies. ESBG members represent one of the largest European retail banking networks, comprising one-third of the retail banking market in Europe, with 190 million customers, more than 60,000 outlets, total assets of 7.1 trillion, non-bank deposits of 3.5 trillion, and non-bank loans of 3.7 trillion. ESBG members come together to agree on and promote common positions on relevant regulatory or supervisory matters. European Savings and Retail Banking Group aisbl Rue Marie-Thérèse, 11 B-1000 Brussels Tel: Fax : Info@wsbi-esbg.org Published by ESBG. October
PSD2 AND SECURITY ISSUES
MEMO N 08 18, RUE LA FAYETTE 75440 PARIS CEDEX 09 FRANCE TEL. : +33 (0)1 48 00 52 52 PSD2 AND SECURITY ISSUES FBF.FR/EN/HOME Draft completed 2017 ? 01 WHAT IS PSD2? What is PSD2? What issues does it raise
More informationEuropean Commission Consultation Document on Transparency and Fees in Cross-Border Transactions in the EU
European Commission Consultation Document on Transparency and Fees in Cross-Border Transactions in the EU ESBG (European Savings and Retail Banking Group) Rue Marie-Thérèse, 11 - B-1000 Brussels EU Transparency
More informationDRAFT DELEGATED REGULATION ON STRONG CUSTOMER AUTHENTICATION AND SECURE COMMUNICATION
The Consumer Voice in Europe DRAFT DELEGATED REGULATION ON STRONG CUSTOMER AUTHENTICATION AND SECURE COMMUNICATION BEUC response to EBA consultation 12/10/2016 Contact: Farid Aliyev - Jean Allix Financialservices@beuc.eu
More informationUK Finance welcome the clarity the EBA is giving on availability and performance of dedicated interfaces.
UK Finance response to EBA consultation on draft Guidelines on the conditions to be met to benefit from an exemption from contingency measures under Article 33(6) of Regulation (EU) 2018/389 (RTS on SCA
More informationComments on Chapter IV Part I Controller and processor 25/08/2015 Page 1
Comments on Chapter IV Part I Controller and processor 25/08/2015 Page 1 Bitkom represents more than 2,300 companies in the digital sector, including 1,500 direct members. With more than 700,000 employees,
More informationThe Payment Services Directive 2 Background and Content
The Payment Services Directive 2 Background and Content The Jon Bing Memorial Seminar 2017 27 April 2017 Siv Bergit Pedersen Legal counsel MNBA DNB Bank ASA Background Norway Financial Agreements Act (Finansavtaleloven)
More informationDiscussion Paper on innovative uses of consumer data by financial institutions
Datum 28 juli 2016 Referentie OD15800 NVB response to the European Banking Authority Consultation form Discussion Paper on innovative uses of consumer data by financial institutions The EBA invites comments
More informationDirk Haubrich, Nilixa Devlukia. Public Hearing, EBA, London, 25 July 2018
Draft Guidelines on the conditions to be met to benefit from an exemption from contingency measures under Article 33(6) of Regulation (EU) 2018/389 (RTS on SCA & CSC under PSD2) Dirk Haubrich, Nilixa Devlukia
More informationSWIFT Response to The European Commission s Green Paper on Retail Financial Services
SWIFT Response to The European Commission s Green Paper on Retail Financial Services 18 March 2016 SWIFT welcomes the European Commission s green paper on improving retail financial services in the EU
More informationPSD2 and Open Banking Summary of the most important lessons learned from the PSD2 workshop of June 22, 2018
PSD2 and Open Banking Summary of the most important lessons learned from the PSD2 workshop of June 22, 2018 On June 22, 2018, ICT Solutions Ltd. and Online Business Technologies held a joint international
More informationTurning the Revised Payment Services Directive into Digital Opportunity
Turning the Revised Payment Services Directive into Digital Opportunity Contents 1. Introduction 3 2. The Business Risk PSD2 Presents 4 3. The Opportunity for Value Creation 6 4. Making it Happen 7 2 Turning
More informationThe communication between Third Party Providers and Banks. PSD2 in a nutshell
www.pwc.com/psd2 The communication between Third Party Providers and Banks. What will the impact of technology be? PSD2 in a nutshell Summary The banking system is at a turning point, under the pressure
More informationOn the Way to a Europe-wide FinTech Regulatory Sandbox?
Europe-wide FinTech briefing The European Banking Federation ( EBF ) recently issued a paper recommending the creation of a sandbox, which would let companies experiment with new cross-border financial
More informationThe communication between Third Party Providers and Banks. PSD2 in a nutshell
www.pwc.ch The communication between Third Party Providers and Banks. What will the impact of technology be? PSD2 in a nutshell Summary The banking system is at a turning point, under the pressure of the
More informationChallenges and solutions
Challenges and solutions related to the entry into force of the RTS SCA on the 14 September 2019 Introduction The PSD2 and the so-called open banking are two of the most frequently discussed topics in
More informationDraft Technical Standards on standardised terminology and disclosure documents under the Payment Accounts Directive
Draft Technical Standards on standardised terminology and disclosure documents under the Payment Accounts Directive Dirk Haubrich, Tea Turcaniova Consumer Protection, Financial Innovation and Payments
More informationPSD2 IMPLICATIONS OF THE REGULATION August 8, Regina Lau, Chief Strategy Officer, Ingenico epayments Zainab Mir, Counsel Payments, Netflix
PSD2 IMPLICATIONS OF THE REGULATION August 8, 2017 Regina Lau, Chief Strategy Officer, Ingenico epayments Zainab Mir, Counsel Payments, Netflix OVERVIEW 1. PSD2 Overview Regina Lau 2. Strong Customer Authentication
More informationOpinion of the European Banking Authority on the implementation of the
EBA-Op-2018-04 13 June 2018 Opinion of the European Banking Authority on the implementation of the RTS on SCA and CSC Introduction and legal basis 1. The competence of the European Banking Authority (EBA)
More informationPSD2 is on top of our agenda
PSD2 is on top of our agenda Stating the obvious There is no do nothing option for payment service providers Even basic PSD2 compliance requires strategic choices There is a highway of opportunities The
More informationEuro Retail Payments Board (ERPB) Final Report of the ERPB Working Group on Payment Initiation Services. ERPB Meeting 29 November 2017
ERPB/2017/012 ERPB PIS 034-17 Version 1.0 15 November 2017 Euro Retail Payments Board (ERPB) Final Report of the ERPB Working Group on Payment Initiation Services ERPB Meeting 29 November 2017 ERPB PIS
More informationCOMMISSION DELEGATED REGULATION (EU) No /.. of XXX
EUROPEAN COMMISSION Brussels, XXX [ ](2017) XXX draft COMMISSION DELEGATED REGULATION (EU) No /.. of XXX supplementing Directive 2015/2366 of the European Parliament and of the Council with regard to regulatory
More informationOpen Banking PSD2, GDPR and the American Merchant
Your source for payments education Open Banking PSD2, GDPR and the American Merchant Scott Adams Evolutioneer FraudPVP Rene Pelegero President & Managing Director Retail Payments Global Consulting Group
More informationTrending: How does PSD2 trigger innovation?
Trending: How does PSD2 trigger innovation? Speakers: Nils Jung, Managing Partner, Innopay Germany Hakan Eroglu, Senior Manager Digitization in Payments & Banking, Accenture Trending: How does PSD2 trigger
More informationPublic Hearing on the Draft EBA Guidelines on Authorisation and Registration under the PSD2. Public Hearing, EBA, London, 12 December 2016
Public Hearing on the Draft EBA Guidelines on Authorisation and Registration under the PSD2 Dirk Haubrich, Laura Diez Pérez Consumer Protection, Financial Innovation and Payments, EBA Public Hearing, EBA,
More informationConsultation Paper. Draft Regulatory Technical Standards
EBA/CP/2017/09 29 June 2017 Consultation Paper Draft Regulatory Technical Standards on the criteria for determining the circumstances in which the appointment of a central contact point pursuant to Article
More informationCOMMISSION OPINION. of
EUROPEAN COMMISSION Strasbourg, 3.10.2017 C(2017) 6810 final COMMISSION OPINION of 3.10.2017 on the Recommendation of the European Central Bank for a Decision of the European Parliament and of the Council
More informationThe Second Payment Services Directive: Scoping out the impacts of the Regulatory Technical Standards
The Second Payment Services Directive: Scoping out the impacts of the Regulatory Technical Standards TABLE OF CONTENTS INTRODUCTION: A CRITICAL MOMENT FOR PSD2 KEY ASPECTS OF THE FINAL DRAFT RTS IMPACTS
More informationFinansinspektionen s response at the webb-survey, to the Commission Consultation on FinTech
FI dnr 17-4481 Finansinspektionen Box 7821 SE-103 97 Stockholm [Brunnsgatan 3] Tel +46 8 408 980 00 Fax +46 8 24 13 35 finansinspektionen@fi.se www.fi.se Finansinspektionen s response at the webb-survey,
More informationTrusted KYC Data Sharing Standards Scope and Governance Oversight
November 2017 Trusted KYC Data Sharing Standards Scope and Governance Oversight Handover Document Contents Preface... 3 Overview... 5 1 Sharing Capabilities and Interoperability... 7 1.1 Data Sharing Behaviour
More informationThe revised Payment Services Directive (PSD2)
Regulatory agenda updates The revised Payment Services Directive (PSD2) What you need to know Revised Payment Services Directive (PSD2) to increase scope, obligations, and to offer business opportunities
More informationGuidelines for PSD2 Implementation
nextdigitalbanking.com Guidelines for PSD2 Implementation Helping banks explore API strategies and options CONTENTS: Shifting mindsets and expectations Top five strategic considerations for PSD2 implementation
More informationESBG response the EC Working Paper on SEPA Migration End-date. 23 June 2010
ESBG response the EC Working Paper on SEPA Migration End-date 23 June 2010 DOC 0697/10 A. Executive summary In Year 3 of the pubic debate about a SEPA end date ESBG certainly welcomes the opportunity to
More informationGREEN PAPER. Towards an integrated European market for card, internet and mobile payments
GREEN PAPER Towards an integrated European market for card, internet and mobile payments COM/2011/0941 final Contribution to the Public Consultation, submitted by: Hellas Pay Payment Services SA Leoforos
More informationPRETA and PSD2. Access to Accounts (XS2A) PRETA All rights reserved. PRETA All rights reserved.
PRETA and PSD2 Access to Accounts (XS2A) Aims of PSD2 Access to Account PSD2 State of play PSD2 was published in EU's OJ on 23 December 2015; PSD2 comes into force 2 years later, i.e. 13 January 2018 Subject
More informationEDPS Opinion on safeguards and derogations under Article 89 GDPR in the context of a proposal for a Regulation on integrated farm statistics
Opinion 10/2017 EDPS Opinion on safeguards and derogations under Article 89 GDPR in the context of a proposal for a Regulation on integrated farm statistics 20 November 2017 1 P a g e The European Data
More informationEcommerce Europe. European in cross-border e-commerce. November 2015
Ecommerce Europe 1 Increase Policy and data market security solutions and trust to stimulate for consumers cross-border and merchants e-commerce in European in cross-border e-commerce November 2015 1 2
More informationTHE ROLE OF PUBLISHERS IN THE COPYRIGHT VALUE
The Consumer Voice in Europe THE ROLE OF PUBLISHERS IN THE COPYRIGHT VALUE CHAIN BEUC response to public consultation Contact: Agustin Reyna - digital@beuc.eu BUREAU EUROPÉEN DES UNIONS DE CONSOMMATEURS
More informationEC Paper on SEPA Governance Aspects - EPC Comments
EPC216-11 Version 0.3 Date issued: 4 July 2011 GH/HS/KR Circulation: EPC Restricted: Yes EC Paper on SEPA Governance Aspects - EPC Background An EC paper on SEPA governance aspects was distributed to the
More informationEuropean Savings Banks Group (ESBG)
EUROPEAN SAVINGS BANKS GROUP GROUPEMENT EUROPEEN DES CAISSES D EPARGNE EUROPÄISCHE SPARKASSENVEREINIGUNG DOC 0720/04 (version 1.2) Brussels, 31 August 2004 JEA European Savings Banks Group (ESBG) Response
More informationEUROPEAN ASSOCIATION OF CO-OPERATIVE BANKS The Co-operative difference : Sustainability, Profitability, Governance
Brussels, 28 November 2017 EACB s views on the Article 29 Working Party draft Guidelines on Automated individual decision-making and Profiling and on Personal data breach notification under Regulation
More informationThe Future of the Banking Industry Dialogue with the Banking Industry on ESCB Statistics
The Future of the Banking Industry Dialogue with the Banking Industry on ESCB Statistics Frankfurt, 16 March 2018 Vision Banking 2020-2025 From repair, to recovery to a financial system that creates &
More information117 shades of black within PSD2
117 shades of black within PSD2 Thoughts on PSD2 implementation from strategic and technical perspective. Preface Last 2+ years has brought a lot of changes within payment industry. It all started on October
More informationThe Open Banking PSD2 Implementation Strategies
The Open Banking PSD2 Implementation Strategies How to meet the challenge of Open Banking Introduction Open Banking is the next step in a technology evolution driven by the API economy. Technology giants
More informationNordea webinar 29/ : PSD2 Access to Accounts a game changer
Nordea webinar 29/11-2017: PSD2 Access to Accounts a game changer Brief intro setting the scene Some practicalities: 9.00-9.45 CET Webinar is being recorded - material will be uploaded to www.nordea.com/vendors
More informationEBA/RTS/2017/ December Final Report. Draft regulatory technical standards. on central contact points under Directive (EU) 2015/2366 (PSD2)
EBA/RTS/2017/09 11 December 2017 Final Report Draft regulatory technical standards on central contact points under Directive (EU) 2015/2366 (PSD2) FINAL REPORT ON CENTRAL CONTACT POINTS UNDER THE PSD2
More informationPSD 2, open banking and the value of personal data
EU Monitor Digital economy and structural change June 28, 2018 Author Heike Mai +49 69 910-31444 heike.mai@db.com Editor Jan Schildbach Deutsche Bank AG Deutsche Bank Research Frankfurt am Main Germany
More informationCouncil of the European Union Brussels, 5 October 2017 (OR. en) Mr Jeppe TRANHOLM-MIKKELSEN, Secretary-General of the Council of the European Union
Council of the European Union Brussels, 5 October 2017 (OR. en) 12947/17 COVER NOTE From: date of receipt: 4 October 2017 To: No. Cion doc.: Subject: EF 228 UEM 262 ECOFIN 793 INST 366 CODEC 1529 Secretary-General
More informationEBF POSITION - PROPOSAL FOR A REGULATION ON PROMOTING FAIRNESS AND TRANSPARENCY FOR BUSINESS USERS OF ONLINE INTERMEDIATION SERVICES COM
2 October 2018 EBF_032437 EBF POSITION - PROPOSAL FOR A REGULATION ON PROMOTING FAIRNESS AND TRANSPARENCY FOR BUSINESS USERS OF ONLINE INTERMEDIATION SERVICES COM (2018) 238 final Providers of online intermediation
More informationQuestionnaire on the Electronic Money Directive (2000/46/EC)
Questionnaire on the Electronic Money Directive (2000/46/EC) Comments of the Association Professionnelle des Emetteurs de Titres de Services (APETDS) September 2005 1/ Review of the primary goals of the
More informationConsultation on Guidelines on Internet Payments Security ( Guidelines )
14 th November 2014 European Banking Authority Tower 42 (level 18) 25 Old Broad Street London EC2N 1HQ United Kingdom Dear Sir/Madam, Consultation on Guidelines on Internet Payments Security ( Guidelines
More informationAccount Aggregation, Security, and the Future of the 360-Degree Financial View
Account Aggregation, Security, and the Future of the 360-Degree Financial View Overview This white paper outlines the essential details about account aggregation in order to help financial institutions
More informationCouncil conclusions on the EU action plan for the circular economy
Council of the EU PRESS EN PRESS RELEASE 367/16 20/06/2016 Council conclusions on the EU action plan for the circular economy The Council adopted conclusions on the action plan for a circular economy.
More informationPSD2 - Second Payment Services Directive. Information Set
PSD2 - Second Payment Services Directive Information Set PSD2: at the starting line February 2017 EBA published the final draft RTS on SCA November 2017 EC published the final RTS on SCA January 13 2018
More informationCommittee on Industry, Research and Energy Committee on the Internal Market and Consumer Protection
European Parliament 2014-2019 Committee on Industry, Research and Energy Committee on the Internal Market and Consumer Protection 28.2.2017 2016/2276(INI) DRAFT REPORT on online platforms and the digital
More informationKEYNOTE SPEECH Olivier Guersent. Making financial services deliver for consumers
KEYNOTE SPEECH Olivier Guersent 4th Joint ESAs Consumer Protection Day 16 th September 2016 Making financial services deliver for consumers Thank you Gabriel [Bernardino] for the [kind] introduction. It
More informationPSD2: An Open Banking Catalyst
PSD2: An Open Banking Catalyst Leverage Open APIs to unlock new business opportunities It is short-sighted to treat the European Union s second Payment Services Directive (PSD2) and other European regulations
More informationARTICLE 29 Data Protection Working Party
ARTICLE 29 Data Protection Working Party 17/EN WP264 rev.01 Recommendation on the Standard Application for Approval of Controller Binding Corporate Rules for the Transfer of Personal Data Adopted on 11
More informationTemplate for comments
Template for comments Public consultation on a guide to assessments of fintech credit institution license applications Institution/Company UK Finance Contact person Mr/Ms Ms First name Cicely Surname Dudley
More informationPSD2 and GDPR: An awkward match?
PSD2 and GDPR: An awkward match? PSD2 and GDPR: An awkward match? In the intersection of both rules, from a Dutch perspective If your company processes personal data of European citizens and you are also
More informationIndustry Briefing Strong authentication of Internet Payments in Europe - the new PSD2
Industry Briefing Strong authentication of Internet Payments in Europe - the new PSD2 Copyright 2015 VASCO Data Security. All rights reserved. No part of this publication may be reproduced, stored in a
More informationImplementation of the revised Payment Services Directive (PSD2): draft Approach Document and draft Handbook changes
Implementation of the revised Payment Services Directive (PSD2): draft Approach Document and draft Handbook changes The Building Societies Association response to FCA CP17/11 Restricted 8 June 2017 Introduction
More informationPSD2 TAS Open Banking
PSD2 A challenge for Banks but a huge opportunity at the same time for new services TAS Group 2017 Some highlights on PSD2 driven changes PSD2 introduces a new legal structure to payments in the EU, challenging
More informationReview of Priviti PSD2 Use Case and its positioning compared to alternative marketplace offerings
Review of Priviti PSD2 Use Case and its positioning compared to alternative marketplace offerings The revised Payment Service Directive (PDS2) is a directive focused on better integration of an internal
More informationIndependent Regulators Group Rail. IRG Rail
IRG-Rail (15) 6 Independent Regulators Group Rail IRG Rail Position Paper on the new proposals concerning governance and the award of public service contracts with a strong focus on the role of the regulatory
More informationECSG SEPA CARDS STANDARDISATION (SCS) VOLUME STANDARDS REQUIREMENTS
ECSG001-17 01.03.2017 (Vol Ref. 8.7.00) SEPA CARDS STANDARDISATION (SCS) VOLUME STANDARDS REQUIREMENTS BOOK 7 CARDS PROCESSING FRAMEWORK Payments and Cash Withdrawals with Cards in SEPA Applicable Standards
More informationPSD2 open banking for Prepaid Programme Managers. Implications and Requirements
A RegTech Company PSD2 open banking for Prepaid Programme Managers Implications and Requirements White Paper September 2018 1 Regulatory challenge in the EU In January 2018 the European Union Payment Services
More informationEUROPEAN CENTRAL BANK
C 271/10 Official Journal of the European Communities 26.9.2001 EUROPEAN CTRAL BANK OPINION OF THE EUROPEAN CTRAL BANK of 13 September 2001 at the request of the Council of the European Union on a proposal
More informationBUSINESSEUROPE views on the review of the Energy Efficiency Directive
May 2016 BUSINESSEUROPE views on the review of the Energy Efficiency Directive Key messages Being energy efficient is in the DNA of European entrepreneurs. Industry has been at the forefront of efforts
More informationEuropean Association of Co-operative Banks Groupement Européen des Banques Coopératives Europäische Vereinigung der Genossenschaftsbanken
European Association of Co-operative Banks Groupement Européen des Banques Coopératives Europäische Vereinigung der Genossenschaftsbanken EACB position paper on the technical advice of the Committee of
More informationECB-PUBLIC OPINION OF THE EUROPEAN CENTRAL BANK. of 25 July 2014
EN ECB-PUBLIC OPINION OF THE EUROPEAN CENTRAL BANK of 25 July 2014 on a proposal for a directive of the European Parliament and of the Council concerning measures to ensure a high common level of network
More informationOur position. Priorities for ensuring balance and focus in the update of the acquis
Better enforcement and modernisation of consumer protection rules Priorities for ensuring balance and focus in the update of the acquis AmCham EU speaks for American companies committed to Europe on trade,
More informationCOUNCIL OF THE EUROPEAN UNION. Brussels, 14 February ST 6490/14 Inte rinstitutional File: 2013/0255 (APP)
COUNCIL OF THE EUROPEAN UNION Brussels, 14 February 2014 ST 6490/14 Inte rinstitutional File: 2013/0255 (APP) EPPO 9 EUROJUST 38 CATS 23 FIN 117 COP 53 GAF 10 NOTE from: Presidency to: Coreper/Council
More informationJC May Joint Committee Final Report on guidelines for complaints-handling for the securities (ESMA) and banking (EBA) sectors
JC 2014 43 27 May 2014 Joint Committee Final Report on guidelines for complaints-handling for the securities (ESMA) and banking (EBA) sectors 1 Contents 1. Overview... 4 2. Feedback statement... 5 Annex
More informationJC June Joint Committee Final Report on guidelines for complaints-handling for the securities (ESMA) and banking (EBA) sectors
JC 2014 43 13 June 2014 Joint Committee Final Report on guidelines for complaints-handling for the securities (ESMA) and banking (EBA) sectors 1 Contents 1. Overview... 4 2. Feedback statement... 5 Annex
More informationPREPARING FOR PSD2: EXPLORING THE BUSINESS AND TECHNOLOGY IMPLICATIONS OF THE NEW PAYMENT SERVICES DIRECTIVE
A WHITE PAPER FROM FINEXTRA AND CA TECHNOLOGIES NOVEMBER 2017 PREPARING FOR PSD2: EXPLORING PSD2 AND UK MARKET ACTIVITY THE BUSINESS AND TECHNOLOGY IMPLICATIONS OF THE NEW PAYMENT SERVICES DIRECTIVE JANUARY
More informationSummary of contributions to the. Green Paper on retail financial services:
EUROPEAN COMMISSION Directorate-General for Financial Stability, Financial Services and Capital Markets Union Summary of contributions to the Green Paper on retail financial services: Better products,
More informationIBM Watson Financial Services
IBM Watson Financial Services Risk & Compliance Innovation Forum Adapting to a New Regulatory Environment in Europe Tim Roberts London 24 May 2017 2016 IBM Corporation Agenda for Today All financial institutions
More informationNavigating the components of Open Banking
White Paper Navigating the components of Open Banking How to create a suitable architecture Creating value from your infrastructure Open Banking will bring new challenges for lenders - their technology
More informationBrussels, 27 February 2014 COUNCIL OF THE EUROPEAN UNION 6490/1/14 REV 1. Interinstitutional File: 2013/0255 (APP)
COUNCIL OF THE EUROPEAN UNION Brussels, 27 February 2014 Interinstitutional File: 2013/0255 (APP) 6490/1/14 REV 1 EPPO 9 EUROJUST 38 CATS 23 FIN 117 COP 53 GAF 10 NOTE from: Presidency to: Council No.
More informationMarket environment and implementation timeline PSD2 in a nutshell
www.pwc.ch Market environment and implementation timeline PSD2 in a nutshell Why do we need a new Payment Services Directive (PSD)? By 13 th January 2018, Member States will have to implement the Directive
More informationNavigating the PSD2 and GDPR challenges faced by banks. Minds made for protecting financial services
Navigating the PSD2 and GDPR challenges faced by banks Minds made for protecting financial services When the financial services industry works well, it creates growth, prosperity and peace of mind for
More informationCOMMISSION DELEGATED REGULATION (EU) No /.. of XXX
EUROPEAN COMMISSION Brussels, XXX [ ](2014) XXX draft COMMISSION DELEGATED REGULATION (EU) No /.. of XXX supplementing Directive 2013/36/EU of the European Parliament and of the Council with regard to
More information15868/13 JB/mf 1 DGG 1B
COUNCIL OF THE EUROPEAN UNION Brussels, 11 November 2013 (OR. en) 15868/13 Interinstitutional File: 2013/0253 (COD) EF 216 ECOFIN 988 CODEC 2479 REPORT From: To: Subject: Presidency Council Single Resolution
More informationNavigating the PSD2 and GDPR challenges faced by banks. Minds made for protecting financial services
Navigating the PSD2 and GDPR challenges faced by banks Minds made for protecting financial services When the financial services industry works well, it creates growth, prosperity and peace of mind for
More informationFINAL REPORT ON THE DRAFT RTS AND ITS ON THE EBA REGISTER UNDER THE PSD2 EBA/RTS/2017/10 EBA/ITS/2017/ December 2017.
EBA/RTS/2017/10 EBA/ITS/2017/07 13 December 2017 Final Report on Draft Regulatory Technical Standards setting technical requirements on development, operation and maintenance of the electronic central
More informationAPI Banking. The shift to open banking
API Banking The shift to open banking The shift to open banking and move towards value added services. as the platform for compliance and beyond Open banking is set to have a major impact on the financial
More informationDATA PROTECTION KEY ISSUES OF THE PROPOSED REGULATION
DATA PROTECTION KEY ISSUES OF THE PROPOSED REGULATION 1 1. Definition of personal data The definition of personal data is key for determining the scope of the Regulation. Just because data are not linked
More informationEACH feedback on the European Commission proposal for a regulation on Further amendments to the European Market Infrastructure Regulation (EMIR)
EACH feedback on the European Commission proposal for a regulation on Further amendments to the European Market Infrastructure Regulation (EMIR) 30 th October 2017 1 1. Introduction... 3 2. ESMA Executive
More informationCommittee on Civil Liberties, Justice and Home Affairs WORKING DOCUMENT. Committee on Civil Liberties, Justice and Home Affairs
EUROPEAN PARLIAMT 2009-2014 Committee on Civil Liberties, Justice and Home Affairs 06.07.2012 WORKING DOCUMT on the protection of individuals with regard to the processing of personal data and on the free
More informationa) Certain issues would be better dealt with in national law than at Community level:
R E P U B L I C O F H U N G A R Y MINISTRY OF JUSTICE DEPUTY SECRETARY OF STATE H-1055 Budapest, Kossuth tér 4. Tel: (+36-1) 441-3743, Fax: (+36-1) 441-3742 Reference: Response to the Consultation paper
More informationPROPOSAL FOR A BETTER ENFORCEMENT AND
The Consumer Voice in Europe PROPOSAL FOR A BETTER ENFORCEMENT AND MODERNISATION OF EU CONSUMER PROTECTION RULES BEUC response to the Commission ex-post consultation Contact: Christoph Schmon consumer-rights@beuc.eu
More informationEuropean Association of Co-operative Banks Groupement Européen des Banques Coopératives Europäische Vereinigung der Genossenschaftsbanken
Brussels 4 th December 2014 Summary of EACB comments On Public Consultation Draft ECB Regulation concerning reporting on supervisory financial information Proportionality We particularly appreciate that
More informationAgenda point 1: Safer and simpler financial products presentation of the topic for discussion
This steering note is to provide participants with background information on the topic and to stimulate questions to be addressed during the conference. It does not reflect the opinions, views or policy
More informationSEPA for public administrations
Contents: 1 Introduction 2 Background to SEPA 3 Key role of public sector 4 First wave benefits 5 Benefits from market developments 6 Next steps SEPA for public administrations Creating critical mass for
More informationRevised Draft/19 September 2016
Revised Draft/19 September 2016 Proposal for an ETUC Position on the Second Stage Consultation of the social partners at European Level under Article 154 TFEU on possible action addressing the challenges
More informationPRIVACY NOTICE (applicable from May 25th 2018)
PRIVACY NOTICE (applicable from May 25th 2018) The protection of your personal data is important to the BNP Paribas Group. This Privacy Notice provides you with detailed information relating to the protection
More informationECB-PUBLIC OPINION OF THE EUROPEAN CENTRAL BANK. of 2 March on a proposal for a regulation of the European Parliament and of the Council
EN ECB-PUBLIC OPINION OF THE EUROPEAN CENTRAL BANK of 2 March 2018 on a proposal for a regulation of the European Parliament and of the Council amending Regulation (EU) No 1092/2010 on European Union macro-prudential
More informationChallenges and solutions. related to Digital Transformation Training & workshop
Challenges and solutions related to Digital Transformation Training & workshop Agenda 09:00-09:30 Registration, coffee 09:30 11:00 Trends in digitalization Regulatory challenges (PSD2 & other) Business
More informationRealizing the Potential of Big Data under GDPR is Frenemy Status Inevitable? Rebecca H. Davis, Director - Privacy, Walmart Inc.
Realizing the Potential of Big Data under GDPR is Frenemy Status Inevitable? Rebecca H. Davis, Director - Privacy, Walmart Inc. It is not a case of big data or data protection, it s big data and data protection;
More informationPSD2 open banking for E-Money Issuers. Implications and Requirements
A RegTech Company PSD2 open banking for E-Money Issuers Implications and Requirements Webinar November 2018 1 David Parker, Advisor & co-founder Konsentus Please ask questions as we go along 2 Regulatory
More information