Out-Law / Your Daily Need-To-Know

Out-Law News 1 min. read

Guidance issued on calculating professional indemnity insurance obligations under PSD2


The European Banking Authority (EBA) has developed a formula for calculating the level of professional indemnity insurance, or other comparable guarantee, that some businesses in the EU payments market will have to put in place under the revised Payment Services Directive (PSD2).

The draft guidance produced by the EBA (42-page / 342KB PDF) is designed to inform regulatory requirements national authorities will be required to impose on payment initiation service providers (PISPs) and account information service providers (AISPs) under PSD2.

The EBA is tasked, under the directive, with issuing guidelines for regulators on "the criteria on how to stipulate the minimum monetary amount of the professional indemnity insurance or other comparable guarantee" that PISPs and AISPs are obliged to put in place under PSD2.

The guidelines must be in place before 13 January 2017. The EBA said they would apply from 13 January 2018. The draft guidelines produced by the EBA are open to consultation until 30 November.

Under PSD2, PISPs must obtain authorisation from national regulators in the EU to carry out their activities, while AISPs must be registered. One of the conditions of authorisation for PISPs, or registration for AISPs, is that the companies take out professional indemnity insurance covering the EU countries in which they operate, or "some other comparable guarantee" against their liabilities that arise under the directive.

The liabilities PISPs could face under the directive include obligations to compensate payment account providers for losses sustained or refunds they have paid to consumers following unauthorised payment transactions. The companies could also be liable for non-execution, defective or late execution of payment transactions.

For AISPs, the insurance cover must apply to their potential liability for "non-authorised or fraudulent access to or non-authorised or fraudulent use of payment account information".

In its draft guidance, the EBA said that the minimum value of professional indemnity cover, or comparable guarantee, PISPs and AISPs will require should be calculated on the basis of a formula. 

The amount should reflect the risk profile of the company, the scope of the activities they provide and the size of the activity firms carry out, the EBA said. According to the directive, an assessment of the size of PISPs should be based on "the value of the transactions initiated" by those companies. For AISPs, the number of clients they have is the relevant measure.

The EBA's draft guidance provides some detail on how those factors should be accounted for by regulators.

The EBA is responsible for issuing a raft of guidance on regulatory and technical standards under PSD2. In August it set out draft proposals on strong customer authentication which saud that banks and other payment service providers (PSPs) will not be able to rely on "behavioural data" as a means of authenticating prospective transactions under PSD2.

PSD2 came into force earlier this year and will need to be implemented into national laws across the EU by 13 January 2018.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.