Yes, DNB will follows the EBA's recommendations to the national supervisors as described in the Opinion of the European Banking Authority on the transition from PSD1 to PSD2. The opinion document addresses the transitional provisions and the question of how to deal with the fact that some RTS and guidelines will not yet apply when PSD2 is incorporated into national laws and regulations or when the licensing issuing process has been initiated. The main recommendations that DNB intends to implement are the following.
- DNB will assess licence applications on the basis of RTS that have already been adopted by the EBA but not yet formally by the European Commission, or based on guidelines for which it has either not yet been established whether DNB will apply them or for which it has been clearly established why DNB will not apply them. While these RTS and guidelines have not yet been adopted or established, they can serve as an indication of what is required to comply with the provisions of PSD2.
- DNB will contact service providers that provided payment initiation services or account information services prior to the transposition of PSD2 in national laws and regulations in order to meet the deadlines referred to in the transitional provisions of Article 109 of PSD2.
- DNB urges all payment service providers to comply with the provisions of the RTS on strong customer authentication and common and secure communication (RTS SCA/CSC) as soon as possible, in anticipation of the deadline for compliance (14 September 2019)).
- More specifically, account servicing payment service providers (and banks in particular) are urged to develop and offer a dedicated interface according to the requirements specified in the RTS SCA/CSC as soon as possible. This will promote more secure communication between payment initiation and account information service providers and account servicing payment service providers, and allow less desirable methods of communication such as screenscraping to be phased out. Moreover, using a dedicated interface will help to prevent payment initiation and account information service providers from gaining access to more information than permitted by the customer.
- In licensing, DNB will encourage new payment initiation and account information service providers to use dedicated interfaces, insofar these are offered by accountservicing payment service providers.
- In accordance with the EBA opinion document, DNB will no longer apply the EBA Guidelines on security of internet under PSD1 in stages. With the phasing in of the new RTS SCA/CSC and the Guideline on incident reporting, the EBA Guidelines on security of internet established under PSD1 will become obsolete. However, the EBA will only withdraw the latter guidelines after PSD2 has been implemented in full.
- The EBA Opinion on cross-border service provision states that if the implementation of PSD2 in a Member State is delayed, this must not be a reason to prevent a foreign entity from offering its services in this Member State. However, the Dutch Minister of Finance informed the Lower House of Dutch Parliament in late October 2017 that, as a result of the delayed implementation of PSD2, new payment services will remain unregulated and that banks will not be obliged to allow payment institutions access to the payment and account information of their customers, even if these have consented. However, DNB has been accepting passporting requests from other Member States since 13 January 2018.