The Netherlands Authority for the Financial Markets (AFM) has published new guidelines assessing what accounts it deems as in the scope of the second Payment Services Directive (PSD2), as well as those that are not.
The AFM has published fresh guidance for the Dutch payments market, which establishes what is a qualifying payments account and which payments accounts do not need to align themselves with the directive’s rules.
Under the Dutch Financial Supervision Act, otherwise known as the Wft locally, if the payment service user can use a payment account to perform everyday payment transactions — deposit funds, withdraw cash and receive payment transactions from third parties and execute them to third parties, including the execution of transfers — then it is in the scope of the PSD2.
In the new guidance, the financial watchdog has outlined whether the following payment service providers fall into scope: payment accounts with a shared signature; payment accounts with different legal owners under one payment agreement; payment accounts with a power of attorney; G-accounts (used in the Netherlands solely to payroll taxes and/or VAT); and savings accounts with one or more contra accounts.
Going forward, all Dutch banks will need to support account information services (AIS) and payment information services (PIS) coverage for the first three types. However, the other two fall out of scope, according to the AFM.
Since the G-account has very limited functionality and cannot be used for everyday payment transactions, it does not classify as a payment account within the meaning of the Wft and does not have to be made available to payment initiation and account information service providers, the AFM said.
Meanwhile, the regulator continued that savings accounts with one or more fixed contra accounts do not fall under the definition of payment accounts and therefore also not under the Wft/PSD2.
However, providers of savings accounts with a fixed contra account can, outside PSD2, enable account information service providers, with the consent of individual account holders, to gain access to savings accounts. This is possible on the basis of an agreement between providers of such savings accounts and the third parties.
For Emanuel van Praag, a financial technology professor at Erasmus school of law, this was not that shocking. “In my view, what the AFM said is correct and in line with the interpretations of other regulators.”
They did not really address the controversial questions though, he continued, noting the extent to which credit cards and e-money accounts are subject to account-to-account rules.
"It is a good thing that the AFM has clarified that savings banks are not in scope, but this was the general assumption for most banks and suppliers,” said Nicolas Darlavoix, pre-sales manager for digital, fintech and open banking at Sopra Banking Software.
There are not really any surprises there, according to Darlavoix. “But, I do think that in the smaller banks, some may get into trouble regarding business accounts that are in scope. Making them compliant with PSD2 could be complicated.”
G-accounts and savings accounts
Both of these account types have spurred controversy in the Netherlands, according to Jan van Vonno, research director at Tink. “TPPs [third party providers] were hoping that they could leverage PSD2 APIs [application programme interfaces] to build solutions for the management of both financial and fiscal affairs,” he pointed out.
“Since G-accounts don't allow users to pay regular invoices they fall outside the definition of a payment account and banks do not need to support AIS and PIS for these accounts,” van Vonno continued. “The clarification has come as a disappointment for many business owners and accounting software firms.”
Savings accounts, on the other hand, have been a contentious issue as for some banks in the Netherlands savings accounts are simply payment accounts but branded differently, whereas other banks have true savings accounts that only allow transactions to and from a designated counter account, he pointed out.
"If savings banks open up to open banking, this could be really interesting for consumers of savings banks if they want a full financial overview,” said Darlavoix.
PSD2 has not taken flight yet in savings and perhaps is not possible yet from market players, he continued. “If a savings bank did do this, it would be able to differentiate itself, and would also benefit the savings bank as it costs them money to keep so much money."
Enforcement and the PSD2 review
Payments insiders have suspected that financial institutions have had an easy ride with PSD2.
In many ways, this has been true — enforcement has rarely been publicised by national regulators, in spite of concerns from the European Banking Authority about account obstacles not being removed by the banks.
Yet, this may be about to change. Sweden’s financial regulator has recently set a deadline for Swedbank to become fully compliant after it launched an investigation last year.
"I've noticed both Belgium and the Netherlands starting to get more strict with PSD2 enforcement and reacting to signals in the market that things aren't working well,” said Darlavoix.
He added: “I know of a bank in the Netherlands that didn't reach payments initiation fully so a deadline was set to last February to solve it, and is now under supervision from the DNB. Checks are being carried out now after more or less nothing was done last year by DNB."
This enforcement is coming at a time when changes to PSD2 could be just around the corner. The European Commission is due to launch a review and the Dutch ministry of finance will publish its own imminently, sources suggest.
The Dutch review will be more interesting news than the clarifications that the AFM has published, van Praag suggested. “The PSD2 report delves quite a lot into privacy and the role of the Dutch data protection authority,” he suggested.
The interaction between PSD2 and the General Data Protection Regulation has also been a contentious point for both payment service providers and their regulatory supervisors.
Last month, nine payments lobby groups sent a joint letter to the EU’s regulators expressing their concerns about the European Data Protection Board’s (EDPB) guidelines regarding the interplay between the two laws.
The letter suggested that the broad industry feels that the EDPB guidelines are not in line with PSD2 and the Regulatory Technical Standards on strong customer authentication (SCA) and common and secure open standards of communication (CSC), especially when it comes to how silent party data and special categories of personal data are considered.