EBA adopts decision on reportion of payment fraud data

Competent authorities shall report to the EBA the payment fraud data under the PSD2, as specified in the EBA Guidelines on fraud reporting, via the European Centralised Infrastructure of Data (EUCLID) and according to the EBA Data Point Model (DPM).

This Decision allows the establishment of a workflow arrangement whereby EBA, on behalf of the relevant competent authorities, could submit data in line with the specifications set out in the EUCLID Decision.

The PSD2 guidelines

The EBA guidelines on fraud reporting under PSD2 apply since 1 January 2019. To provide an easy to manage submission of data and avoid double reporting burden for competent authorities to send data both to the EBA and the ECB, the EBA, the ECB and competent authorities agreed in 2019 on an ‘interim’ solution.

This means that each competent authority/National Central Bank would submit the data required under the PSD2 and the EBA Guidelines on fraud reporting under PSD2 only once, to the ECB. After that, the ECB would subsequently share this data with the EBA, which would be based on a separate bilateral procedure.

Six years after this procedure has been applied, there seems to be a need to provide clearer expectations to all parties involved regarding both a minimum admissible level of data quality and specifications, and binding remittance dates for the submission of data to the EBA.

The new decision

In the present, each competent authority should report only one file including data of all payment service providers within their jurisdiction and revise the information included in accordance with the guidelines of EBA on fraud reporting under PSD2.

Moreover, where the ECB has submitted data that is in line with the specifications set out in the EUCLID Decision, the relevant competent authorities shall refrain from submitting those data.Moreover, in addition to the EUCLID specifications and the EBA validation rules, the EBA may conduct additional quality checks of the data received to ensure consistency, which may then require revisions from the competent authorities.

Finally, all data submitted to the EBA should be covered by the EU law framework of professional secrecy and confidentiality as applicable to the EBA. Access to this data should be provided in conformity with the EBA Regulation on fraud reporting under PSD2.