German regulator BaFin takes action to enforce bank compliance to PSD2

Friday 16 August 2019 14:03 CET | News

German Federal Financial Supervisory Authority BaFin has warned banks that it cannot offer fallback exemptions under PSD2 considering the current level of compliance in applications.

At the third workshop initiated by BaFin on the testing of PSD2 interfaces, market participants discussed in particular the status of the implementation of the regulatory requirements for the dedicated interface pursuant to Article 30 of the German Financial Supervisory Authority (BaFin). Regulation (EU) 2018/3891 (hereinafter referred to as the Delegated Regulation) and the difficulties of a successful migration to the new access interfaces until 14.09.2019.

According to the regulator, several account-holding payment service providers have submitted an application for an exemption from the provision. The regulator stated that it can only grant an exemption for the provision of dedicated interfaces, which only offer the redirection path for authentication, if the concrete design does not represent an obstacle for third-party service providers. This assessment is in line with the legal opinion of the European Commission, the European Banking Authority and all other national supervisory authorities.

The regulator indicates that the Article 33(6)(c) of Delegate Regulation (EU) 2018/389 is not to be interpreted in the sense that individual third-party service providers can prevent this requirement from being met by an abusive refusal to interfere with a particular interface. Therefore cannot be considered a regulatory loophole to create a path to delays in achieving compliance. Due to these circumstances, in particular the functional deficiencies, BaFin announced it will probably not be possible to reach a positive decision on the applications submitted by 14 September 2019.

BaFin representatives have advised that the access interfaces currently used in Germany by third-party service providers be adapted to the requirements of the Delegate Regulation with regard to the application of the Strong customer authentication. This can include both the direct customer interface (web interface) as well as another dedicated interface (such as FinTS).

Ralf Ohlhausen, Vice-chairman of the European TPP Association (ETPPA) has commented that “With UK, France and Germany now taking action, I think we can expect to see other countries also realizing that a successful implementation of PSD2 needs better APIs and therefore more time before TPPs can really use them. The Joint Statement we agreed with the banks recently could be used to improve our collaboration to get there as quickly as possible.”

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: German Financial Supervisory Authority, BaFin, PSD2, TPP, ETPPA, Ralf Ohlhausen, TPP accreditation, TPP compliance, PSD2 compliance, European Commission
Countries: World