The PSD2 sets additional requirements for the permit application for a payment institution. These additional requirements focus primarily on limiting safety risks and procedures with regard to incident management. When applying for a license, the payment institution must, among other things, submit the following to the supervisory body in the country of origin:
- Procedure description for monitoring, handling and following up safety incidents
- Business continuity plan
- Security policy plan including risk analysis for payment services offered
Professional liability insurance
In addition, for payment institutions that specifically act as payment initiation service provider and / or account information service provider, additional provisions have been included to cover their liability for providing payment initiation services or account information services respectively. They must have professional liability insurance or another comparable guarantee against liability. For the payment initiation services, they can be held liable for the damage suffered in the event of an incorrect, unauthorized, non or late processing of a payment order. For account information services, this concerns liability for any damage suffered in the event of unauthorized or fraudulent access to the payment account and the resulting use of the account information obtained.
Finally, payment institutions that have obtained a license must be registered in a new public register. The register must be free and accessible to everyone. The EBA manages this register. For each payment institution, the register states for which payment services a license has been issued. The national supervisory bodies are responsible for the correct delivery of this data. This register should lead to a more transparent functioning of payment institutions and thus ensure a higher level of consumer protection within the EU.
> 6. Access to payment account (part 1/2) – By Third Parties