The main innovation of the PSD2 is the acknowledgement of two new payment services which allows a third party to interpose between a user and its banks or credit institutions:
- Payment initiation service
- Account information service
Preliminary, only the payment accounts are included in the PSD2 perimeter. For example, bank accounts with a payment card or cheque are considered as payment accounts, which are under PSD2 perimeter. A “Livret A” is a saving account so it is not in the PSD2 perimeter.
The providers who provide these services, like the other payment institutions, need to obtain an authorization from the ACPR (the French Prudential Supervision and Resolution Authority) and to be insured by an public liability insurance equal covering the territories where they provide their services. For more transparency, the authorized service providers are registered on the financial agents register (Regafi).
In BtoB cases, for example for the automatic accountancy service of the transiting operations on payment accounts, the customer loyalty program, the verification of the client’s solvency; three categories are available with different regulatory consequences:
- White labels : the partner has to be authorized by the ACPR as a credit institution, or account information provider (PSIC) and/or payment initiation and has to comply with the requirements of this status as an insurance subscription of professional indemnity. It is important to remember that, as said in the 3rd November of 2014 concerning the internal control, the externalized service provider has to be authorized as a PSIC by the ACPR too.
- The Agent or the co-branding : The partner has to be appointed as a payment service Agent of the PISC. The payment services are delivered under the responsibility of the PSIC who has a control power as stated in the L.523-3 article of the monetary and financial code.
- The partnership or redirect : No formality is required by the ACPR for the partner, who has no implication in the delivery of the payment services. The aggregation and the data security are the responsibility of the aggregation and payment initiation service provider.