Payment transactions between consumers and businesses are subject to strict rules. Payment services providers have had to comply with the EU Payment Services Directive 2 (PSD2) since 2018. This European Directive is relevant to parties seeking to offer new payment and information services (that are required to apply to the Dutch Central Bank (DNB) for a licence) and to existing market parties, which will be faced with more stringent and additional requirements.

Want to know whether you, as a new market entrant, are subject to the licensing requirement? What you need to do to be awarded a licence? Where your organisation stands with respect to the PSD2 licensing requirements? How you ensure that you, as a PSD2 licensee, comply with the stricter statutory requirements on a continuous basis? Our specialists have put together a factsheet, which answers all of these questions for you.

Principal changes

While six types of payment services are carried over from PSD1 to PSD2, the new Directive also paves the way for (and imposes stricter requirements on providers of) two new payment services:

• Payment initiation services (service 7); an alternative to payment options such as iDEAL, credit card or PayPal payments.
• Account information services (service 8), such as the option of online financial housekeeping.

Businesses that are awarded a licence by DNB to provide these new payment services must request the permission of account holders to view or access their bank account. Banks will then be obliged to cooperate to ensure that the new services genuinely have a shot at entering the market.

What does PSD2 mean for you?

The introduction of PSD2 affects both existing market players and new entrants to the market. All payment services providers must be organised such that they meet the requirements of PSD2 and protect consumers. Not just now or with the aim of being awarded a licence, but also after the dust has settled.

Compared with PSD1, PSD2 also imposes additional requirements on applications for a payment services licence. These relate to such aspects as IT security risks and incident management procedures. The continuous requirements for existing market parties will also change under PSD2, for instance when it comes to internal operations, risk management and information security.

What BDO can do for you

BDO has formed a multidisciplinary team of experts specialising in providing clients with broad PDS2 compliance support. The team consists of experts in such fields as governance, risk management and compliance (the GRC domain), IT/cybersecurity and data protection.

The advantage of this multidisciplinary approach is that we can help our clients navigate the PSD2 licence application process in all subareas of the DNB assessment. The result is fewer questions from the regulator and a faster assessment process.

Contact

Want to find out more about how BDO can help your organisation in implementing the requirements associated with PSD2? Please feel free to contact one of our specialists for an informal chat with no strings attached.