Payment Services Directive II (PSD2)
- Increased scope: PSD2 broadens the application of payment services regulation in the EU in order that certain transactions and accounts that were previously outside the remit of PSD1 are now in scope. As a result we have added a new clause to our terms and conditions regarding “Timings of Withdrawals” (if you instruct us to make a payment during business hours we will process it on that Banking Day, unless you have instructed us to make it on a future date).
- SHA charging: This will be the standard charging methodology for intra EEA transactions in EEA and non-EEA currencies. For these payment transactions, the payer will only pay their bank’s charges and the payee will pay the beneficiary bank’s charges. Due to this requirement, for intra-EEA payments in a non-EEA currency, the principle amount that is received may no longer be guaranteed due to payments being cleared via intermediary banks outside of the EEA.
- Access for third party payment providers: One of the main changes introduced by PSD2 means that, subject to our client’s consent, we will be required to allow certain third party payment service providers appointed by our clients ("TPPs") to access online Accounts to initiate payments and / or to retrieve account and transactional data. There are two types of TPPs: Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs). You may appoint an AISP to provide you with consolidated information on Accounts that you hold with us. You may appoint a PISP to initiate a payment transaction, at your request, from your Account held with us.
You should be aware of the risks involved by providing access to your Account and exercise reasonable care when selecting, appointing and making use of these services as any appointed TPP may have access to account information and transactional data. A number of the new TPP provisions are designed to help us identify and mitigate the effect of any unauthorised, fraudulent or otherwise illegal TPP behaviour.
- Security, incident management and reporting: PSD2 introduces various new requirements aimed at enhancing security and transparency. In particular, PSD2 introduces some new security management and regulatory reporting requirements in response to recent cyber-security concerns. As a result of these changes, we have updated our security, incident management and incident to comply with the revised requirements. These include certain legally required authentication procedures (strong customer or 2-factor authentication) in order to enhance the security of internet payments.
- Complaints handling and dispute resolution: A new complaint resolution requirement for our corporate clients is now in place. This has been communicated to all relevant clients. All relevant complaints regarding PSD2 are monitored and reportable to the regulator.