Payment Services Directive II (PSD2)

The second Payment Services Directive ("PSD2") came into effect on 13 January 2018. In connection with the requirements of PSD2, we are required to inform you of some changes to the terms and conditions governing accounts we maintain for you in the UK ("Accounts").   


PSD2 replaces the existing EU framework for the regulation of payment services under the original Payment Services Directive 2009 ("PSD1") and is the result of a number of drivers, including developments in technology, the increased threat of cyber attack and a desire to increase competition. PSD2 introduces new requirements around how we provide payment services for Client Accounts and required changes to the terms and conditions governing our client’s Accounts.
These changes include:
  • Increased scope: PSD2 broadens the application of payment services regulation in the EU in order that certain transactions and accounts that were previously outside the remit of PSD1 are now in scope. As a result we have added a new clause to our terms and conditions regarding “Timings of Withdrawals” (if you instruct us to make a payment during business hours we will process it on that Banking Day, unless you have instructed us to make it on a future date).
  • SHA charging: This will be the standard charging methodology for intra EEA transactions in EEA and non-EEA currencies. For these payment transactions, the payer will only pay their bank’s charges and the payee will pay the beneficiary bank’s charges. Due to this requirement, for intra-EEA payments in a non-EEA currency, the principle amount that is received may no longer be guaranteed due to payments being cleared via intermediary banks outside of the EEA.
  • Access for third party payment providers: One of the main changes introduced by PSD2 means that, subject to our client’s consent, we will be required to allow certain third party payment service providers appointed by our clients ("TPPs") to access online Accounts to initiate payments and / or to retrieve account and transactional data. There are two types of TPPs: Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs). You may appoint an AISP to provide you with consolidated information on Accounts that you hold with us. You may appoint a PISP to initiate a payment transaction, at your request, from your Account held with us.

    You should be aware of the risks involved by providing access to your Account and exercise reasonable care when selecting, appointing and making use of these services as any appointed TPP may have access to account information and transactional data. A number of the new TPP provisions are designed to help us identify and mitigate the effect of any unauthorised, fraudulent or otherwise illegal TPP behaviour.

  • Security, incident management and reporting: PSD2 introduces various new requirements aimed at enhancing security and transparency. In particular, PSD2 introduces some new security management and regulatory reporting requirements in response to recent cyber-security concerns. As a result of these changes, we have updated our security, incident management and incident to comply with the revised requirements. These include certain legally required authentication procedures (strong customer or 2-factor authentication) in order to enhance the security of internet payments.
  • Complaints handling and dispute resolution: A new complaint resolution requirement for our corporate clients is now in place. This has been communicated to all relevant clients. All relevant complaints regarding PSD2 are monitored and reportable to the regulator.

Further information

Further information around the operational changes to your Accounts, and PSD2 generally, can be found on the European Commission website.

PSD2 API Portal

To registered Third Party Providers who wish to gain access, please follow this link to our dedicated portal.
Here you will find the requirements to become connected. Or view our other disclosures and regulatory information.