Payment Services Directive 2 (PSD2) – Requirement for Professional Indemnity Insurance

Open Banking- A New Era

The PSD2 Payment Services Regulation 2017 is an update to the EU Payment Services Directive. The intention is to open up the financial services market to the new era of ‘open banking’ by giving licensed third parties access to customer payment and account information, that was previously only accessible to banks and financial institutions. Enforced here in the UK by the Financial Conduct Authority (FCA), the directive applies to Financial Technology (Fintech) businesses classed as either Account Information Service Providers (AISPs) or Payment Initiation Service Providers (PISPs).

Account Information Service Providers (AISPs)
By consent of the customer, AISPs can connect to and access bank account payment information in real-time, on a ‘read-only’ basis. By analysing this transactional data they aim to offer a wide variety of personalised account information products and services, such as, money management tools, price comparisons, and faster, more accurate access to financial products such as mortgages and loans, etc.

Payment Initiation Service Providers (PISPs)
Where AISPs do not move customer money, PISPs aim to initiate e-commerce payments from a customer’s bank account on their request. These services include applications that help manage money between various accounts to avoid overdraft fees, or in retail, where a customer allows a company they shop online with regularly, to connect to their bank account to offer an instant checkout service and save re-entering card details for every transaction, thus improving the customer’s experience.

Professional Indemnity Insurance Is Required

Given the extremely sensitive nature of transaction information, the PSD2 Payment Services Regulation focuses on strong communication security and customer authentication requirements. In addition to this, as part of authorisation the FCA have stipulated that AISPs and PISPs are to hold Professional Indemnity Insurance to cover the potential liabilities they face in the countries in which they operate.

The stipulation for those who propose to carry out account information services, is that they must hold professional indemnity insurance to cover their potential liability for non-authorised or fraudulent access to/or use of payment account information.

For those who propose to carry out payment initiation services, they must hold professional indemnity insurance to cover their potential liability for unauthorised payment transactions and non-execution or defective or late execution of transactions, as well as their potential liability for any associated charges and interest.

The coverage required by the FCA should cover liability to third parties arising not only from external attacks, but also from dishonest, fraudulent or malicious acts committed by employees, directors, officers, partners and sub-contractors or outsourcers for whose conduct the Fintech business is legally responsible for.

Minimum monetary amounts for the level of Professional Indemnity Insurance coverage to be carried are mandatory and the European Banking Authority (EBA) has been tasked with developing guidelines for calculating these, dependant on the activities of the third party provider.

Currently, only a very small minority of UK insurers are able to provide FCA approved insurance that complies with the PSD2 requirements.

If you are in any doubt over your professional indemnity insurance and its PSD2 compliance, we’d be happy to help!

For more information regarding Payment Services Directive (PSD2) and the type of Professional Indemnity insurance required in order to operate in the EU’s payment services market from this year, please contact Adam Lawrence directly on 0118 916 5484

Author: Adam Lawrence | April 15th, 2019

Contact the author

Adam Lawrence
Get in touch:   Reading: 0118 916 5480   London: 020 7036 8767   info@macbeths.co.uk