Is PSD2 Insurance Cover included in your Professional Indemnity Policy?
Only a handful of UK insurers are currently able to provide PSD2 insurance that is fully compliant with the Payment Service Directive. Assuming you have a requirement for compliant PSD2 insurance, we can help review your existing professional indemnity policy.
To discuss your requirements and obtain a free quotation for PSD2 insurance cover that is compliant with the directive you can speak with Tony Gibbs directly on 0118 916 5485
Open Banking- A New Era
The PSD2 Payment Services Regulation 2017 is an update to the EU Payment Services Directive. The intention is to open up the financial services market to the new era of ‘open banking’ by giving licensed third parties access to customer payment and account information, that was previously only accessible to banks and financial institutions. Enforced here in the UK by the Financial Conduct Authority (FCA), the directive applies to Financial Technology (Fintech) businesses classed as either Account Information Service Providers (AISPs) or Payment Initiation Service Providers (PISPs).
Account Information Service Providers (AISPs)
By consent of the customer, AISPs can connect to and access bank account payment information in real-time, on a ‘read-only’ basis. By analysing this transactional data they aim to offer a wide variety of personalised account information products and services, such as, money management tools, price comparisons, and faster, more accurate access to financial products such as mortgages and loans, etc.
Payment Initiation Service Providers (PISPs)
Where AISPs do not move customer money, PISPs aim to initiate e-commerce payments from a customer’s bank account on their request. These services include applications that help manage money between various accounts to avoid overdraft fees, or in retail, where a customer allows a company they shop online with regularly, to connect to their bank account to offer an instant checkout service and save re-entering card details for every transaction, thus improving the customer’s experience.
Compliant PSD2 Insurance – Professional Indemnity Insurance Is Required
Given the extremely sensitive nature of transaction information, the PSD2 Payment Services Regulation focuses on strong communication security and customer authentication requirements. In addition to this, as part of authorisation the FCA have stipulated that AISPs and PISPs are to hold Professional Indemnity Insurance to cover the potential liabilities they face in the countries in which they operate.
The stipulation for those who propose to carry out account information services, is that they must hold compliant professional indemnity insurance to cover their potential liability for non-authorised or fraudulent access to/or use of payment account information.
For those who propose to carry out payment initiation services, they must hold professional indemnity insurance to cover their potential liability for unauthorised payment transactions and non-execution or defective or late execution of transactions, as well as their potential liability for any associated charges and interest.
The coverage required by the FCA should cover liability to third parties arising not only from external attacks, but also from dishonest, fraudulent or malicious acts committed by employees, directors, officers, partners and sub-contractors or outsourcers for whose conduct the Fintech business is legally responsible for.
Minimum monetary amounts for the level of Professional Indemnity Insurance coverage to be carried are mandatory and the European Banking Authority (EBA) has been tasked with developing guidelines for calculating these, dependant on the activities of the third party provider.
Currently, only a very small minority of UK insurers are able to provide FCA approved PSD2 insurance that complies with the Payment Service Directive requirements.
If you are in any doubt over your professional indemnity insurance and its PSD2 compliance, we’d be happy to help!