The Dutch National Forum on the Payment System (Maatschappelijk overleg betalingsverkeer - “MOB”) has published guidance on the transparency requirements for account information services providers (“AISPs”), a specific payment service regulated under PSD2.
The MOB is a forum established by the Ministry of Finance consisting of various governmental and industry stakeholders. The MOB meets twice a year to discuss the developments and challenges in the payment industry.
An account information service is a new kind of payment service introduced in the second payment services directive. An account information service is an online service to provide consolidated information on one or more payment accounts held by the payment service user with either another payment service provider or with more than one payment service provider. Currently, several companies have a license from the Dutch Central Bank that allows them to provide account information services. Additional to financial regulatory requirements AISPs need to comply with strict privacy requirements when offering the service.
In its most recent meeting, the MOB agreed on several good practices regarding account information services. The MOB would like AISPs to provide customers with answers to the following seven questions:
- Who requests access to my account information? How is the service regulated?
- Which service that requires my data does the AISP offer?
- Which data from my payment account will the AISP use?
- What else does the AISP use the data for?
- Which data will the AISP share with which third parties and for what purpose?
- Where and how can I withdraw my previously given consent?
- Where can I find additional information?
The MOB stresses that the AISP should answer using concise, transparent and comprehensible language. Furthermore, the AISP should ensure that its customer sees the answers before he/she authorises the AISP to access his/ her payment account. By doing so, the MOB hopes to stimulate customerds to make use of account information services. The MOB notes however that providing the abovementioned answers does not affect an AISP’s transparency obligations under the General Data Protection Regulation (GDPR), as those requirements are more comprehensive.