Proposition P20 - PSD2 in-scope accounts (sterling)

Version Control

Version
Date
Author(s)
Comments
0.1 OBIE API Delivery Team

Initial draft for presentation to the Read/Write working group.

0.2 OBIE API Delivery Team

Updates based on feedback from workshop on  and  and from OBIE Regulatory/Legal team.

0.3 

OBIE API Delivery Team

Update based on feedback from meeting with Regulatory & Legal team on  
0.4 OBIE API Delivery Team

Minor update to reflect communication to IESG

0.5 OBIE API Delivery TeamMinor update to change scope table heading from Definition to Description and clarification that non GBP accounts and paper/pdf statements are out of scope.
0.6 OBIE API Delivery TeamFeedback and Clarifications
1.0 OBIE API Delivery TeamApproved as the scope at IESG.

Introduction

The purpose of this paper is to define the overall proposition for item P20 (PSD2 in scope accounts, sterling), so that participants (ASPSPs and TPPs) and stakeholders (FCA, HMT, CMA) are clear about what is and is not in scope for this item, and how this will support regulatory requirements and key use cases.

Roadmap Definition

The following table is taken 'as-is' from the published roadmap (https://www.openbanking.org.uk/wpcore/wp-content/uploads/2017/11/FAO-CMA_Proposed-Amendments-to-Agreed-Arrangements_v_final-1.pdf):

DescriptionRationaleAligns with

Scope Item description:

  • Extension of OB R/W APIs to cover the full set of PSD2 sterling denominated products not covered under the Order (including but not limited to credit cards, currency accounts, charge cards, e-wallets, pre-paid accounts and payments enabled savings, deposit, loan and mortgage products) and comprehensively fulfilling the functional requirements of PSD2

Key activities:

  • A discovery phase by the OBIE to understand the variety of payment accounts in scope and used in practice, understand gaps in existing functionality and modifications required to the exiting standards
  • The development of standards by the OBIE for the products and functionality referred to above
  • The implementation of those standards by the CMA9 as soon as is practical and no later than Release 4

Regulatory alignment:

  • Fulfils the requirements of PSD2 through OB standards

Open Banking adoption:

  • Extends coverage of OB Standards to cards providers seeking PSD2 solutions

Consumer / SME utility:

  • Consumers would be able to access their full breadth of payments activity and benefit from comprehensive AIS and PIS services

Security / Integrity:

  • Consumers would be able to access their data without credential sharing and access their payments without putting cards on file
PSD2

Regulations

Regulatory references

The following regulatory references are relevant when considering the scope of item P20:

PSR Reg 1(2) (Interpretation)

‘payment account’ means an account held in the name of one or more payment service users which is used for the execution of payment transactions

PSR 2017 Reg69(1) (Access to payment accounts for payment initiation services) states:

This regulation applies only in relation to a payment account which is accessible online.

PSR 2017 Reg 70(1)(Access to payment accounts for account information services) states:

This regulation applies only in relation to a payment account which is accessible online.

FCA Approach Document and final Handbook changes 17.14 and 17.15

17.14 The meaning of ‘accessible online’ is not defined under the PSRs 2017. In our view, an account is accessible online if the ASPSP offers online banking services in relation to that account. Online banking services may be provided through websites or applications, and may be accessible using a desktop computer, mobile phone, tablet or any other such device. Whether an account is accessible online should not be dependent on whether a particular customer has chosen to activate online banking services with the ASPSP. As a result, an ASPSP should not deny an AISP or PISP access to a customer’s account or refuse to give confirmation of availability of funds to a CBPII on the basis that the customer has not registered for online banking. The customer may, however, need to activate online banking services before they can use AIS or PIS, if they do not already have the security credentials for use in the ASPSP’s authentication procedures.

 17.15 The purposes for which the specific account can be accessed online also needs to be considered when determining whether an account is ‘accessible online’. Whether regulations 68, 69 and 70 of the PSRs 2017 apply to a payment account will partly depend on what the account holding customer could do with that account online. In our view, an account which is available online on a ‘view only’ basis, but without any payment functionality, would not be ‘accessible online’ for the purposes of PIS. It would, however, be ‘accessible online’ for the purposes of AIS and confirmation of availability of funds to a CBPII.

HMT response to consultation:

7.25 The government intends to maintain the approach set out in the consultation document, regarding the accounts in scope of the AISP/PISP regime (namely access must be provided to all online payment accounts).

Again, in line with what the government set out in the consultation document, ASPSPs will only be expected to provide equivalent access to that available online to customers. Therefore if consumers cannot initiate a payment from their online credit card account, PISPs cannot initiate a payment either (and therefore have no right of access).

Equally if there is no online account available (as is the case for many gift cards) there is no requirement for access to be provided.

CMA order:

10.1.2 Both read and write access, which allows a third party to access account information or initiate a payment on behalf of the customer (subject to the customer’s explicit consent), for data set out in Article 14 (the ‘Read/Write Data Standard’) and which has the features and elements necessary to enable Providers to comply with the requirements to provide access to accounts subject to this Part 2 of the Order under PSD2 .

10.2 Neither the Read-only Data Standard nor the Read/Write Data Standard shall include provisions that are incompatible with the requirements in PSD2.

Regulatory requirements

The OBIE interpretation is that the key regulatory requirements are:

For Account Information Services:

  • Any payment account which is accessible online is in scope.
  • A PSU, via an AISP, should be able to access via an AISP, payment account and associated payment transaction information currently available to that PSU through the ASPSP online channel..
  • This requires an extension to the existing Account and Transaction API (version 1) to cover these additional account types and additional data elements for each.

For Payment Initiation Services:

  • Only payment accounts where a PSU can initiate payment via the ASPSPs online interface are in scope.

  • A PSU, should be able to instruct the initiation of a payment order via a PISP from their online payment account.

  • This requires an extension of the Payment Initiation API (version 1) to cover these additional account types, and also to extend this coverage to additional payment types (as applicable) Use cases

The above regulatory requirements do not fully define the functionality needed to meet the needs of AISPs and PISPs, especially to enable the development of innovative new products using multiple payment accounts. The following are some of the key/high priority use cases which corroborate the definition and rationale as stated in the roadmap item above.   


Use Cases

Read API with extended accounts in scope

  • As a customer, I want to use a tool to have a consolidated view of all my finances across multiple banks, loans, and credit card accounts, from multiple providers, so that I have an accurate view of my financial position helping me with my budgeting decisions.
  • As a small business loan provider, I want to view transactional data from an applicant’s accounts across different financial instruments used by the applicant, so that I can have a more accurate view and apply my own criteria to assess whether I want to lend to them.
  • As a customer, I want a consolidated view within my Personal Finance Management (PFM) tool of the pending balance transfers across my different credit cards with the expiry of the offer period for each, so that I can optimise the balance transfers to avoid higher interest rates.
  • As a PFM provider, I want to alert customers when one of their balance transfer offer periods is about to expire, so that I can offer them a better deal through market comparison.

Scope

In scope

Based on the regulatory requirements and customer use cases above, the following items are considered in scope for P20. In all cases this covers GPB accounts/payments (as other currencies are covered by P10 and P21).

Account TypeDescriptionAISPIS
Current accountsPersonal and business current accountsYY
Payments enabled flexible savings accounts

Flexible Savings are instant access account which offer interest, where customer can put in or take out money whenever they like.

Payments are made either to a linked current account (Post Office Money, AA) or to any other account (HSBC Flexible Saver) 

YY

Payments enabled deposit accounts

Deposit accounts which allow initiation of payments from an online channel of the ASPSPYY

Payments enabled loan accounts

Loan accounts which allow initiation of payments from an online channel of the ASPSPYY
Payments enabled mortgage accounts

Current Account mortgages which combine customer's mortgage and current account to give one overall balance.

Customers can use these accounts to make payments from the online channel and some issuers will also issue a debit card

YY

e-money accounts


E-money accounts represent cash value that is stored in an account.

Products supported by e-money accounts could be pre-paid accounts with virtual account number-sort codes, pre-paid cards.

Y

Y/N

(depending of the

e-money product)

Credit card accounts


Credit card account is a payment account, which is available online, with the card issuing entity.


For a PSU there could be multiple credit cards linked to the same card account (e.g. MBNA Visa and Amex cards linked to the same account)

PSU could have have multiple card accounts (Visa, MasterCard) with the same issuer.

A credit card is a credit facility that requires a repayment of a minimum amount each month

YN

Charge card accounts

A charge card is a card that requires payment in full every month. A charge card is a credit facility that requires repayment of balance in full every month. YN

Notes on Payment Initiation Service:

  • The above accounts marked Y above (in the PIS column) indicate that these accounts are in scope for the source account in the case where the ASPSP offers the ability for the PSU to make an online payment from these accounts.
  • Purchase transaction from credit card accounts and charge card accounts are out of scope for PIS as they are not initiated by the PSU via the ASPSP’s online channels. 
  • The destination for the payment must be referenceable via a sort code and account number.

Comments

The following additional payment types are not currently envisaged for release 2: Balance transfer from one card account to another card account.

  • Money transfer from a card account to a bank account.

  • B2B payments to an account using a virtual PAN.

  • Payments to accounts via other references used by e-money accounts.

The next steps are to clarify and manage under change control in a future release or include in current release subject to approval through the proper governance process.


Not in scope

The following items are NOT in scope for item P20, as they are either outside the scope of PSD2 and the CMA Order, or they are covered by a subsequent roadmap item in release 3 or 4:

  1. API access to paper/PDF statements are considered out of scope for a PSD2 read API.
  2. Non-GBP payments and accounts, including Euro and FX (see item P10 and P21).
  3. Bulk/batch payments (see item P11).
  4. Accounts where multiple authorisations are required (see item P13).
  5. Corporate accounts (see item P22).
  6. Digital wallets (Apple Pay, Samsung Pay) where the customer adds cards from multiple issuers.
  7. Store value accounts with limited network capability (i.e. which can be used only at specific places e.g. gift cards, fuel cards, membership cards, public transport cards etc.).

Considerations

Constraints

All accounts need to be accessible through the ASPSP online channel.

Dependencies

TBC

Assumptions

For Read APIs:

  • The consent model will not be impacted due to additional payment accounts in scope for V2.0.
  • Some of the mandatory data elements currently available for version 1.1 release may not be applicable to some payment accounts
  • The full dataset will be considered rather than a 'most common denominator' subset approach 

For Write APIs:

  • The consent model will not be impacted due to additional payment accounts types in scope for V2.0.
  • All Payment Types in the OB Roadmap will support payments from the payment accounts types listed above
  • Referencing of the debtor account while using payment enabled saving, loan & mortgages will be using sort code and account numbers

How we will measure adoption

The following metrics will be required to measure adoption:

  1. Number of TPPs utilising each of the above payment account types for Read
  2. Number of TPPs utilising each of the above payment account types for Write, where applicable
  3. Volume of each Read API endpoint calls for each of the payment account types
  4. Volume of each Write API endpoint calls for each of the payment account types, where applicable
  5. Volume of successful accesses for each of the above payment account types
  6. Volume of successful transactions generated for each of the above payment account types, where applicable
  7. Volume of failed accesses by type of failure for each of the above payment account types
  8. Volume of failed transactions by type generated for each of the above payment account types, where applicable