The European Banking Authority (EBA) has finalised guidance for some financial technology (fintech) companies on the type of professional indemnity insurance, or comparable guarantee, they will need to put in place to operate in the EU's payment services market next year.

The EBA's finalised guidance (66-page / 535KB PDF) is designed to reflect rules set out in the EU's revised Payment Services Directive (PSD2). The guidance will apply from 13 January 2018, the date on which PSD2 must take effect in national legislation across EU member states.

The guidance contains a formula designed to help financial regulators to check whether the level of professional indemnity insurance or other comparable guarantee is sufficient to cover the potential liabilities that payment initiation service providers (PISPs) and account information service providers (AISPs) face under PSD2.

The amount should reflect the risk profile of the company, the type of activities they provide and the size of the activity firms carry out, the EBA said. The guidance sets out a range of indicators to help firms and regulators apply the formula and ensure the level of cover or guarantee put in place is appropriate.

Under PSD2, PISPs must obtain authorisation from national regulators in the EU to carry out their activities, while AISPs must be registered. One of the conditions of authorisation for PISPs, or registration for AISPs, is that the companies take out professional indemnity insurance covering the EU countries in which they operate, or "some other comparable guarantee" against their liabilities that arise under the directive.

The liabilities PISPs could face under the directive include obligations to compensate payment account providers for losses sustained or refunds they have paid to consumers following unauthorised payment transactions. The companies could also be liable for non-execution, defective or late execution of payment transactions.

For AISPs, the insurance cover must apply to their potential liability for "non-authorised or fraudulent access to or non-authorised or fraudulent use of payment account information".

The EBA is tasked, under PSD2, with issuing guidelines for regulators on "the criteria on how to stipulate the minimum monetary amount of the professional indemnity insurance or other comparable guarantee" that PISPs and AISPs are obliged to put in place. The EBA had consulted on draft guidance last year

Useful Links

The EBA's finalised guidance (66-page / 535KB PDF)

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances,