The account information service provider
On January 13, 2018, Act No. 370/2016 Coll., on Payments (hereinafter referred to as "AoP") became effective. The AoP transposed the Directive (EU) 2015/2366 of the European Parliament and of the Council of November 25, 2015, on payment services in the internal market (also called PSD 2) into Czech law system. This has, among other regulations, extended the portfolio of regulated payment services and also the range of providers authorized to provide payment services. One of the newly regulated payment services is administration of payment account information. It is worth mentioning that such services have existed before this regulation and have been provided by some fintech companies.
This service is provided by third party providers, i. e. the account information service provider, which is a subject different from the one that manages the payment account of the user. Within this service, the account information service provider enables its user to access all their payment accounts, their account balances, transactions carried out and other information related to their payment accounts via its own system (usually a mobile phone application). Effectively, management of the user’s bank accounts is much easier as they can access all of their accounts via one joint application.
The essential part of this new service is granting a consent by a user of the service to the account information service provider to access the information about their payment accounts. In order to prevent any obstacles that could interfere with using the service, the user should grant the consent regarding the access of information about the payment accounts to both an account information service provider and a provider of their banking services.
In order to provide this service, the account information service provider must be granted a permission from the Czech National Bank. Before the effectiveness of AoP, the permission was not required. However, AoP does not deal with this discontinuity, providers therefore need to apply for permission as soon as possible if they haven’t done that yet in order to continue providing the service legally.
Among other obligations set by the AoP, an obligation to conclude an insurance contract is imposed on account information service providers. The insurance should cover any damages caused by an unauthorized access to user’s payment account information.
The AoP also sets out some offenses that could be committed by the account information service provider, including non-compliance with the obligation to conclude an insurance contract. The fines for committing offenses reach up to CZK 10 million.
More information on this topic could be found in this article, which is available on our website in Czech language.