Konsentus Powering Trust in Open Ecosystems

Understanding European NCA Registers

Registers

Share This Post

Learn more about Registers in the context of PSD2 XS2A.

Entities that want to provide Payment Services as a Payment Services Provider (PSP) must first apply to their Home National Competent Authority (NCA). Once authorised, they take on the appropriate Payment Services Roles & are issued with a Unique Reference Number (URN). The URNs and authorisations are published in National Registers & may also be found in the EBA Registers.

Payment Service Providers (PSPs) PSD1 and PSD2 defines six categories of Regulated Entity that can register with their Home NCA to provide payment services and become PSPs:

  • Credit Institutions
  • Payment Institutions
  • Electronic Money Institutions
  • Central Banks
  • Post Office Giro Institutions (in some countries)
  • Government Ministries (in some countries)

Additionally, there are a number of additional Access To Account (XS2A) payment services set out in PSD2:

  • Payment Initiation Service Providers (PISPs), who perform Payment Initiation Services (PIS)
  • Account Information Service Providers (AISPs), who perform Account Information Services (AIS)
  • Card Based Payment Instruments Issuing Providers (CBPIIPs), who perform Card Based Payment Instruments Issuing Services (CBPII)

Collectively, these 3 PSPs are called Third Party Providers (TPPs). TPPs rely on other PSPs to enable access to customer accounts/data for the provision of XS2A services. The PSPs who provide and operate customer accounts and enable this access are called Account Servicing Payment Service Providers (ASPSPs).

XS2A Payment Services & Roles

Entities that want to provide an XS2A service must first be a category of PSP that already has or obtains the right to perform specific payment services, and so inherits the right to perform the related service roles:

PSP CategoryPayment ServiceRole
Entity applies to be (or already is) one of the following categories…PSP applies to provide one or more of the following services…Once authorised, the PSP plays the following role…
  • Credit Institution
  • E-Money Institution
  • Payment Institution
  • Central Banks
  • Post Office Giro Institutions (in some countries)
  • Government Ministries (in some countries)

(Payment Initiation Services (PIS)

Account Information Services (AIS)

Card Based Payment Instruments Issuing (CBPII)

PSPs that operate payment accounts and allow online access

Payment Initiation Becomes a Payment Initiation Services Provider (PISP)

Account Information Becomes an Account Information Services Provider (PISP)

Card Based Payment Instruments Becomes a Card Based Payment Instruments Provider (CBPIIP)

Account Servicing Becomes an Account Servicing Payment Services Provider (ASPSP)

Exempted PSPs cannot be granted authorisation for PIS or AIS roles without applying to become one of the permitted PSP categories first. Credit Institutions can automatically have all of the roles without further registration.

National Competent Authorities

In each European Union (EU) and European Economic Area (EEA) Member State, there is a single NCA which has been designated to oversee the country’s financial supervision

NCAs are responsible for the financial supervision of payment services in their country, including:

  • Processing & Decision Making
  • Management & Maintenance
  • Maintenance (Including De-Authorisation)
  • In-Country Reporting Collection In-Country Dispute Management
  • In-Country Incident Management
  • National Reporting & Communications
  • Cross-Border Communications

As only one NCA is designated for each country under PSD2, it is clear which NCA represents each country’s financial system, so there is no confusion as to whether a PSP is authorised or not in a specific country.

Registration & Passporting

PSPs register with, and apply to, their Home NCA for the appropriate payment services authorisations. Once a PSP has obtained the authorisations and holds the payment service roles required, they then need to apply for passporting rights to provide the services for which they are authorised throughout the EU.

Registration & Passporting

Unique Reference Numbers

When a PSP is authorised to perform payment services, their Home NCA issue identification numbers, known as Authorisation Numbers, so they can be uniquely identified apart from other PSPs. Some NCAs use existing numbers such as a LEI, VAT Number or a Company Number as the Authorisation number, others generate a new number. Additionally, NCAs may use different names in the Authorisation Numbers. Confusingly, many NCAs also have other numbers that are NOT the National Identification Number, Legal Entity Identifier, Registration Number, and “other Equivalent means of identification.” For simplicity, OBE refers to Authorisation Numbers as Unique Reference Numbers (URNs). Because many countries issue 5 digit URNs, they do not uniquely identify regulated entities across countries. To make them unique, OBE created Global-Unique Reference Numbers (G-URNs). G-URNs are constructed by combining:

The Country Code + The NCA Code + The Unique Reference Number

For example, the code SE-FI-45002 is the G-URN for Trustly in Sweden

The G-URN standard was created by Open Banking Europe and has been adopted by the ETSI for their certificates.

The National Registers

The NCAs provide lists, called National Public Registers, of all the PSP categories and the payment services and roles that PSPs are authorised to perform. Each Register records the registration, payment services authorisations, passporting, and other status details for every PSP in the country. The data required includes:

  • Home Country & Address ▪ Unique Reference Number (URN)
  • Authorisation/Registration Status
  • Payment Service Roles Authorised
  • Country Permissions for Each Authorised Role

ASPSPs can use the National Registers to verify that those TPPs who request access to their customer accounts have been granted the appropriate and relevant payment services and roles required for access. National Registers can be hard to read without specialist knowledge and local language skills as they:

  • Are all in their own format
  • Use their own terminology
  • Often contain a register for each PSP category
  • Can be in their own language
  • Are almost never machine readable
  • Often contain multiple Identification Numbers
 

The EBA Register

The EBA Register provides a list of all registered PSPs in the EU by aggregating information from the 31 National Registers and making it publicly available. Its’ objectives are to increase transparency, ensure a high level of consumer protection, and facilitate cooperation between the Home and Host NCAs.

There are actually two EBA Registers available, each containing different sets of regulatory information:

The Payment Institutions Register which contains:

  • Payment Institutions
  • E-money Institutions
  • Exempted Institutions
  •  Agents
  • Branches
  • Service Providers excluded from PSD2

The Credit Institutions Register which contains:

  • CRD Credit Institutions
  • EEA Branches
  • Non EEA Branches

The purpose of the EBA Registers is to ensure transparency and a high level of consumer protection and facilitate cooperation between the home and host NCAs. The EBA Registers should not be used a way to verify TPPs for XS2A as:

  • There is no single source of Regulatory Data, (two different registers with different purposes)
  • There are Authorisation Number issues (missing numbers, mismatches, formatting issues).
  • Manual search is available only, but no download function and only partial machine readability.
  • The Registers clearly state the primacy of the NCA Public Registers for TPP checking.
  • There are no notifications on data changes & no version history to check historic change.
  • Updates to the Registers are irregular, i.e. not always occurring daily.

To learn more about Registers in the context of PSD2 XS2A and to find out more about Konsentus’ technology solutions, get in touch with a member of our team.

Contact: info@konsentus.com 

Subscribe To Our Newsletter

Keep up to date with all our news and publications.

More To Explore

Singapore Fintech Festival 2024

Konsentus’ Brendan Jones joined a global gathering of policymakers, fintechs, financial services organisations, and technology providers at Singapore Fintech Festival

Read More

Money 20/20 USA 2024

At Money20/20 USA 2024, one of the major topics discussed was the Consumer Financial Protection Bureau’s (CFPB) final rule on Personal Financial

Read More

Talk with Our Team Today

Join us on the Journey

Protect your customers transacting in open ecosystems.

Konsentus Rebrand Button - Konsentus Dot-23-23

Find out how our technology can protect your customers within open ecosystems.

Name(Required)

Opt-in

On completion of this form you will be sharing your personal data with Konsentus Ltd (company number 1115059) (“Konsentus”/”we”/”us”). We will process such information for the purposes of sending you the requested information. We may also send you marketing communications and information which we consider may be of interest to you from time to time. This may include sending information by email, or us contacting you by telephone, where relevant details are provided. We rely on our legitimate interests as the lawful basis for processing your data in this way. Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to receive a copy of the data we hold about you. You also have the right to opt out of marketing communications at any time using the details in an email sent to you or by contacting us at insights@konsentus.com.

This field is for validation purposes and should be left unchanged.

Login to your account