The European Banking Authority (EBA) has published a consultation paper on draft guidelines on fraud reporting requirements under Article 96(6) of the revised Payment Services Directive (PSD2).
Article 96(6) of PSD2 states that payment service providers (PSPs) shall provide “statistical data on fraud relating to different means of payment to their competent authorities”. The same article states that competent authorities shall, in turn, provide the EBA and the European Central Bank (ECB) with such data in aggregated form.
In order to ensure that these high-level provisions are implemented consistently among Member States and that the aggregated data provided to the EBA and the ECB is comparable and reliable, the EBA, in close cooperation with the ECB is proposing two sets of guidelines on the reporting requirements of fraudulent payment transactions:
- the first set of guidelines set out requirements applicable to all PSPs, with the exception of account information service providers. More specifically, these guidelines define “fraudulent payment transactions” for the purposes of data reporting and set out the methodology for collating and reporting data, including data breakdown, reporting periods, frequency and reporting deadlines. PSPs are expected to provide high-level data on a quarterly basis and more detailed data on an annual basis. The guidelines leave it to the discretion of the competent authority to decide on the technological aspects of the reporting format and the means of communication; and
- the second set of guidelines sets out the requirements for competent authorities on data aggregation and data reporting frequency and deadlines applicable to the EBA and the ECB.
The guidelines are subject to the principle of proportionality, which means that all PSPs within scope are required to be compliant with each guideline, but the precise requirements, including frequency of reporting, may differ between PSPs, depending on their size, business model and complexity of their activities.
The deadline for comments on the consultation paper is 3 November 2017.
Both guidelines will apply from 13 January 2018.
View EBA consults on fraud reporting requirements under PSD2, 2 august 2017