The documents lists the 85 respondents in which you interestingly will find Apple.
Below a summary of the main points related to AIS/PIS:
- The government can confirm that, from 13 January 2018, ASPSPs will have to allow access to payment accounts for all registered or authorised TPPs, unless they have an objective reason (such as fraud) to deny access. The FCA sets out further detail on blocking TPPs for fraud in their draft Approach Document. ASPSPs will not have to provide access to unregulated or unauthorised TPPs.
- · Prior to the RTS coming into effect, registered or authorised TPPs will be able to access consumers’ accounts directly by utilising their login details (commonly known as ‘screen-scraping’), or via Application Programming Interfaces (APIs) such as those designed to the Open Banking Standard. This is in line with the PSDII, which states that all registered or authorised TPPs must be able to access accounts.
- · The government’s expectation is that the Open Banking directory and standard APIs will start to be available to TPPs for the majority of UK consumers’ current accounts from 13 January 2018. The government is of the view that this access route offers a more secure and stable interface for ASPSPs, while also creating a more competitive ecosystem for TPPs by lowering the barriers to entry. The government therefore strongly encourages TPPs to use these APIs where they are available, other ASPSPs to use the Open Banking standard APIs for their payment accounts, and the Open Banking Implementation Entity to broaden the scope of Open Banking to the full PSDII product suite in due course.
- · ASPSPs will only be expected to provide equivalent access to that available online to customers. Therefore if consumers cannot initiate a payment from their online credit card account, PISPs cannot initiate a payment either (and therefore have no right of access). Equally if there is no online account available (as is the case for many gift cards) there is no requirement for access to be provided.
- · The government maintains its view that direct debits are out of scope of payment initiation services unless this facility already exists within a user’s online payment account. The PSDII definition of payment initiation also does not extend to cancelling or amending existing direct debits or standing orders.
- · Regarding specific access routes for AIS/PIS services, the government:
o is aware that the Commission is examining the question of whether certain corporate systems, such as those operated by SWIFT and host-to-host services, should be exempt from the scope of the AIS & PIS regimes
o does not intend to explicitly carve TPMs out of the definition of AIS/PIS services, as they could be used as an access route for TPPs providing services which should be in scope.
- · Regarding which TPP needs to be authorised if there is more than one, the general rule is that the TPP which the customer has a contractual relationship with for accessing their account is the TPP which needs to be registered or authorized.
- · The government recognises the concerns of ASPSPs who are seeking compensation from a PISP (where the PISP is liable) and can confirm that ASPSPs will have a right of action against PISPs in the event they breach their regulatory obligation to refund an ASPSP for an unauthorised transaction. However, we would also encourage industry to develop a voluntary solution to better address this issue for all parties involved.