Danish FSA issues statement on its interpretation of "account information services"

By Scott McInnes, Ivan Sagál, Annette Nielsen, Kristiina Lehvilä, Cathie Rosalie Joly, Dr. Michael Jünemann, Konrád Siegler, Stefano Febbi, Karen Berg, Slawomir Szepietowski, Adrian Calvo, José Luis Lorente Howell, Hans Svensson, Guadalupe Sampedro, Trystan Tether

02-2019

On 30 January 2019, the Danish Financial Supervisory Authority ("Danish FSA") issued a statement on its interpretation of account information services ("AIS") under the Danish payments act no. 652 of 8 June 2018 ("Danish Payments Act") transposing directive 2015/2366 (EU) on payment services in the internal market ("PSD2"). The Danish FSA has issued the statement as it has experienced that a number of unregulated service providers have expressed doubt as to whether their activities are considered AIS requiring a license under the Danish Payments Act.

In the Danish Payments Act, AIS is defined as "a service to provide consolidated information on one or more payment accounts held by the payment service user with either another payment service provider or with more than one payment service provider". The AIS definition in the Danish Payments Act is identical to the AIS definition in PSD2, except for the fact that AIS in the Danish Payments Act is defined as "a service" and not "an online service" as in PSD2. The statement from the Danish FSA does not specifically address whether "services" or only "online services" are considered AIS under the Danish Payments Act. Based on the wording of the AIS definition in the Danish Payments Act, all services and not only online services are considered AIS under the Danish Payments Act. Thus, the definition of AIS is broader under the Danish Payments Act than under PSD2.  

According to the Danish FSA, the following three elements must as a minimum by present in order for a service to constitute AIS under the Danish Payments Act:

  1. The account information service provider ("AISP") must collect information from the payment service user's payment account held with either another payment service provider or with more than one payment service providers, which is accessible online;
  2. The AISP must process account information and consolidate the account information on a high or low level of aggregation or detail; and
  3. The AISP must present the account information to the payment service user.

Ad 1: Collecting information from the payment service user's payment account

The first element to consider according to the Danish FSA is whether a service provider collects information from the payment service user's payment account held with either another payment service provider or with more than one payment service provider. The Danish FSA considers a service provider to be collecting account information if (i) the account information stems from the payment service user's payment accounts, and (ii) the service provider collects the account information.

According to the Danish FSA, a service provider collecting information from an account that is not a payment account is not providing AIS under the Danish Payments Act. The Danish FSA refers to the Advocate General E. Tanchev's statement in the ING Austria case (C-191/17). As set out in para 29, the key factor in determining whether an account is a payment account is the ability to perform daily payment transactions from such an account.

The Danish FSA, does not consider a services based on account information from accounts held with the service provider itself as AIS under the Danish Payments Act. Further, the Danish FSA does not consider services based on account information received by the service provider directly from the payment service user and not from the account servicing payment service provider ("ASPSP") as AIS under the Danish Payments Act.

Ad 2: Processing and consolidating the information

The second element to consider according to the Danish FSA is whether the service provider processes account information and consolidates such account information on a high or low level of aggregation or detail.

In the determination of whether a service provider processes account information, the Danish FSA uses the definition of processing in the General Data Protection Regulation 2016/679 (EU) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("GDPR") being "any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction".    

The Danish FSA considers consolidated as meaning compiled with the purposes of giving the payment service user an overview of his/her financial situation.

Ad 3: Presenting the account information to the payment service user

Finally, the third element to consider according to the Danish FSA is whether the service provider presents the account information to the payment service user.

According to the Danish FSA, present shall be interpreted broadly as it will depend on the agreement between the payments service user and the AISP how the account information is made available to the payment service user. Account information that is simply collected and processed with the purpose of carrying out e.g. a credit assessment without being present to payment service user is not an AIS under the Danish Payments Act.

The Danish FSA considers account information to be presented to the payment service user not only where a budget or other written overview of the payment services user's account information is prepared but also other types of presentations via different types of medias. This could be if the payment service user receives a message or other type of notification when a specific transaction occurs on the payment service user's payment account. The latter could according to the Danish FSA be a light or audio indicator associated with a specific transaction on the payment service user's payment account provided that it is clear to the payment service user exactly what account information that is associated with such light or audio indicator.

The Danish FSA emphasizes that the regulation on AIS is still new and that it will adapt its interpretation of AIS to the extent that it deviates from guidelines from the European Banking Authority (EBA), the European Commission or otherwise required.

Read more at the Danish FSAs website (in Danish): https://www.finanstilsynet.dk/Lovgivning/Information-om-udvalgte-tilsynsomraader/Betalingstjenester-og-e-penge/Orientering-om-fortolkning-af-definitionen-kontooplysningstjenester