PSD2 Fintech Puzzle – To Screen Scrape or Not to Screen Scrape?
The Polish Financial Supervision Authority (KNF) recently published (on 12 January 2018) a long-awaited statement relating to the “selected regulator’s expectations” as regards the interim period(s) relating to the implementation of the Payment Services Directive 2 (PSD2) in Poland.
The statement is key for banks and FinTech companies (TPPs) to understand how to operate until the full implementation of PSD2 in Poland. It also addresses the European Banking Authority’s (EBA) opinion of 19 December 2017 on the various issues resulting from the implementation of PSD2, in particular on the possibility of a “screen scraping”.
The most important points of the statement are, in my view (and in my interpretation), as follows:
- The implementation of PSD2 in Poland shall not take place on time (i.e. by 13 January 2018) but is expected in Q2 of 2018)
- Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) are likely to be published in March 2018 and, therefore, shall be applicable from September 2019
- In the interim period I (i.e. from 13 January 2018 until the Polish implementation of PSD2 comes into force), the provisions of the current Payment Services Act shall be applicable, if not contrary to the directly applicable EU law provisions (PSD2 and delegated regulation)
- KNF shall use general rules of interpretation of EU law vs. Polish law in case of conflicts
- Detailed provisions of PSD2 and delegated regulation relating to the activity of new services providers (PIS and AIS services providers) shall be applicable only after the Polish regulations implementing PSD2 enter into force
- KNF urges market players to use dedicated interfaces to communicate with TPPs, and generally supports the idea of creating a standardised API for these goals, i.e. the “Polish API” – a project conducted under the umbrella of the Polish Banking Association
- The SCA and certain other security-related precautions resulting from the RTS on SCA shall not be applicable in the interim period II (i.e. by when the RTS on SCA come into force, i.e. Q3 2019, most likely)
- KNF supports EBA’s opinion in this respect and urges Polish market players to use SCA and other precautions described in the RTS as soon as practicable, i.e. before the RTS on SCA come into force.
What is missing in the statement, in my view, is a clear position whether the screen scraping shall be allowed in Poland in the interim period(s), as suggested by the EBA in its December opinion. The Polish position on this issue is, therefore, still uncertain in my view, as based on the KNF’s previous recommendation the screen scraping has been banned for the entities regulated by KNF in Poland to date.
I will look closer into this unclear issue and will come back soon with the further opinion. Stay tuned.