At what point does empowering individuals to be ‘masters of their own personal data destiny’ encroach on a payment service provider's legal responsibility to prevent fraud, safeguard its venture and limit criminal activity?
With all the excitement around re-authorisation, the ban on credit card surcharges and the new payment services activities, the less headline grabbing regulatory changes introduced by the second payment services directive (PSD2) have been somewhat overlooked. One of these changes relates to complaint handling.
There has been a lot of talk in the financial sector surrounding the topic of PSD2; flagging deadlines, the implications of non-compliance and the opportunities open banking presents. But what about the other industries affected by the new regulation? From the charities and even the accountancy firms that now fall under the FCA’s watchful eye? Have they been forgotten about amid the vicissitudes?
The third in my trilogy of PSD2 blogs from ‘Inside the Regulator’. However, as we are now entering uncertain and uncharted territory, in terms of firms that failed to submit applications for re-authorisation in time, my insights are more presumptive than previously.
Much of our time is, and seems always to have been, spent trying to interpret exactly what the regulations or, more importantly, the Regulator is expecting. A leading question asked by many compliance officers is, 'what do they expect of my company?'. This is often where the compliance consultant comes in.