In order to manage sensitive and important financial data of customers in the EU, businesses have to get an appropriate PSD2 license. This license is the key certification and authorization for service providers. However, getting that license is no easy task and the process might take a lot of money and time. This is a short and very simple guide that will cover the basics of getting a license of the second payment services directive.
Where to start?
To be eligible for a license, you have to have a base for application. This means that you need to provide some kind of financial services. In order to be an eligible market participant, you need to hand in an application to your local PSD2 licensing organization. Depending on your location, the general requirements can slightly vary, but the rough guidelines are dependent on the EU’s very own PSD2 and GDPR, meaning that the core essence is roughly the same.
For 1st timers, it’s always suggested to have outside consultants and impartial 3rd parties helping you and guiding you through the process of getting a PSD2 license.
What is the process of obtaining a license?
Well, as mentioned, first you have to apply for a license. Once you’ve applied, you need to wait for a response from the governing body. They need time to analyze your application and verify whether you truly meet the criteria set out by the ECB.
They evaluate your business plan and other reports against the industry standard and legal obligations. If at least one point is deemed to be in an unsatisfactory state, the legislator may deny your application and you’ll need to re-do things from scratch. Sometimes, the legislators, after review, might ask for clarification and/or more details to be provided. Nevertheless, if everything follows the books, it is approved and you can move forward.
Depending on the business of the legislator and the general streamlining of the process, it can take anywhere from a few weeks up to a whole year (including alterations) to obtain this license.
What are the requirements?
First and foremost, your business must have a technological foundation to securely and safely manage sensitive client info, according to regulatory standards.
Furthermore, you need a solid business plan that explains every process and the technical details behind it.
Your firm (whether new or old) must also possess a clean legal record in terms of financial fraud. In addition, if the people heading the PSD2 license application have already been decided to be guilty in financial crime, the likeness of getting that license can significantly diminish.
Other than that, the developers are free to present and try and craft all sorts of new tech and solutions. More often than not, legislators are really cheerful towards innovation and look for ways to encourage competition and progress instead of haltering it. However, you must understand that in any way, shape or form they can allow even the tiniest compromise or increased risk to the security of personal financial data of customers.