'License as a Service' - PSD2 solution powered by figo
With RegShield, figo plans to help third parties with new authorization requirements
13 January 2018 was the day that the PSD2 became a reality and thus EU member states must comply. In addition to this, BaFin confirmed it on 5 December 2017 as part of the conference "Payment services in the field of digitalization and security needs": 'Licence as a Service' models are basically possible under the Payment Services Directive 2 (PSD2)! This means: companies that offer or use payment initiation and account information services (PISP/AISP) today can also seek a regulated partner for this purpose under certain circumstances. For 2018, figo is aiming for its own payment institution licence (PISP and AISP) and plans to be a reliable 'Licence as a Service' partner in the market with the service product 'RegShield'. figo partners will not have to apply for their own authorization!
figo as a reliable partner for third parties
The road to your own BaFin permit is anything but trivial. An extensive catalog of requirements must be fulfilled - and not just once when the application is submitted, but during ongoing business operations. This costs time and money - resources that especially small businesses like FinTech start-ups can not afford easily. Large companies, on the other hand, face the difficulty of adapting internal processes to new regulatory requirements as a whole, or of delimiting parts that are relevant to supervision in an acceptable manner. At this point figo's RegShield will be used in the future! As a service provider, figo plans to assume responsibility for all relevant processes and licensing requirements in this model. This service gives third parties the freedom to focus on their core products.
Important: In the final analysis, BaFin will decide on registration and licensing requirements on an individual basis!
Implementation of PSD2 is imminent and the licence application period for companies is tight. So it is particularly alarming that many companies do not even know that they will soon be subject to authorization, let alone when.
Cornelia Schwertner, Head of Governance, Risk & Compliance at figo
Some of the requirements necessary for authorization, and that will be part of figo's RegShield
PSD2-compliant customer processes
Execution of internal audits to prepare for external examinations
Setup of governance and security policies
Management of security incidents
Regulatory and compliance expertise
Outsourcing controlling
Business continuity management
Important: Registration as an AISP, which is communicated as a "simplified form of permission" is, with few exceptions, subject to the same catalog of requirements as a PISP.
What companies does figo's RegShield target as the PSD2 solution?
In Germany, figo's offer is addressed to all companies that themselves have to apply for authorization as PISP or AISP under the Payment Services Supervision Act (ZAG). Only then can they offer their services as of 2018 - following national implementation of PSD2 (or from the end of 2019, if they were active before January 2016). Under conditions to be accepted by BaFin, figo can help with this.
Being touched by authorization requirements is a certainty for any company that can answer the following questions with a yes: Do I offer an online service that includes display or processing of account information?, Does my service enable transactions on my customers bank accounts? or Do I need online banking login information for my product or service?
André M. Bajorat, figo CEO
RegShield is based on a contract model with three parties
The primary objective of financial supervision is to ensure a stable and sound financial system that consumers and businesses can trust. As a result, beginning in 2018, BaFin will supervise companies which have contracts account holders for access to payment accounts as PISP/AISP. With a specially-developed contract model, figo wants to ensure that third parties operate outside the PSD2 range.
