The EC wants to find out whether Polish banks blocking access to their customers’ accounts are acting in accordance with anti-monopoly regulations
The European Commission published a press release last Friday regarding banking system inspections taking place in several member states. The release doesn’t state which countries are involved but my sources say that, apart from the Polish Banking Association, inspections are being carried out in just one other country – the Netherlands.
The Commission's release states that the inspection at the Polish Bank Association was started because there is reason to believe that banks, either on their own or through the Association, participated in actions that violate anti-monopoly regulations that prohibit restrictive business practices and abusing a company's dominant market position. - These alleged anti-competitive practices are aimed at excluding non-bank owned providers of financial services by preventing them from gaining access to bank customers' account data, despite the fact that the respective customers have given their consent to such access - the release states.
Related: Alior, One of Poland's Largest Banks, Introduces Joint Offer With Telekom Romania
The Commission also underlined that the fact that it carries out such inspections does not mean that the banks or their associations are guilty of anti-competitive behavior and does not prejudge the outcome of the investigation - The Commission respects the rights of defence, in particular the right of companies to be heard in antitrust proceedings - the EC stated.
The conflict revolves around online payments based on so-called direct bank account access. The service is provided by companies such as Sofort, which is well known on the Polish market. Instead of paying for online shopping using a pay by link transfer or a payment card, the customer allows a third party company to make the transaction. Such a company will ask the customer to provide their online banking login and password and transfers the money, which the customer authorizes using, for instance, a one-time password.
Related: Polish Bank Association Targeted by Anti Monopoly Regulator and European Commission Regarding Direct Account Access
In Poland this practice is not considered to be against the law. However, the Polish Financial Supervision Authority forbid banks to use it out of concern for the customers’ money and personal information security. It seems to me that in this case, speaking colloquially, the banks have it covered. It's also worth mentioning that there is an ongoing discussion in Europe about possible ways of allowing third parties to access bank accounts while maintaining good security.
One idea is for banks to provide an API. It's a protocol that allows information systems of companies such as Sofort to safely communicate with banking systems. Such a protocol is already being worked on under the Polish Bank Association's supervision. However, providing access to bank accounts through API will make it impossible for companies such as Sofort to provide services based on the model they use today. There is unofficial chatter that this is the company that tipped the EC and caused the inspections in Poland and the Netherlands. Sofort representatives declined to comment on the issue.