Unofficial sources say that a Polish Bank Association inspection taking place this week was initiated on the European Commission's request. The EC was allegedly notified by non-banking payment service providers
According to the Association’s press office, the institution is cooperating with EC and the Office of Competition and Customer Protection representatives in the full scope of the inspection, providing necessary assistance and access to documents from the Association's office. Unofficial sources say that the Office of Competition and Customer Protection has secured the documents and computers of some of the Association's employees. At the same time the Association says that the office is working as usual and the functioning of the databases and systems it controls is uninterrupted.
The Association has said that the inspection is covering the payment area, including the access of non-banking financial institutions to customers’ individual credentials. We can assume that it means the inspection is focused on banks blocking the services of payment service providers who use direct account access. The service lets customers pay online without using their payment card data, but instead by providing banking login information that the service provider uses to quickly generate a transaction that the customer then confirms with a one-time password.
The services are not illegal, but are frowned upon by individual bank regulations that do not allow customers to give their login information to any third parties. The Financial Supervision Authority has stood up against services based on direct account access many times. Both the regulator and the banks argue that login information confidentiality is the basis of electronic banking security, bank secrecy and privacy protection.
There is an ongoing discussion in Europe about the possibility of allowing third parties to provide financial services without compromising login information security. One of the proposed solutions is for banks to offer API - an interface that allows for communication between banking systems and third party systems. The Polish Bank Association is already working on it. Unofficial sources say that this process is also under inspection of the Office of Competition and Customer Protection and the European Commission.
What we still don't know is who notified the EC and caused the inspection. German company Sofort, a subsidiary of the Swedish company Klarna, has been fighting for the possibility to provide payment services using direct account access for years. What is interesting is that in the past Sofort has had issues with bank hostility and sued banks in court or through anti-monopoly regulators. I wouldn't be surprised if it turned out the company is using the same tactic in Poland.