As EPI May goes to print comes the news that Worldline has beaten off a rival bid from Nets’ owners Hellman & Friedman to snap up SIX.
The price (£2.0bn including debt) is at the higher end of the forecasts. SIX acquires a 27% stake in Worldline in addition to £245m in cash for its payments services division. Atos remains the largest shareholder in Worldline with a 51% stake.
The deal makes strategic sense for both parties. SIX is the payments services leader in Switzerland and has a growing presence in Austria and Germany.
SIX launched a strategic review last year with the aim of finding itself a partner to boost international expansion.
The Worldline/SIX deal follows recent rival market consolidations including Worldpay and Paysafe in 2017.
Attention will inevitably turn to other major actors on the payments stage such as Italy’s SIA. A flotation of SIA was cancelled in 2016 and has regularly been linked with fresh plans to launch an IPO.
In March, SIA’s CEO Massimo Arrighetti told Reuters that the firm was itself on the acquisition trail and looking at growth in Germany, Austria and the rest of Central and Eastern Europe.
It was to turn out to be one of Dr Arrighetti’s last major strategy statements: on 11 May he resigned as SIA CEO for personal reasons.
Identifying an approved TPP in PSD2 open banking
A key part of PSD2 open banking is that ASPSPs, or as they are more generically called Financial Institutions (FIs), must be able to have confidence in who they are giving Payment Service Users’ data too.
Under PSD2, all Third Party Providers (TPPs) will be required to obtain approved/registered status with their National Competent Authority (NCA) in accordance with Article 5 of Directive (EU) 2015/2366.
Further on obtaining approval all TPPs, other than those in the UK, are issued with an eIDAS certificate from a Qualified Trust Service Provider (QTSP). In the UK the PSD2 Stakeholder Group, managed by the New Payment System Operator has written to the Department of Business, Energy and Industrial Strategy (BEIS) on 20 March 2018 stating that the UK needs to create a QTSPs that that will issue Qualified Certificates in order to comply with EU law post 2019 and thus will issue eIDAS certificates to UK approved/registered companies.
There has been much discussion around whether FIs can use the eIDAS certificates presented to an FI as proof that they are approved by their NCA, and thus have access to end users data.
While an eIDAS certificate confirms who a TPP is, it does not prove they are still approved on the NCA database at the time of use and have not been revoked at some point after the issuance of the eIDAS certificate.
Brendan Jones CCO / Co-Founder of Konsentus makes the fair point that eIDAS certificates prove who a TPP is, but not if they are approved. The Scheme Regulatory Databases offer lists of approved TPPs, but TPPs do not have to register on them. National Competent Authorities hold lists of approved and registered TPPs, but often not in a machine readable form.
And while the EBA is creating a central machine readable database, there is no timing on when this will be available.
What does all this mean and why does it matter?
Konsentus is one to watch and may be on to a good thing here. It is providing a platform that provides consent and preference management services to facilitate FIs complying with PSD2 open banking.
Jones argues that the best way to ensure that FIs do not pass data to TPPs who are not approved/registered is to integrate, and if necessary manually check NCA databases in all 31 EEA states, as well as using the EBA central database; when it becomes available.