Article (17) Obligations relating to Service Initiation
1.
The obligations under Article 17 of this Regulation relating to Service Initiation apply only in relation to relevant Accounts and Products.
2.
Where a User gives explicit consent for a Transaction to be Initiated through a Service Initiation Provider, the Service Owner must:
2.1
communicate securely with the Service Initiation Provider in accordance with the Regulations and requirements of the Open Finance Framework;
2.2
immediately after receipt of the instruction to Initiate a Transaction for the User, provide or make available to the Service Initiation Provider all information required for the initiation of the Transaction, and subsequently display the status of the Transaction to the User, until its completion; and
2.3
treat the instruction to Initiate the Transaction in the same way as an instruction solely received directly from the User.
3.
A Service Initiation Provider must:
3.1
only provide Service Initiation in accordance with the User's explicit consent and instructions;
3.2
ensure that the User's personalised security credentials, such as PIN and/or passwords, are:
3.2.1
not accessible to other parties, with the exception of the issuer of the credentials; and
3.2.2
transmitted through secure and efficient channels.
4.
Each time it Initiates a Transaction, the Service Initiation Provider must identify itself to the Service Owner and communicate securely with the Service Owner.
5.
In providing its services the Service Initiation Provider must not use, access or store any information for any purpose except for the provision of the services explicitly requested by the User, except where necessary to comply with any applicable law of the State.