One for #emoney firms to take note of whether authorised in the UK or Ireland, and indeed throughout the EU.

This relates to the UK FCA finding that, in order to protect consumers, three clauses in an authorised and regulated regulated #fintech company's T&Cs (in the EU referred to as the Framework Contract) fell short of the Consumer Rights Act 2015.
 
On 4 October 2023, the FCA published a Notice of Undertaking (the “Undertaking”) agreed with Wirex Limited (FRA #902025), citing the following T&Cs with:
 
1) Excluding liability as a result of account suspension. This provision excluded the firm’s liability for any losses suffered by consumers, should the firm suspend their account in accordance with the provision, irrespective of the circumstances. The FCA considered this to be unfair under the Act as it permitted the firm to deny consumers compensation to which they may otherwise be entitled due to such a suspension, even if the firm had caused the relevant loss.
 
2) Limitation of compensation available to consumers. The T&Cs purported to limit the sum of compensation a consumer was entitled to receive in the event of a loss to the sum the consumer had paid to the firm in the year prior to making the claim. The FCA considered that this term derogated from the position under national law, as it limited a consumer’s right to obtain the proper amount of compensation in the event of a contractual breach by the firm. The FCA considered that the firm could not reasonably assume a consumer would have agreed to such a term in individual negotiations, because a consumer would most likely expect that if the firm had done something wrong and caused them loss, they would be entitled to commensurate compensation regardless of what they had paid to the firm.
 
3) Exclusion of commitments that may be implied by law. The T&Cs included a term that enabled the firm to exclude any commitments that may be implied by law, to the extent that it was permitted to do so. The FCA was concerned that this provision lacked adequate transparency, as consumers were unlikely to be aware of the extent to which the firm would be able to exclude their liability under obligations implied by law.
 
Wirex Limited has:

• agreed to remove all 3 terms from its e-money contracts with consumers from 1 January 2024;
• agreed to not use these 3 terms (or similar terms with the same effect) in its future contracts with consumers;
• told the FCA that the terms have been in use since October 2021;
• told the FCA that it has not relied on the 3 terms in an unfair way in practice;
• fully cooperated with the FCA in resolving its concerns.

According the FCA's register, Wirex Limited has been an "Authorised Electronic Money Institution" since 17/08/2018.

Further reading:

• FCA published a Notice of Undertaking agreed with Wirex Limited
• Peter Oakes Linkedin Post

Friday 20th January 2023: Central Bank of Ireland (CBI) issued a Dear CEO letter to the fintech industries of electronic money institutions and payments institutions.  The purpose is to reaffirm the CBI's supervisory expectations built on its supervisory experiences, both firm specific and sector wide, and enhance transparency around its approach to, and judgements around, regulation and supervision.

If you are looking to get authorised as an electronic money or payments institution in Ireland, contact us.  We are working with a number of such applicants and we advise those already authorised on their on-going regulatory obligations, business models and strategy.  See our Authorisation Page with links to useful Authorisation Guides. 

Busy start to the year with enquiries from UK, Asia and the US continuing to roll in about the benefits, opportunities and challenges of establishing a EEA regulated presence in Ireland, particularly for #emoney and #payments. While Ireland is in the top three of the final round, there remains stiff competition (so to speak) from two other leading jurisdictions.
​
Thus it was good to see, , as I am sure others will agree, the Central Bank of Ireland most recent Dear CEO letter issued to emoney and payments institutions on Friday 20 January 2023 by Mary-Elizabeth McMunn, Director of Credit Institutions Supervision. It will help provide greater clarity not only to currently authorised emoney and payments firms, but also those in the authorisation pipeline and those thinking of filing in Ireland.

It is a meaty document at 5,168 words across eleven (11) pages. Download a copy of the letter and additional relevant reading material here - https://complireg.com/blogs--insights/2023-dear-ceo-letter-re-supervisory-findings-and-expectations-for-payment-and-electronic-money-e-money-firms
​
If you wish to get a quick understanding of the letter in terms of your regulatory obligations search the words 'we expect'. You will see those appear eleven (11) times too!

Right now, best to mark in your calendar and work backwards, that an audit opinion on safeguarding, along with a Board response on the outcome of the audit, is to be submitted to the CBI by 31 July 2023. And it is not just a case of ringing your current external auditors and appointing them.  

• Emoney and payments firms will need to demonstrate that they exercised due skill, care and diligence in selecting and appointing auditors for this purpose; including satisfying themselves that the proposed auditor has, or has access to, appropriate specialist skill in auditing compliance with the safeguarding requirements under the PSR/EMR taking into account the nature, scale and complexity of the firm's business.  Let the beauty parades begin.  And so it should be the case!
• The auditor is to provide an opinion confirming:
  "whether the firm has maintained adequate organisational arrangements to enable it to meet the safeguarding provisions of the PSR/EMR on an ongoing basis, with the specific areas, at a minimum, that should be subject to review and assurance by the auditor outlined in Appendix 2 of the Dear CEO Letter.

The purpose of the letter is to reaffirm the CBI's supervisory expectations built on its supervisory experiences, both firm specific and sector wide, and enhance transparency around our approach to, and judgements around, regulation and supervision.


The breakdown of the letter is as follows:

(1)      Supervisory Approach for the Payment and E-Money Sector (provides wider and specific context to our supervisory approach).

(2)      Supervisory Findings (key findings from supervisory engagements over the last 12 months and actions the CBI expects firms to undertake)
➡ Safeguarding;
➡ Governance, Risk Management, Conduct and Culture;
➡ Business Model, Strategy and Financial Resilience;
➡ Operational Resilience and Outsourcing; 
➡ Anti-Money Laundering and Countering the Financing of Terrorism;

• ♻ Risk-Based Approach,
• ♻ Distribution Channels, 
• ♻ Electronic Money Derogation and Simplified Due Diligence

(3) Conclusion and Actions Required (CBI's expectation that this letter is provided to and discussed with your Board, and any areas requiring improvement that directly relate to your firm are actioned).

Next Steps:

Get in contact with Peter Oakes / CompliReg. Founded by the CBI's inaugural Director of Enforcement and AML/CFT Supervision & board director of payments, emoney and MiFID companies. Peter is also a former: FSA (now FCA) enforcement lawyer; senior officer (legal) at ASIC; and adviser to the deputy director of banking at SAMA.


Further Reading:

10 December 2021: Authorisation Guidance and Supervisory Expectations for Payment and Electronic Money Firms (Central Bank of Ireland)
09 December 2021: Central Bank of Ireland Dear CEO Letter on Supervisory Expectations for Payment and Electronic Money (E-Money) Firms

Are you looking for the Report on the Peer review on Authorisation under PSD2 released today by the European Banking Authority?  Click here or the image above to download it in PDF format.

If you are struggling with an application for an electronic money or payments institution authorisation in Europe, contact us here and/or complete the Authorisation/Licence Enquiry Form here.

If you are looking at becoming authorised in Ireland as an emoney institution or payments institution check out Fintech Ireland's and CompliReg's authorisation guides here.

Some good supervisory practices observed during the analysis that might be of benefit for other CAs to adopt.

• publishing guidance to clarify the requirements CAs expect applicants must meet;
  
• comparing applicants’ forecasts against data from existing similar PIs/EMIs to inform the CAs’ assessment of the plausibility of the financial forecasts;
  
• making use of existing EBA and EBA/ESMA guidelines under the Capital Requirements Directive to assess independence of the internal control functions and suitability of the directors and persons responsible for the management of PIs and EMIs. The report also recommends that, as part of any future review of the Guidelines, the EBA provides more guidance on how the proportionality principle should be applied in assessing the suitability of shareholders having a qualifying holding in an applicant’s capital.

The report expands on the recommendations included in the EBA’s response to the European Commission on the review of the PSD2 (EBA/Op/2022/06) and recommends that, as part of its ongoing PSD2 review process, the European Commission:

• clarifies the delineation between the different categories of payment services as well as emoney issuance;
  
• clarifies the applicable governance arrangements for PIs and EMIs;
  
• clarifies the criteria that CAs should use in assessing the suitability of directors and persons responsible for the management of PIs and EMIs;
  
• mandates the EBA to develop a common assessment methodology for granting authorisation as a PI or as an EMI; and
  
• clarifies the requirements that applicants must meet in order to ensure sufficient local substance, leveraging on the best practices mentioned this report.

The objectives of this report are to:

• further strengthen consistency and convergence of the assessment of applications for authorisations of PIs and EMIs across the EEA; and
  
• assess whether the EBA Guidelines have achieved their aim of bringing about consistency and clarity in respect of the information that applicants have to submit as part of an application for authorisation and of contributing to harmonisation in the authorisation process and to a level playing field across the EEA. 

This report is also a partial fulfilment of the mandate conferred by the PSD2 on the EBA to review the Guidelines “on a regular basis and in any event at least every 3 years” (Article 5(5) PSD2).

The peer review was performed by a Peer Review Committee of EBA and CA staff (see Annex 1 for the composition) and covered the CAs from all EU Member States and from two EEA States, as detailed in Annex 2. One EEA CA (IS) was not reviewed because it has only recently implemented the PSD2 and did not receive any application for the authorisation of PIs and EMIs in the period analysed (2019-2021). [CompliReg - not sure if IS is a typo, and should be 'SI' for Slovenia?]

The analysis has been conducted based on the CAs’ responses to a self-assessment questionnaire (SAQ), which covered a three-year period from 1 January 2019 to 31 December 2021. Where necessary, the PRC followed up with the CAs in writing seeking further clarifications and explanations. The PRC also conducted interviews with a subset of 10 CAs (BG, DK, ES, PL, PT, MT, NL, IT, LT and SE) to gain a better understanding of their supervisory practices.

Page 51, para 171 "5. Conclusions and recommendations" sates:

​"​With regard to the timeliness of the authorisation process, the review found that, while all CAs comply with the requirement in Article 12 PSD2 to take a decision on an application within 3 months from receiving a complete application, the average duration of the authorisation process varies significantly across MS, ranging from 4-6 months to +20 months. The main reason for this is the quality of applications and applicants’ timeliness in addressing the issues identified with the application. The PRC also identified a number of other reasons for these variations in duration across CAs, which include different timelines set out in national law and different procedural approaches adopted by CAs in the acceptance and assessment of applications."

[CompliReg - no doubt, and there is merit here, many firms will struggle with the EBA's finding that "all CAs comply with the requirement in Article 12 PSD2 to take a decision on an application within 3 months from receiving a complete application".]

The Peer reviews were carried out by ad hoc peer review committees composed of staff from the EBA and members of competent authorities, and chaired by the EBA staff.

This peer review was carried out by:

• Co-chairs: Jonathan Overett Somnier Head of Legal and Compliance Unit, EBA and Larisa Tugui Senior Policy Expert, Consumer, Payments and Conduct Unit, EBA
• Members: Adrienne Coleton Legal Expert, Legal and Compliance Unit, EBA; Antonio Barzachki Senior Policy Expert, Consumer, Payments and Conduct Unit, EBA; Gabriel Bosch Senior Expert Specialised institutions and procedures, Autorité de contrôle prudentiel et de resolution; Carolin Kopyto Senior Advisor, Directorate ZK (Supervision of Payment Institutions and Crypto Custody Business), BaFin; and Reinout Temmerman Payments Advisor, Surveillance of financial market infrastructures, payment services and cyber risks, National Bank of Belgium 

This post is a follow up post to last week's one  (8 December 2021) where we released data on the Top 5 European Union member states for electronic money institution (EMI) authorisations. You can find those posts here - CompliReg blog here and Linkedin post here. 

​Which are the Top 5 European Union member states for #paymentinstitutions (#API) authorisations? Read on, you may be surprised. #fintechfunfacts #fintechfriday

This post is a follow up to last week's one (8 December 2021) when CompliReg released data on the Top 5 European Union member states for electronic money institution (EMI) authorisations. You can find those posts at CompliReg https://lnkd.in/eimmnhup & Linkedin https://lnkd.in/e_JwinjJ.

There are 774 APIs authorised in the European Economic Area.*

Following the United Kingdom's exit from the European Union, the crown for the home of the largest number of APIs lands on the head of Germany (9.7%) followed by The Netherlands (9.3%), France (9.2%), Spain (7.8%) with Sweden (7.2%) rounding out the Top 5. Lithuania, the undisputed leader of EMI authorisations, came in at 8th place at 6.2%. 

Given that EMIs can provide payment services too, I don’t think Lithuania will be viewing today’s release as anything but positive for its overall ecosystem.

We will publish data combining both #EMIs and #APIs very shortly in order to give a more holistic picture of where the majority of these #fintech firms are authorised in the #EEA. That post will arguably provide the final word on Europe’s top spot for the highest number of such authorisations.

Had the UK not left the European Union, it would be the undisputed king of #payment firms, just as it would have been for #emoney institutions.

Let us know if this information is interesting and your thoughts. Are you surprised by the split? Did you expect Sweden to make the Top 5? Are you surprised that when it comes to authorised #paymentservices firms, the EMI leader board is not replicated?

And of course, if you need assistance with your fintech authorisation, please get in contact (that's the advertisement piece!). CompliReg supports:

* https://lnkd.in/eqiNpFdZ
* https://FintechMalta.com,
* https://FintechIreland.com,
* https://FintechCyprus.com,
* https://FintechUK.com

and soon a new Fintech France website!


* Data based on European Banking Authority records published 8th December 2021.

Linkedin Post here  - https://www.linkedin.com/posts/peteroakes_paymentinstitutions-api-fintechfunfacts-activity-6877591088606007296-N9xp 

On Tuesday 18th May 2021, the UK Financial Conduct Authority issued a Dear CEO Letter to Electronic Money Institutions headed "Please act: ensure your customers understand how their money is protected."

You can read a copy of the letter here.

Some interesting excerpts from the letter below:

What is the UK FCA concerned about?:

• "We are concerned that many e-money firms compare their services to traditional bank accounts or hold themselves out as an alternative in their financial promotions, but do not adequately disclose the differences in protections between e-money accounts and bank accounts. In particular, they do not make it clear that Financial Services Compensation Scheme (FSCS) protection does not apply." 

 

• "We are still concerned that many e-money firms are not adequately disclosing the differences in protections between their services and traditional banking, in particular, that FSCS protection does not apply."

 

• "We are also concerned that firms are giving a potentially misleading impression to customers about the extent to which products or services are regulated by the FCA."

Action expected of emoney firms by the FCA:

1. "you write to your customers within six weeks of the date of this letter [Ed - i.e. 18 May 2021] to remind them of how their money is protected through safeguarding and that FSCS protection does not apply."
2. "draw this letter to the attention of your Board."
3. "expect the Board to have considered the issues we have raised here and to have approved the action taken in response." 

Note the FCA point that the communication to customer be separate from any other messaging or promotional activity. And that the FCA expects emoney firms to consider the appropriate method(s) of communication based on their business model and customer base, including any vulnerable customers. 

Why should emoney action the letter?:

Because the FCA intend to follow up, with a sample of firms, to assess the actions taken. 

Contact the team at CompliReg if you require assistance. 

You can read a copy of the letter here.

Some choice headlines in the papers about Brexit in the past week as we - according to Brexit Ireland's countdown to Brexit clock - just little more than 33 days before 11p.m. (UK time) on Thursday 31st December 2020 when the Brexit transition period ends with no deal on financial services in sight.

This week sees the EU negotiating team returning to London after face-to-face talks came to end more than a week ago after Mr Bariner's team was hit by a case of Covid.  They will be greeted by headiness such as: ​UK dismisses ‘derisory’ EU fishing offer ahead of last-ditch trade talks; 
Europe’s finance sector hits ‘peak uncertainty’ over Brexit; and The City braces for Brexit.

One thing we are still very surprised by is the many in #fintech, #techfin and indeed #finserv (and scarily their advisers) who think that recent news on 'equivalence' deals are applicable to all UK #finserv which passport across the European Union / EEA.

The announcement on Monday 23rd November by the European Commission was simply and specifically about European regulators finalising a late change seeking to avoid chaos in £15tn of derivatives contracts held between UK and EU counterparties. Then on Wednesday 25th, they insisted outposts of EU banks in London would have to trade certain derivatives in the EU.

Back in August 2020 the European Parliament reminded that "Equivalence decisions are a unilateral decision by the Commission. The Commission ultimately exercises its discretion as conferred upon it by the “empowerment” given in EU sectoral legislation.'' BUT MORE IMPORTANTLY "The Commission also enjoys discretion to withdraw equivalence decision. The equivalence frameworks in force do not provide as such specific procedures for monitoring, reviewing or amending equivalence decisions."

There are no equivalence provisions in EU bank, payments nor electronic money directives, and the equivalence provision in MiFiD doesn't apply to retail investment services. See the below table on the 'Role of equivalence in key EU banking and financial services legislation' for confirmation.

The upshot is that if you are a UK authorised payments institution or electronic money intuition, come Thursday 31st December 2020 when your ability to passport across the whole of European Economic Area comes to an end, so too does your business model unless you have obtained an authorisation in an EU/EEA state.  There are are other options available but we'll leave that for another article. 

​If you are a regulated fintech looking for a home post #brexit contact https://complireg.com/authorisations.html.  Read our Fintech Authorisation Guides published jointly by CompliReg and Fintech Ireland on the authorisation process.  And check out the 'Why Ireland for Fintech' brochure.

Why Ireland for your regulated fintech? 

• tax effectiveness
• common law legal system
• similarities to the UK in Irish approach to business
• access to world leading talent in financial services and technology
• reputation of the Central Bank / regulator 
• growing recognition of Ireland as an international fintech hub thanks to the work of the Irish government, its agencies and groups like Fintech Ireland. 

Further reading:

​26 November 2020 - Move to EU or face disruption, City of London is warned

• British financial firms must set up shop in the European Union or expect disruption on January 1st, the European Commission has warned, as it is unlikely to grant the required equivalency permit to ease access to the bloc’s customers by the end of the year.

27 August 2019 - "Third country equivalence in EU banking and financial regulation"

• This briefing provides an insight into the latest developments on equivalence in EU banking and financial regulation both in terms of governance and decision making (Section 1) and in terms of regulatory and supervisory frameworks that governs the access of third countries firms to the internal market (Section 2). The briefing also gives an overview on the possible role of equivalence regimes in the context of Brexit (Section 3) together with Brexit-related supervisory and regulatory issues (Section 4). This briefing is an updated version of a briefing published in April 2018. 

29 July 2019 - Financial services: Commission sets out its equivalence policy with non-EU countries

​12 July 2017 - "Third-country equivalence in EU banking legislation"

• This briefing focuses on the concept of equivalence in EU banking legislation and notably on the difference between “passporting” rights and “third-country equivalence” rights. It gives an overview of existing equivalence clauses in some key EU banking and financial legislation and of equivalence decisions adopted by the European Commission to date.

CompliReg is proud to power the Official Fintech Ireland Map 2020.

We are now powering the Regulated Fintech Ireland Map version 2 which showcases the regulated payment services directive and electronic money directive firms authorised by the Central Bank of Ireland.  Joining this Map in 2020 are the first of two - hopefully many more to come - e-money firms, Squareup International Limited  ("Square") and MoneyCorp. 

Ireland now has:

• 18 authorised payments firms,
• 3 registered AISPs, and
• 14 authorised emoney firms.

In addition to issuing emoney, Square is authorised to provide payment services number 3b (execution of payment transactions through a payment card or a similar device) and number 5 (issuing of payment instruments and/or acquiring of payment transactions).  

Although Moneycorp is yet to appear on the Central Bank of Ireland register, Moneycorp confirmed to us that it is also authorised to provide payment services 3b, 5 and in addition 3c (execution of credit transfers, including standing orders).  Moneycorp has been fairly busy. In addition to its emoney authorisation, it also secured a MiFID authorisation.  By the way, AFEX which was authorised as payments institution in 2019 also secured a MiFID licence. Expect to see more firms seek both an emoney/payments authorisation together with a MiFID one.

Moneycorp’s Dublin office, which opened in 2013, has operated as a branch of its UK regulated entities, saying that as part of Moneycorp’s strategic response to Brexit and wider market developments, it has now secured its e-money and MiFID licences from the Central Bank of Ireland for a newly established Irish company.  Bryan McSharry, chief executive of Moneycorp’s European business, said the licences ensured it could “continue to support our existing customer base, continue to grow our business in Ireland and expand our business across the EU in a post-Brexit environment”.

​
They are:
Payments Firms:
AIB Merchant Services, Western Union, Fexco, CurrencyFair.com, TransferMate Global Payments, #Fire, CUSOP (Payments) Ltd, #PrimaFinance, Avantcard, Barclaycard, #Chasepaymentech, Google Pay, #smallworld, AFEX, BUREAU BUTTERCRANE LTD, Remitly, J.P. Morgan, Circit.io, Xpress Money, CRIF & Finclude (fka. Verge.Capital)
​
Emoney Firms:
EML, Facebook, Soldo, Optal, Paysafe Group, paysafecard.com, Prepaid Financial Services Limited (PFS), #foreigncurrencydirect, Stripe, Coinbase. One4all Group, Payoneer, Square and Moneycorp.

Congratulations Moneycorp and Square and welcome to the thriving regulated Irish fintech ecosystem.

If you are looking to get authorised in Ireland as an emoney or payments firm, see these Authorisation Guides. 

Read Moneycorp's press release below.

​Moneycorp secures its E-Money and MiFID licences in Ireland
 
New Irish entity, licenced by Central Bank of Ireland, to drive expansion across EU
 
Moneycorp to build on €3 billion of transactions executed for Irish clients in 2019
 
Dublin, 1 July 2020 | Moneycorp Group, the global foreign exchange and payments business has been granted its Electronic Money Institution (E-Money) and MiFID licences by the Central Bank of Ireland (CBI), further bolstering its offering and expansion in the European Union (EU).
 
Moneycorp is one of the world’s largest specialist foreign exchange companies, serving corporates and individuals across multiple channels since 1979. Headquartered in London, Moneycorp opened its Dublin office in 2013 to provide corporate clients with foreign exchange and payment services over its market leading on-line platform as well as directly from its Dublin dealing room.
 
Since launch, the Dublin office has operated as a branch of the Group’s UK regulated entities, however, as part of Moneycorp’s strategic response to Brexit and wider market developments, it has now secured its E-money and MiFID licences from the CBI for a newly established Irish company; Moneycorp Technologies Limited (MTL).
 
Bryan McSharry, CEO of Moneycorp’s European business, said: “We are delighted to have secured both E-money and MiFID licences from the Central Bank of Ireland. This ensures we can continue to support our existing customer base; continue to  grow our business in Ireland; and expand our business across the EU in a post Brexit environment.”
 
“Since launching in Dublin in 2013, we have built a strong corporate and individual customer base of Irish clients – based on our ability to provide best in class foreign exchange services across our market-leading technology platform. We completed €3 billion of transactions for Irish clients in 2019 and we will build on that in 2020 and beyond. Our CBI licences will enable us to continue to expand our business and headcount in Ireland and offer our market-leading service to a vastly increased customer base across the EU.”
 
About Moneycorp Group
Moneycorp Group is a global foreign exchange and payments business with offices in the UK, USA, Brazil, Hong Kong, Spain, Gibraltar, Romania, Australia, the UAE and Ireland.
 
With a forty year record of outstanding customer service, today the Moneycorp group serves the growing foreign exchange and payments needs of global businesses, importers and exporters as well as personal clients.
 
W:          www.moneycorp.com                                   L:             linkedin.com/company/moneycorp/
T:            @moneycorp                                                    I:             instagram.com/moneycorp/