Friday 20th January 2023: Central Bank of Ireland (CBI) issued a Dear CEO letter to the fintech industries of electronic money institutions and payments institutions.  The purpose is to reaffirm the CBI's supervisory expectations built on its supervisory experiences, both firm specific and sector wide, and enhance transparency around its approach to, and judgements around, regulation and supervision.

If you are looking to get authorised as an electronic money or payments institution in Ireland, contact us.  We are working with a number of such applicants and we advise those already authorised on their on-going regulatory obligations, business models and strategy.  See our Authorisation Page with links to useful Authorisation Guides. 

Busy start to the year with enquiries from UK, Asia and the US continuing to roll in about the benefits, opportunities and challenges of establishing a EEA regulated presence in Ireland, particularly for #emoney and #payments. While Ireland is in the top three of the final round, there remains stiff competition (so to speak) from two other leading jurisdictions.
​
Thus it was good to see, , as I am sure others will agree, the Central Bank of Ireland most recent Dear CEO letter issued to emoney and payments institutions on Friday 20 January 2023 by Mary-Elizabeth McMunn, Director of Credit Institutions Supervision. It will help provide greater clarity not only to currently authorised emoney and payments firms, but also those in the authorisation pipeline and those thinking of filing in Ireland.

It is a meaty document at 5,168 words across eleven (11) pages. Download a copy of the letter and additional relevant reading material here - https://complireg.com/blogs--insights/2023-dear-ceo-letter-re-supervisory-findings-and-expectations-for-payment-and-electronic-money-e-money-firms
​
If you wish to get a quick understanding of the letter in terms of your regulatory obligations search the words 'we expect'. You will see those appear eleven (11) times too!

Right now, best to mark in your calendar and work backwards, that an audit opinion on safeguarding, along with a Board response on the outcome of the audit, is to be submitted to the CBI by 31 July 2023. And it is not just a case of ringing your current external auditors and appointing them.  

• Emoney and payments firms will need to demonstrate that they exercised due skill, care and diligence in selecting and appointing auditors for this purpose; including satisfying themselves that the proposed auditor has, or has access to, appropriate specialist skill in auditing compliance with the safeguarding requirements under the PSR/EMR taking into account the nature, scale and complexity of the firm's business.  Let the beauty parades begin.  And so it should be the case!
• The auditor is to provide an opinion confirming:
  "whether the firm has maintained adequate organisational arrangements to enable it to meet the safeguarding provisions of the PSR/EMR on an ongoing basis, with the specific areas, at a minimum, that should be subject to review and assurance by the auditor outlined in Appendix 2 of the Dear CEO Letter.

The purpose of the letter is to reaffirm the CBI's supervisory expectations built on its supervisory experiences, both firm specific and sector wide, and enhance transparency around our approach to, and judgements around, regulation and supervision.


The breakdown of the letter is as follows:

(1)      Supervisory Approach for the Payment and E-Money Sector (provides wider and specific context to our supervisory approach).

(2)      Supervisory Findings (key findings from supervisory engagements over the last 12 months and actions the CBI expects firms to undertake)
➡ Safeguarding;
➡ Governance, Risk Management, Conduct and Culture;
➡ Business Model, Strategy and Financial Resilience;
➡ Operational Resilience and Outsourcing; 
➡ Anti-Money Laundering and Countering the Financing of Terrorism;

• ♻ Risk-Based Approach,
• ♻ Distribution Channels, 
• ♻ Electronic Money Derogation and Simplified Due Diligence

(3) Conclusion and Actions Required (CBI's expectation that this letter is provided to and discussed with your Board, and any areas requiring improvement that directly relate to your firm are actioned).

Next Steps:

Get in contact with Peter Oakes / CompliReg. Founded by the CBI's inaugural Director of Enforcement and AML/CFT Supervision & board director of payments, emoney and MiFID companies. Peter is also a former: FSA (now FCA) enforcement lawyer; senior officer (legal) at ASIC; and adviser to the deputy director of banking at SAMA.


Further Reading:

10 December 2021: Authorisation Guidance and Supervisory Expectations for Payment and Electronic Money Firms (Central Bank of Ireland)
09 December 2021: Central Bank of Ireland Dear CEO Letter on Supervisory Expectations for Payment and Electronic Money (E-Money) Firms

Are you looking for the Report on the Peer review on Authorisation under PSD2 released today by the European Banking Authority?  Click here or the image above to download it in PDF format.

If you are struggling with an application for an electronic money or payments institution authorisation in Europe, contact us here and/or complete the Authorisation/Licence Enquiry Form here.

If you are looking at becoming authorised in Ireland as an emoney institution or payments institution check out Fintech Ireland's and CompliReg's authorisation guides here.

Some good supervisory practices observed during the analysis that might be of benefit for other CAs to adopt.

• publishing guidance to clarify the requirements CAs expect applicants must meet;
  
• comparing applicants’ forecasts against data from existing similar PIs/EMIs to inform the CAs’ assessment of the plausibility of the financial forecasts;
  
• making use of existing EBA and EBA/ESMA guidelines under the Capital Requirements Directive to assess independence of the internal control functions and suitability of the directors and persons responsible for the management of PIs and EMIs. The report also recommends that, as part of any future review of the Guidelines, the EBA provides more guidance on how the proportionality principle should be applied in assessing the suitability of shareholders having a qualifying holding in an applicant’s capital.

The report expands on the recommendations included in the EBA’s response to the European Commission on the review of the PSD2 (EBA/Op/2022/06) and recommends that, as part of its ongoing PSD2 review process, the European Commission:

• clarifies the delineation between the different categories of payment services as well as emoney issuance;
  
• clarifies the applicable governance arrangements for PIs and EMIs;
  
• clarifies the criteria that CAs should use in assessing the suitability of directors and persons responsible for the management of PIs and EMIs;
  
• mandates the EBA to develop a common assessment methodology for granting authorisation as a PI or as an EMI; and
  
• clarifies the requirements that applicants must meet in order to ensure sufficient local substance, leveraging on the best practices mentioned this report.

The objectives of this report are to:

• further strengthen consistency and convergence of the assessment of applications for authorisations of PIs and EMIs across the EEA; and
  
• assess whether the EBA Guidelines have achieved their aim of bringing about consistency and clarity in respect of the information that applicants have to submit as part of an application for authorisation and of contributing to harmonisation in the authorisation process and to a level playing field across the EEA. 

This report is also a partial fulfilment of the mandate conferred by the PSD2 on the EBA to review the Guidelines “on a regular basis and in any event at least every 3 years” (Article 5(5) PSD2).

The peer review was performed by a Peer Review Committee of EBA and CA staff (see Annex 1 for the composition) and covered the CAs from all EU Member States and from two EEA States, as detailed in Annex 2. One EEA CA (IS) was not reviewed because it has only recently implemented the PSD2 and did not receive any application for the authorisation of PIs and EMIs in the period analysed (2019-2021). [CompliReg - not sure if IS is a typo, and should be 'SI' for Slovenia?]

The analysis has been conducted based on the CAs’ responses to a self-assessment questionnaire (SAQ), which covered a three-year period from 1 January 2019 to 31 December 2021. Where necessary, the PRC followed up with the CAs in writing seeking further clarifications and explanations. The PRC also conducted interviews with a subset of 10 CAs (BG, DK, ES, PL, PT, MT, NL, IT, LT and SE) to gain a better understanding of their supervisory practices.

Page 51, para 171 "5. Conclusions and recommendations" sates:

​"​With regard to the timeliness of the authorisation process, the review found that, while all CAs comply with the requirement in Article 12 PSD2 to take a decision on an application within 3 months from receiving a complete application, the average duration of the authorisation process varies significantly across MS, ranging from 4-6 months to +20 months. The main reason for this is the quality of applications and applicants’ timeliness in addressing the issues identified with the application. The PRC also identified a number of other reasons for these variations in duration across CAs, which include different timelines set out in national law and different procedural approaches adopted by CAs in the acceptance and assessment of applications."

[CompliReg - no doubt, and there is merit here, many firms will struggle with the EBA's finding that "all CAs comply with the requirement in Article 12 PSD2 to take a decision on an application within 3 months from receiving a complete application".]

The Peer reviews were carried out by ad hoc peer review committees composed of staff from the EBA and members of competent authorities, and chaired by the EBA staff.

This peer review was carried out by:

• Co-chairs: Jonathan Overett Somnier Head of Legal and Compliance Unit, EBA and Larisa Tugui Senior Policy Expert, Consumer, Payments and Conduct Unit, EBA
• Members: Adrienne Coleton Legal Expert, Legal and Compliance Unit, EBA; Antonio Barzachki Senior Policy Expert, Consumer, Payments and Conduct Unit, EBA; Gabriel Bosch Senior Expert Specialised institutions and procedures, Autorité de contrôle prudentiel et de resolution; Carolin Kopyto Senior Advisor, Directorate ZK (Supervision of Payment Institutions and Crypto Custody Business), BaFin; and Reinout Temmerman Payments Advisor, Surveillance of financial market infrastructures, payment services and cyber risks, National Bank of Belgium 

This post is a follow up post to last week's one  (8 December 2021) where we released data on the Top 5 European Union member states for electronic money institution (EMI) authorisations. You can find those posts here - CompliReg blog here and Linkedin post here. 

​Which are the Top 5 European Union member states for #paymentinstitutions (#API) authorisations? Read on, you may be surprised. #fintechfunfacts #fintechfriday

This post is a follow up to last week's one (8 December 2021) when CompliReg released data on the Top 5 European Union member states for electronic money institution (EMI) authorisations. You can find those posts at CompliReg https://lnkd.in/eimmnhup & Linkedin https://lnkd.in/e_JwinjJ.

There are 774 APIs authorised in the European Economic Area.*

Following the United Kingdom's exit from the European Union, the crown for the home of the largest number of APIs lands on the head of Germany (9.7%) followed by The Netherlands (9.3%), France (9.2%), Spain (7.8%) with Sweden (7.2%) rounding out the Top 5. Lithuania, the undisputed leader of EMI authorisations, came in at 8th place at 6.2%. 

Given that EMIs can provide payment services too, I don’t think Lithuania will be viewing today’s release as anything but positive for its overall ecosystem.

We will publish data combining both #EMIs and #APIs very shortly in order to give a more holistic picture of where the majority of these #fintech firms are authorised in the #EEA. That post will arguably provide the final word on Europe’s top spot for the highest number of such authorisations.

Had the UK not left the European Union, it would be the undisputed king of #payment firms, just as it would have been for #emoney institutions.

Let us know if this information is interesting and your thoughts. Are you surprised by the split? Did you expect Sweden to make the Top 5? Are you surprised that when it comes to authorised #paymentservices firms, the EMI leader board is not replicated?

And of course, if you need assistance with your fintech authorisation, please get in contact (that's the advertisement piece!). CompliReg supports:

* https://lnkd.in/eqiNpFdZ
* https://FintechMalta.com,
* https://FintechIreland.com,
* https://FintechCyprus.com,
* https://FintechUK.com

and soon a new Fintech France website!


* Data based on European Banking Authority records published 8th December 2021.

Linkedin Post here  - https://www.linkedin.com/posts/peteroakes_paymentinstitutions-api-fintechfunfacts-activity-6877591088606007296-N9xp 

Proposed 5 year strategy issued by Payment Systems Regulator.

The PSR's strategy  sets out  an approach that  aims to make sure payments and payment systems  work  well for everybody and that there is fair competition and access to payments for all. The approach is to protect and embrace what’s working well, change what’s not,  and lay the foundations for new products, ways to pay and new payment systems so that they develop with the needs of real people and businesses in mind. ​  
 
Key elements of the PSR Strategy   
The strategy sets out the PSR’s perspective on payment systems and the markets they support. It considers what is going well, where there is scope for improvement, and the risks and issues that need to be tackled.   

• Priority 1: Ensure users have continued access to the payment services they rely upon and support effective choice of alternative payment options.  
• ​Priority 2: Ensure users are sufficiently protected when using the UK's payment systems, now and in the future. 
• Priority 3: Promote competition in markets and protect users where that competition is not sufficient, including a) between payment systems within the UK and b) in the markets supported by them.   
• Priority 4: Ensure the renewal and future governance of the UK's interbank payment systems supports innovation and competition in payments.

​
What this looks like in practice   
In the strategy the PSR also sets out a number of actions it will take to deliver these priorities. Some of the key actions it is proposing include:   

• Promoting  competition between payment systems  so that, for example,  in future people may  choose to use interbank payments (when a payment moves from one bank account to another, like an online transfer) to buy their groceries. Most people currently  use  card payment systems to do this.  
• Continuing to protect access to cash for those that rely on it.  
• Making  sure that,  as interbank payments develop (like in the example above), so do the  consumer  protections  associated with them.  
• Supporting  developments to  Pay.UK’s  governance of the interbank rules so it has greater ability to enforce compliance with its rules and  make  changes that improve outcomes.  
• Understanding and taking account of the perspective of vulnerable consumer groups towards new ways of paying and the choices available to them.  

 
What happens next  
This document is a proposed  strategy .  The PSR is now seeking feedback  from everyone with an interest in payment systems and how they work.  The deadline for responding is  10 September 2021.  
 
This will  help the PSR finalise its approach and ensure  it is focused on the right outcomes,  and - ultimately - have a strategy that is balanced and credible in the eyes of those its regulates and protects.   
 
As well as gathering written feedback  the PSR is  arranging a series of engagement events to listen and understand  the views of its stakeholders.  More information about these events can be found on its website.   
 
If you have any questions, please get in touch via [email protected] 

Links: 

1. Proposed 5 year strategy 
2. ​Linkedin Post 

Some choice headlines in the papers about Brexit in the past week as we - according to Brexit Ireland's countdown to Brexit clock - just little more than 33 days before 11p.m. (UK time) on Thursday 31st December 2020 when the Brexit transition period ends with no deal on financial services in sight.

This week sees the EU negotiating team returning to London after face-to-face talks came to end more than a week ago after Mr Bariner's team was hit by a case of Covid.  They will be greeted by headiness such as: ​UK dismisses ‘derisory’ EU fishing offer ahead of last-ditch trade talks; 
Europe’s finance sector hits ‘peak uncertainty’ over Brexit; and The City braces for Brexit.

One thing we are still very surprised by is the many in #fintech, #techfin and indeed #finserv (and scarily their advisers) who think that recent news on 'equivalence' deals are applicable to all UK #finserv which passport across the European Union / EEA.

The announcement on Monday 23rd November by the European Commission was simply and specifically about European regulators finalising a late change seeking to avoid chaos in £15tn of derivatives contracts held between UK and EU counterparties. Then on Wednesday 25th, they insisted outposts of EU banks in London would have to trade certain derivatives in the EU.

Back in August 2020 the European Parliament reminded that "Equivalence decisions are a unilateral decision by the Commission. The Commission ultimately exercises its discretion as conferred upon it by the “empowerment” given in EU sectoral legislation.'' BUT MORE IMPORTANTLY "The Commission also enjoys discretion to withdraw equivalence decision. The equivalence frameworks in force do not provide as such specific procedures for monitoring, reviewing or amending equivalence decisions."

There are no equivalence provisions in EU bank, payments nor electronic money directives, and the equivalence provision in MiFiD doesn't apply to retail investment services. See the below table on the 'Role of equivalence in key EU banking and financial services legislation' for confirmation.

The upshot is that if you are a UK authorised payments institution or electronic money intuition, come Thursday 31st December 2020 when your ability to passport across the whole of European Economic Area comes to an end, so too does your business model unless you have obtained an authorisation in an EU/EEA state.  There are are other options available but we'll leave that for another article. 

​If you are a regulated fintech looking for a home post #brexit contact https://complireg.com/authorisations.html.  Read our Fintech Authorisation Guides published jointly by CompliReg and Fintech Ireland on the authorisation process.  And check out the 'Why Ireland for Fintech' brochure.

Why Ireland for your regulated fintech? 

• tax effectiveness
• common law legal system
• similarities to the UK in Irish approach to business
• access to world leading talent in financial services and technology
• reputation of the Central Bank / regulator 
• growing recognition of Ireland as an international fintech hub thanks to the work of the Irish government, its agencies and groups like Fintech Ireland. 

Further reading:

​26 November 2020 - Move to EU or face disruption, City of London is warned

• British financial firms must set up shop in the European Union or expect disruption on January 1st, the European Commission has warned, as it is unlikely to grant the required equivalency permit to ease access to the bloc’s customers by the end of the year.

27 August 2019 - "Third country equivalence in EU banking and financial regulation"

• This briefing provides an insight into the latest developments on equivalence in EU banking and financial regulation both in terms of governance and decision making (Section 1) and in terms of regulatory and supervisory frameworks that governs the access of third countries firms to the internal market (Section 2). The briefing also gives an overview on the possible role of equivalence regimes in the context of Brexit (Section 3) together with Brexit-related supervisory and regulatory issues (Section 4). This briefing is an updated version of a briefing published in April 2018. 

29 July 2019 - Financial services: Commission sets out its equivalence policy with non-EU countries

​12 July 2017 - "Third-country equivalence in EU banking legislation"

• This briefing focuses on the concept of equivalence in EU banking legislation and notably on the difference between “passporting” rights and “third-country equivalence” rights. It gives an overview of existing equivalence clauses in some key EU banking and financial legislation and of equivalence decisions adopted by the European Commission to date.