[ad_1]
Ireland is home to a substantial number of payment institutions, some home grown and others drawn to Ireland by its active and thriving FinTech Sector.
Aside from Ireland’s position as a FinTech hub, there are a number of advantages to being authorised in Ireland as a payment institution, including:
- a strong regulatory framework with a credible and experienced regulator, the Central Bank of Ireland (“CBI”);
- the ability to engage with the CBI through its Innovation Hub prior to seeking authorisation as a payment institution;
- a favourable passporting regime with the ability to passport to other EEA Member States either on a branch or a cross-border services basis;
- a favourable tax regime, due to a combination of a 12.5% corporate tax rate and an exceptionally extensive and comprehensive set of double tax agreements; and
- access to a sophisticated financial services ecosystem with a deep pool of staff, managers, professional advisers, regulators and service providers including not only native English speakers but a sizeable international population.
Regulatory Framework
Payment institutions are regulated under the revised Payment Services Directive 2015/2366, as transposed into Irish law by the European Union (Payment Services) Regulations 2018 (“Payment Services Regulations”), and related measures.
The CBI is responsible for the authorisation, prudential regulation and supervision of payment institutions in Ireland.
Passporting and Third Country Firms
A payment institution authorised in Ireland can passport to other EEA Member States on either a services or cross-border establishment basis, subject to the fulfilment of certain notification requirements. A payment institution authorised in another EEA Member State can also passport into Ireland.
A payments business established outside the EEA, can obtain passporting rights either by establishing itself or a subsidiary in Ireland (or in another EEA Member State) and obtaining authorisation as a payment institution from the CBI (or from the relevant national competent authority in another EEA Member State) or by acquiring an existing authorised payment institution.
Authorisation Requirements
An entity that wishes to become authorised as a payment institution under Irish law must fulfil a number of requirements. In particular, the entity will be expected to show that it has substance in Ireland, is adequately capitalised, has appropriate arrangements in place to run a payment institution and complies with fitness and probity requirements.
Substance
The CBI places considerable emphasis on ensuring that an applicant’s “heart and mind” will be located in Ireland. This essentially means that the CBI will need to be satisfied that the applicant will be properly run in Ireland and that the CBI will be able to supervise it effectively. Among other things, the CBI will expect to see present in Ireland:
- a senior management team with strength and depth overseen and directed by a strong board; and
- an organisation structure and reporting lines which ensure there is appropriate separation and oversight of all activities.
In terms of residency, the personnel who are to fulfil the applicant’s core functions should operate out of Ireland and the expectation is that virtually all of the senior personnel will be permanently based in Ireland.
An Irish authorised payment institution can outsource/delegate activities to entities in other jurisdictions. However, overall responsibility for ensuring compliance with legislative requirements must stay in Ireland. In addition, a payment institution must notify the CBI when it intends to outsource operational functions of payment services. Moreover, the Payment Services Regulations set out a number of requirements with which a payment institution must comply when outsourcing “important” operational functions, such as IT systems. The CBI expects a payment institution to comply with the EBA’s Guidelines on Outsourcing, as well as the CBI’s Cross-Industry Guidance on Outsourcing.
Capital Requirements
A payment institution must hold initial capital of at least between €20,000 and €125,000 depending on the types of payment services it provides. The actual amount of initial capital required for each individual firm will be notified to the firm as a part of the authorisation process and can vary depending on the nature, scale and complexity of the applicant’s business.
Arrangements
An applicant will need to provide detailed information to the CBI regarding how it intends to function as a payment institution, including details of its: programme of operations; business plan; structural organisation; governance arrangements and internal control mechanisms; and business continuity arrangements procedure for dealing with security incidents.
Governance and Risk Management
An applicant is required to maintain governance arrangements, control mechanisms and procedures that are proportionate and appropriate to their business. In addition, an applicant must consider the composition (both number and skills) of their board and management team, to ensure they are sufficient to run their business from Ireland. An applicant’s board has responsibility for setting and overseeing the strategy of the firm, and ensuring that adequate and effective governance, risk management and internal control frameworks are in place.
Conduct and Culture
An applicant is expected to have a consumer-focused culture with robust internal systems and controls, including well developed risk management frameworks.
Safeguarding
An applicant must have a safeguarding risk framework in place, approved by its Board, which ensures that relevant client funds are appropriately identified, managed and protected on a day-to-day basis. There must be oversight of this framework by an applicant’s second line of defence (risk and compliance functions) and third line of defence (internal audit). In 2023, an external audit of safeguarding requirements is required for payment firms who safeguard users’ funds. While this audit is just for 2023, depending on the outcome of the audit, it is possible that similar audits may be required in the future.
Business Model, Strategy and Financial Resilience
An applicant is expected to have a capital accretive business model that is viable and sustainable with due regard given to potential firm specific and wider market stress scenarios.
While an applicant may operate as part of a larger group, and be reliant on group strategic decisions to inform local strategy, there must be sufficient financial (capital and liquidity) and operational (resources, IT systems etc.) capacity and capability within the firm to execute that strategy.
An applicant is expected to have robust strategic and capital planning frameworks which demonstrate that they have a good understanding of the risks that they face and their potential financial impact, such that they can proactively manage their capital to ensure that they are in a position to meet their own funds (capital) requirements on a stand-alone basis at all times, i.e. sufficient regulatory capital is available to absorb losses, including during stress conditions.
An applicant is expected to have board-approved business strategies in place supported by robust financial projections, and must understand and meet their capital requirements at all times. Strong internal controls must be in place, that are subject to regular testing, to ensure the accuracy and integrity of data used by the firm for regulatory reporting purposes, and for strategic and financial planning.
Operational Resilience
The CBI expects an applicant to be able to respond to, recover and learn from operational disruptions. If an applicant is part of a wider group, the CBI will expect the applicant to operate sufficiently on a stand-alone basis to ensure the primacy of the legal entity authorised in Ireland.
An applicant’s board and senior management teams must ensure they themselves have the skills and knowledge to meaningfully understand the risks their firm faces and the responsibilities they have. This responsibility also extends to outsourced activities where the activities are conducted on the firm’s behalf by any third party, including any group entity.
Financial Crime
As a designated firm, a payment institution must comply with the know-your-customer / anti-money laundering (AML) obligations set out in the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010. An applicant must have a strong anti-money laundering control framework that specifically focusses on the money laundering and terrorist financing risks arising from the applicant’s business model.
Where distributors and/or agents undertake AML preventative measures and controls, such as customer due diligence (CDD), on behalf of a payment firm, this must be completed in line with the payment firm’s own risk assessments and AML policies and procedures. Payment firms must also exercise adequate oversight of their agents and distributors with an appropriate level of ongoing assurance conducted. Payment firms must undertake appropriate assessment of their agents and distributors that undertake activities on their behalf. The responsibility for carrying out customer risk assessments and CDD on the end user of the products and services ultimately rests with payment firms, even where such tasks are being performed by agents and distributors.
Resolution and wind-up
An applicant is expected to have an appropriate exit/wind-up strategy which is linked to their business and operational model that ensures the return of customer funds as soon as is reasonably practical in an exit/wind-up scenario.
Fitness and Probity
Once an application is submitted, the applicant will also need to ensure that all relevant individuals proposed to hold a Pre-Approval Controlled Function (“PCF”) role (typically board members, senior management, key function holders) complete Fitness and Probity Individual Questionnaires.
The CBI’s fitness and probity requirements are based on Guideline 16 of the “EBA Guidelines on the information to be provided for the authorisation of payment institutions and e-money institutions and for the registration of account information service providers” which relates to the “identity and suitability assessment of directors and persons responsible for the management of the payment institution or electronic money institution”. The CBI has published Guidance on the Specific Requirements that apply to persons seeking approval for a Pre-Approval Controlled Function role in a Payment Institution or Electronic Money Institution (here).
All relevant individuals must submit an Individual Questionnaire electronically; however, access to the online Individual Questionnaire only becomes available after an application has been deemed to contain all the key information needed to progress to the assessment phase of the application process.
Authorisation Process
An application for authorisation as a payment institution must be submitted to the CBI. According to the CBI, it:
seeks to process each application as expeditiously as possible while meeting its obligation to operate a rigorous and effective gatekeeper function. It aims to ensure that the application process is facilitative and accessible from the perspective of applicants and, importantly, that applicants have clarity with regard to the process, its requirements and timelines.
The CBI has also published a Guidance Note on completing an authorisation application under the Payment Services Regulations (here).
All applications for authorisation as a payment institution in Ireland must be submitted using the following form: Authorisation as an Payment Institution (here) (except where the firm only intends to provide account information services in which case a different application form should be used (here)). In addition, an applicant must complete:
- the Anti-Money Laundering, Counter-Terrorist Financing and Financial Sanctions Pre-Authorisation Risk Evaluation Questionnaire for Payment Institution and Electronic Money Institution Applicants (here);
- Qualifying Holder Application Forms (here) as appropriate; and
- Fitness and Probity Individual Questionnaires for all PCF roles.
There are five stages to the authorisation process for a payment institution following a pre-application meeting, and once the applicant has submitted a completed Application Form and relevant accompanying documentation.
These stages are set out below and also apply to applicants applying for registration as account information service providers.
[ad_2]
Source link