Electronic Money Institutions

Progress in technology has contributed to the development of a new kind of payment instrument - electronic money.

This may be in the form of value stored on a technical device such as a chip card or a computer. Electronic money (e-Money) can be best described as a digital form of cash since it has many of the characteristics of cash.

Customers buy the electronic equivalent of coins and notes. The customer, in effect, has exchanged cash for another means of payment. Instead of using a debit card (which requires a bank account) or a credit card (which requires a contract agreement) the customer has purchased a non-cash means of payment, which can be used in much the same way as cash or other forms of card payment but without the requirement of third party authorisation.

E-money can therefore be defined as monetary value as represented by a claim on the issuer, which is:

  • electronically stored
  • issued on receipt of funds for the purposes of making payment transactions
  • accepted as means of payment by a natural or legal person other than the issuer

An e-money institution is an undertaking that has been authorised to issue e-money in accordance with the European Communities (Electronic Money) Regulations 2011, as amended (EMR).

Directive 2009/110/EC of the European Parliament and of the Council on the taking up, pursuit and prudential supervision of the business of electronic money institutions (the Directive) was signed on 16 September 2009. The Directive was transposed into Irish law through the EMR. The EMR were further amended when the European Union (Payment Services) Regulations 2018 (PSR), which transposes Directive (EU) 2015/2366 (PSD2) into Irish law, came into effect on 13 January 2018.

Please refer to the following PSD2 - Frequently Asked Questions section for details on the PSD2 and the new PSR that may be of relevance to your firm.

Industry Communications

22 June 2023

Chartered Accountants Ireland have issued Technical Release 01/2023 Safeguarding reporting for payment and electronic money firms.

The purpose of this Technical Release (TR) is to provide assistance to auditors who are engaged by Payment and Electronic Money institutions to carry out the specific audit of their compliance with the safeguarding requirements under the PSR/EMR. The TR was prepared in consultation with the Central Bank of Ireland. 

24 May 2023

In reference to the Central Bank of Ireland’s Dear CEO letter of 20 January 2023 and, in particular, the requirement that payment and e-money firms obtain a specific audit of their compliance with the safeguarding requirements under the PSR/EMR by 31 July 2023.

Following discussions with Chartered Accountants Ireland (CAI), an acceptable format for these engagements has been agreed. CAI will issue guidance to their members on performing these engagements in due course. 

Firms are required to prepare a detailed document setting out a description of aspects of their organisational arrangements to secure their compliance with the relevant safeguarding requirements under the PSR/EMR.   Firms should also prepare an assertion, approved by the Board of directors, stating that in all material respects 1 the description is fairly presented, and 2 the controls and processes included in the description were operating as described at the reference date.

Further details are outlined in the Safeguarding Notice to Payment and E-Money Firms.

20 March 2023

In reference to the Central Bank of Ireland’s Dear CEO letter of 20 January 2023 and, in particular, the requirement that payment and e-money firms obtain a specific audit of their compliance with the safeguarding requirements under the PSR/EMR by 31 July 2023.

The Central Bank has engaged with Chartered Accountants Ireland regarding the type of engagement that is appropriate and it is proposed that Chartered Accountants Ireland will develop guidance to assist auditors in the completion of this engagement in due course. This should help both firms/auditors in the scoping of the engagement and also enhance the consistency of approach adopted across the sector.

We acknowledge the guidance will take some time to develop and for this reason we are extending the timeframe for the engagement, and the submission of the accompanying Board response, to 31 October 2023.

20 January 2023

The Central Bank has issued a Dear CEO letter with the purpose to reaffirm our supervisory expectations built on our supervisory experiences, both firm specific and sector wide, and enhance transparency around our approach to, and judgements around, regulation and supervision. Section 1 of the letter provides wider and specific context to our supervisory approach. Section 2 details key findings from our supervisory engagements over the last 12 months, including outlining a number of actions we expect firms to undertake. Section 3 of the letter sets out our expectation that this letter is provided to and discussed with your Board, and any areas requiring improvement that directly relate to your firm are actioned.

10 December 2021
The Central Bank has issued a Dear CEO letter with the purpose of setting out clearly the Central Bank’s expectations for all Payment and E-Money firms and the actions we expect the Boards and senior management of these firms to undertake to ensure the firms are in compliance, on an ongoing basis, with their regulatory requirements and any conditions imposed on the firms’ authorisation. In broad terms, the Central Bank expects regulated firms to be well-governed, with appropriate cultures, effective risk management and control arrangements in place. Firms should have sustainable business models with sufficient financial resources, including under a plausible but severe stress.  The Central Bank expects firms to be operationally resilient such that they are able to respond to, recover and learn from operational disruptions. Additionally, and importantly, the financial system must be protected from use for money laundering or terrorist financing activities.

Background

The Central Bank of Ireland’s (‘Central Bank’) statutory “gatekeeper” role is critically important. In assessing applications for authorisation as a PI or an EMI, the Central Bank adopts a robust, structured and risk-based approach that seeks to ensure that only applicants that demonstrate an ability to comply with the authorisation requirements applicable to their proposed business model are authorised.

The authorisation and supervision of firms operating in the PI and EMI sector is an important part of our mandate. This sector has grown substantively over the last number of years. The number of firms authorised by the Central Bank has more than doubled since 2018 and there continues to be a strong authorisation pipeline.

The purpose of this communication is to clearly set out the Central Bank’s expectations for all PI and EMI firms applying for authorisation, and to remind applicant firms of the authorisation principles, approach and the core elements that will be assessed by the Central Bank. In addition, information about the service standards to which the Central Bank operates is set out below.

1. Authorisation Principles

It is the Central Bank’s expectation that firms fully understand the risks arising from their business model and operations and how to mitigate those risks. As a general principle applicable to all firms, both incoming and those firms we currently supervise, the Central Bank expects that firms:

a) Have sufficient financial resources, including under a plausible but severe stress;

b) Have sustainable business models;

c) Be well governed, with appropriate cultures, effective risk management and control arrangements in place; and

d) Be able to recover if they get into difficulty, and if they cannot, they should be resolvable in an orderly manner without significant externalities.

From an overarching perspective, through the authorisation process, the Central Bank is seeking to gain assurance in an evidence-based manner that firms have the capabilities to manage risk and the proposed governance, risk and compliance frameworks are therefore sufficient and will operate as described post authorisation. In this regard, firms are expected, in the context of seeking to become a regulated firm, to be fully aware of the Central Bank’s broader financial regulation (prudential and conduct) expectations post authorisation. To this end, firms are expected to proactively and diligently consider regulatory requirements and guidance as well as published communication from the Central Bank to regulated firms in this sector.

PIs and EMIs firms play an increasingly important role in the financial system and in the lives of consumers. Consequently, the failure of firms to meet their supervisory obligations, including breaches of regulatory requirements can have a significant impact on consumers, who are reliant on the services provided, and/or on the functioning of the broader financial system. Therefore, firms must demonstrate that they have robust internal systems and controls, including well-developed risk management frameworks in place to drive effective behaviour and culture. In this regard, the Central Bank has no tolerance for widespread consumer or investor harm and it is the responsibility of firms to ensure that their business has a consumer-focused culture. From a conduct perspective, the Central Bank expects applicant firms to:

  • Go beyond consumer protection obligations under law and be proactive and meticulous in ensuring that they do business in a way that protects consumers and investors.
  • Ensure that consumer-focused cultures are evident and demonstrable throughout the entire structure. Firms must show evidence of robust oversight and challenge led by the board (in particular over the product/service lifecycle), execute comprehensive training for staff and measure key indicators of the firm’s culture.
  • Regularly track and monitor the behaviour and culture in their organisations, and reflect on any shortfalls in the collective understanding of what ‘consumer focus’ actually means for their firm.
  • Firms must ensure they have the right structures, processes and systems embedded to support consumer-focused behaviours.

Further elaboration of the Central Bank’s consumer protection expectations are outlined in the recent publication of the Consumer Protection Outlook 2021.

 

2. The Authorisation Assessment

The Central Bank’s assessment takes into consideration the nature, scale, and complexity of a firm’s application both from a point in time and forward looking perspective. Therefore it is recommended that firm’s clearly demonstrate within their application submission how they will own and control the risks to which they are exposed both upon authorisation and in the future in line with their growth plans and ambitions.  In this regard, it is the Central Bank’s expectation that throughout the authorisation process that engagement is robustly led by persons proposed to be performing Pre-Approved Control Functions (‘PCF’) in the firm.

Based on the foregoing and the relevant underpinning legislative requirements and guidelines, the Central Bank authorisation assessment focuses on five distinct areas:

a) Business Model and Financial Resilience: Assessment of the viability and sustainability of the applicant’s business strategy, programme of operations and financial projections for the first three years of operation including underpinning assumptions. This includes an assessment of the firm’s ability to meet capital requirements on an on-going basis including vulnerabilities stemming from enterprise wide risks.

 b) Governance: Assessment of the local governance framework including the proposed board construct, its terms of reference, suitability of members of the management body and key function holders, management committees and the three lines of defence framework. The Central Bank expects decision-making at Board and Executive level to take place within the State. Non-executive directors on the Board are expected to devote sufficient time to fulfil their duties and to act critically and independently so as to exercise objective and independent judgement.  In the future, the Central Bank will conduct interviews for PCF roles as a core part of the assessment process. The adequacy of local resources will also be specifically assessed including the alignment of same to the management of the key functions and risks of the firm both from a prudential and conduct perspective.

c) Risk Management, Operational Resilience and Safeguarding

Assessment of the firm’s articulation of its key prudential and conduct risks and the respective risk management frameworks. Applicant firms should demonstrate comprehensive risk management systems commensurate with the proposed business model of the applicants activities are in place. Applicant firms should coherently describe the key risks inherent in the proposed business activities of the applicant including details on how these risks will be identified, managed, monitored, controlled and mitigated. For the most material risks including; safeguarding, operational and IT risk, outsourcing (including intragroup) capital and credit risk a detailed assessment of the individual policy documents, frameworks and internal control mechanisms will be performed. Such documents should clearly describe the end-to-end operational and risk management process. Assessment of the firm’s IT risk management policy and framework including procedures for monitoring, handling and following up on security incidents and security related customer complaints is also a key assessment feature.

d) Money-Laundering/Terrorist Financing risk

The financial system must be protected from use for money laundering or terrorist financing activities. Protecting the financial system from money laundering and terrorist financing is of the utmost importance to the Central Bank. Firms operating in the PI and EMI sector are classified as a designated person under the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (as amended) (“CJA 2010”).As a designated person, firms are subject to the obligations of the CJA 2010, and in particular, the obligations set out in Part 4.Firms must demonstrate that they invest in and maintain strong AML compliance frameworks to protect the financial system, consumers and the wider public from money laundering and terrorist financing. One of the Central Bank’s key expectations for an effective AML control framework is that it is based on a money laundering and terrorist financing risk assessment that specifically focusses on the money-laundering and terrorist financing risks arising from the firm’s business model. This risk assessment should drive the firm’s framework such that it ensures there are robust controls in place to mitigate and manage the risks identified through the risk assessment. The Central Bank’s view is that a “tick box” or rules-based approach to risk assessment is not fit for purpose and does not meet regulatory expectations.

e) Resolution and Wind Up

Assessment of the measures to be taken by the applicant firm in the event of termination of its payment services (due to insolvency, etc.).It is expected that where failure arises, the insolvency process can be managed in an orderly fashion without customer detriment. Measures to be reviewed will include, inter alia, an assessment of the firm’s ability to (i) ensure operational continuity by all service providers during the wind-down process, (ii) execute pending payment transactions, (iii) repay outstanding client balances without delay and/or (iv) protect client funds from the claims of other creditors in the event of insolvency.

The Central Bank has published service standards in respect of the processing of applications for the Payments Sector. In the context of meeting those standards, the service standard timeframe to which the Central Bank has and remains committed to the assessment phase of the application process is 90 working days.  However, firms should expect that the assessment clock will be paused resulting in a prolonged assessment period where:

  1. The information provided does not address, in substance and detail, the key assessment areas as outlined under the Authorisation Process section of the Central Bank website.
  2. Firms do not comprehensively address, within their applications, the firm specific feedback provided by the Central Bank during the formal assessment phase period.

3. Closing

The Central Bank deals with all applications for authorisation in an open, engaged and constructive manner. The Central Bank encourages all firms seeking authorisation to engage at the earliest opportunity regarding it proposed application having fully reflected on the information contained within this communication as well as the broader suite of information available on the Central Bank’s website.

24 January 2018
Following the transposition of Directive (EU) 2015/2366 (PSD2) into Irish law by way of the European Union (Payment Services) Regulations 2018 (PSR), the Central Bank has updated its application documentation for applicants seeking authorisation/registration as a Payment Institution (PI) or an Electronic Money Institution (EMI) to reflect the PSR. More information can be found on the authorisation pages for PIs and EMIs.

The Central Bank accepts applications for authorisation/registration submitted on application forms it has published for each of the following:

  1. Authorisation as a Payment Institution
  2. Registration as an Account Information Service Provider
  3. Authorisation as an Electronic Money Institution
  4. Registration as a Small Electronic Money Institution

The Central Bank has also issued a Guidance Note document which aims to provide further support to applicants completing the new application forms. 

8 December 2017
The Central Bank of Ireland has published a Guidance Note on the specific requirements provided for in the revised Payment Services Directive (Directive (EU) 2015/2366) (PSD2), that apply to persons seeking approval for a Pre-Approval Controlled Function role in a Payment Institution or Electronic Money Institution (PSD2 F&P Guidance).

Links to the F&P Guidance can be found for:

1. Authorisation as a Payment Institution

2. Authorisation as an Electronic Money Institution

3. Amendments Processing for Payment Institutions

4. Supervision Process for Payment Institutions

5. Amendments Processing for Electronic Money Institutions

6. Supervision Process for Electronic Money Institutions

The Central Bank has issued this Guidance Note to provide support to applicants completing the Fitness & Probity Individual Questionnaire via our Online Reporting System.

Note
This notice applies to persons seeking approval for a Pre-Approval Controlled Function role in a firm seeking authorisation as a Payment Institution or Electronic Money Institution or in a firm that has already been granted an authorisation as a Payment Institution or Electronic Money Institution by the Central Bank.