Central Bank Focus Areas for E-money and Payment Firm Applications
On 9 April 2024, the Central Bank of Ireland (“CBI”) published its Expectations for Authorisation of Payment and Electronic Money Institutions and Registration of Account Information Service Providers (“CBI Expectations”). These are intended to bring better clarity, transparency and predictability for applicant firms looking to be authorised as payment institutions, electronic money institutions or account information service providers (together, “Firms”).
- Published
- in Analysis & Insights
Poorly planned applications can often lead to authorisation process delays and increased costs for applicant Firms. Helpfully, the CBI Expectations set out the top five challenges experienced by Firms during the authorisation process. This update will examine how Firms can prepare their applications to overcome or avoid these challenges.
Inadequate Preparation
The CBI Expectations note that inadequate preparation and incomplete applications are among the most common issues faced by applicant Firms. Ensuring that the Firm is adequately prepared before engaging with the CBI on a potential authorisation and, particularly at the point of submission, are key to avoiding application delays.
Firms should ensure that, before submitting their Key Fact Document and attending their initial CBI meeting, they have prepared a clear outline of their proposal which explains the regulated services the Firm will provide and gives an overview of its products, operating model and target market, and demonstrates an understanding of the application requirements and a capability of meeting the Firm’s regulatory obligations from the point of authorisation.
While the assessment stage of any application is an iterative process, providing a high quality and detailed application can minimise the number of queries raised. There is often a conversation early on around resourcing, who needs to be hired and when. The CBI notes that Firms which have identified senior individuals early in the application process often progress more quickly. The rationale is that in the CBI’s experience these Firms generally submit a more complete application and these individuals are often well-positioned to discuss the Firm’s proposed risk management frameworks; proposed business model and governance; and to address CBI feedback.
Lack of Clarity and Changing Business Models
The CBI has noted an inability to properly describe the proposed business model and customer offering or a lack of detail regarding the products offered; the processes through which they will be delivered; or underlying assumptions as common reasons for prolonged application processes. To help iron out the details of the proposal, the CBI encourages Firms to engage with its Innovation Hub early to help ensure that the authorisation proposal can be clearly articulated before engaging with the authorisation team.
Substantial changes in the proposed business model during the application process are also liable to cause the CBI to raise further comments and queries, which will result in substantial delays. Firms can alleviate these risks by having a clear and detailed business plan prepared from the outset, and by making senior appointments who understand the Firm’s business early in the authorisation process. Firms should also consider whether their proposed business model requires more than one type of authorisation and, if so, take steps to seek all required authorisations to avoid delays.
Delayed Responses and Non-Remediation of Issues
The CBI Expectations note that the CBI often experiences delays by Firms in responding to queries or providing requested clarification which slow down the process. Inordinate delays in responding to a request for information or a query from the CBI within 60 business days will lead to an application becoming dormant.
It is therefore important that Firms work closely with their advisors to promptly prepare adequate responses to the questions and comments raised by the CBI and respond within any deadlines provided.
Localised Functions and Frameworks
The CBI notes that a common issue arising in applications for authorisation of Firms which are subsidiaries within a group structure is not having localised frameworks to manage local risk. The CBI Expectations make it clear that, for the purpose of effectively managing local risk, submitting group risk management frameworks will generally not be accepted by the CBI without appropriate adjustments. Firms should therefore ensure that their risk frameworks take account of the local risks faced by the applicant, whether that involves a bespoke framework or using a group framework which has been tailored for the applicant Firm and approved by the board.
The CBI also expects transaction approval authority on safeguarding accounts to reside within the local entity and not with group or outsourced providers. Firms should also ensure within their IT risk management frameworks that they have adequate local risk management staff as well as appropriate local internal governance to enable the Firm to identify, measure and monitor IT risk, and demonstrate the transparency of IT related governance and decision making. Where Firms propose to outsource the internal audit function to a group or third-party entity, the CBI will also expect adequate oversight of the outsourcing arrangement to be exercised to and ensure that a comprehensive service level agreement is in place.
PCF Suitability
The final element of the authorisation process which the CBI Expectations note most commonly causes delays is the approval of the Firm’s candidates for Pre-Approval Controlled Functions (“PCFs”). In particular, the CBI notes that Firms often delay in identifying and proposing their candidates for PCF roles or propose unsuitable candidates who do not possess the necessary qualifications, skills, or experience to perform the relevant role.
Firms should ensure that they have conducted adequate due diligence on their proposed PCF candidates prior to proposing them. This will include consideration of not only the candidates’ qualifications, skills, or experience, but also their capacity to perform the role having regard to their location and time commitments. Candidates, particularly those in governance roles, will often be required to be resident within the State to have sufficient proximity to have oversight of the Firm’s operations. The Firm will also have to satisfy the CBI that, where a PCF candidate is employed on a part-time basis, the candidate can allocate sufficient time to adequately perform the proposed role. This will be particularly relevant where a candidate is proposed to perform more than one PCF role; in which case the Firm should provide a detailed rationale setting out how the PCF candidate would have sufficient capacity, qualifications and experience to effectively perform the proposed roles. To date, applications which have included proposals for PCF candidates to ‘triple hat’ PCF roles have not been approved.
Authorisation Timelines
Adequate preparation for submitting an application can help Firms to reduce the time taken to receive authorisation. The Electronic Money Regulations1 and the Payment Services Regulations2 each require the CBI to complete its assessment of an application for authorisation within three months of receipt of a complete application or, in the case of an incomplete application, within three months of receipt of all information necessary for the CBI to make a decision. Generally, however, the CBI Expectations note that it will usually take Firms at least 12 months to provide all necessary information.
How We Can Help
Our dedicated Financial Services Regulatory team has guided many clients successfully through the authorisation process with the CBI and have a clear understanding, from our experience, of what is expected to ensure a smooth and efficient authorisation process. We support support Fintechs and other clients across all regulated sectors in managing regulatory change, drafting policies, procedures and customer documentation, negotiating outsourcing arrangements, assessing corporate governance structures and guiding clients through engagements with the CBI from authorisation applications to supervisory and PRISM engagements (including RMPs and interview preparation) and more contentious enforcement issues.
Further Information
Further information on our Irish Financial Services Regulatory Group and the services we provide is available on our website and in our FSR and FinTech brochures. If you would like further information, please liaise with your usual Maples Group contact or the persons below.
1S.I. No. 183/2011
2S.I. No. 6/2018