(Note this article also appears in our contributions to www.paymentscompliance.com)
An application to offer payment services in Ireland by means of a payment institution authorisation is made under regulation 18 of the European Communities (Payment Services) Regulations 2009 (S.I. No 383 of 2009) (the “Regulations”) which transposed into Irish law, the payment services directive (Directive 2007/64/EC) (the “Directive”). An application is made to the appropriate division of the Central Bank of Ireland. Having advised firms in respect of applications to the Central Bank under the Irish regulations the following should be guiding principles that should be borne in mind prior to any application:-
- Significant consideration must be given by the applicant as to whether or not the authorisation is suitable for the applicant. The prospective profits of any enterprise should be sufficient to justify the considerable application and ongoing compliance costs;
- While, not insurmountable, an applicant should give consideration to the initial capital requirements of €20,000, €50,000 and €125,000 as well as the own funds requirements which are calculated in Ireland pursuant to regulations 12 – 17 of the Regulations implementing Article 7 and 8 of the Directive;
- Careful consideration should be given as to whether the activities of the applicant fall within the terms of “payment services” under schedule 1 of the Regulations/Annex of the Directive, noting the negative scope/exclusions as set out in regulation 6 of the Regulations (Article 3 of the Directive). In particular, there must be sufficient “contact” with funds to warrant an application.
- It is vitally important that the applicant brings with it a credible team. This stretches right throughout the organisation and in particular focus should be made on not only the management team but also that the non-executive board brings with it sufficient skill to be able to provide the necessary oversight of the applicant. In addition to this the applicant must demonstrate that it has in place, an experienced compliance officer, internal auditor, IT manager and operations manager. Ideally all of these individuals should have previous payments experience or at least a strong credible financial services experience.
The applicant must be willing to commit significant resources to the application process and budget for a timescale of anything between six to twelve months to deal with the application process. The length of time will be driven by a number of factors namely:-
- The quality of the initial submission and preparation put into the initial submission;
- The size and the complexity of the organisation;
- The resources of the applicant in its ability to deal with the queries raised by the Central Bank and the speed by which responses can be made;
Support of an experienced qualified solicitor/compliance officer is vital to the process together with a fully engaged management team.
Overview of Key Requirements of the Central Bank
The Central Bank has some key focuses in respect of the application process. In our view, the following four would be at the forefront:-
- Safeguarding of Client Funds. It is vital that there are extremely robust and careful procedures in place to deal with the safeguarding of client funds. Segregation of client funds with own funds is a must together with evidence of daily reconciliation of funds, a strict compliance with payment times, clear stratified oversight of maintenance of client funds and detailed ability to produce clear financial reporting on a client by client basis in respect of client funds.
- Anti-Money Laundering and Counter Terrorist Financing. Particular focus would be given by the Central Bank in respect of all areas in relation to the anti-money laundering and counter terrorist financing regime. Compliance in these areas cannot be underestimated in any regard and an applicant firm must be scrupulous in respect of its compliance in relation to these areas.
- Understanding of risk. Any applicant must be able to demonstrate to Central Bank that it has a thorough understanding of potential risks that will effect their business and the measures that it has in place to mitigate these risks. This demonstrates an understanding by an applicant of its own business and the environment with which it operates.
- Payment flows. The applicant must be in a position to provide comprehensive payment flows, demonstrating the flow of funds, which financial institutions are used for funds, the persons involved in the flow of funds, the IT systems used, where are charges imposed etc. This must be demonstrated diagrammatically and be supported with a comprehensive narrative.
The Application Process
Helpfully the Central Bank provides a pre-application submission process. This is an invaluable step in the application process, and by means of collation of information for the pre-application process, an applicant will bring together in skeletal form their application. Once submitted, the Central Bank requires a meeting with the applicant to determine whether or not an application is suitable. Guidance will be given by the Central Bank of what is expected from the applicant.
Key Application Forms
The application process will consist of the submission of the Application Form to the Central Bank together with key supporting documents. The principal supporting documents would be the Programme of Operations and the Business Plan. The format and content of the Programme of Operations and the Business Plan are set out in the guidance notes issued by the Central Bank in respect of the Application Form. There must be strict adherence to the form and content of each of the Business Plan and the Programme of Operations.
A particular focus of the Central Bank in any application process is the absolute necessity that there would be comprehensive cross-referencing in the contents of the Application Form to each of the contents of the Business Plan and the Programme of Operations. This does cause a particular challenge for any applicant as there is a degree of cross-over between the contents of the Applicant Form, Programme of Operations and Business Plan. In addition, an applicant must also cross reference to the range of supporting documents and manuals which should be supplied with any application. All of these documents must be properly cross-referenced using a strict abbreviation system adopted by the Central Bank.
Key Elements of the Application
We now set out what we consider to be the key elements of any application and our commentary on these based on our extensive experience in submitting applications to the Central Bank:-
- Organisation Chart Group Structure. A full group structure will need to be provided showing all subsidiaries, associated companies and all holding companies regardless of the jurisdiction. The overall group structure must be fully comprehensive. In addition to the group structure, an organisational chart must be provided of the applicant and this must show in detail reporting lines leading to the chief executive and demonstrate there is sufficient oversight provided of the compliance and internal audit functions.
- Agents. A critical part of any application would be whether or not the applicant is using agents as part of the delivery of their service. It is vitally important to note that the concept of an agent is a term of art within the application process. The Central Bank would only consider an individual/company an agent of the applicant if they are in contact with funds in the same manner by which a payment institution may be in contact with funds. Therefore any individuals who may perform a marketing role or otherwise introduce business into a company would not be considered agents for the purposes of the application. If an entity is considered a true agent under the application system then a further submission is required known as the Application Form for Appointment of Agents by a Payment Institution which is a nine page form issued by the Central Bank and requires a detailed range of information.
- Outsourcing. Detailed information needs to be provided where the key functions of the payment institution is outsourced. Not only should details of the outsourced function be provided (e.g. outsourced IT function, outsourced Internal Audit or other outsourced functions) but an SLA Agreement between the outsourced function and the entity must be provided.
- Ancillary Services. It should be noted that there is nothing to prevent a payment institution also conducting ancillary services and/or non-payment services within the same entity. However the Central Bank must have full clarity in respect of those services and be fully satisfied in particular that there could be no risk to client funds by the operation of these services.
- Flow Diagrams. It would be essential to provide detailed and comprehensive flow diagrams to the Central Bank together with supporting narrative. This was referred to above and it is an essential part of the pre-application submission requirements.
- Agreements and Terms of Conditions. While the Application Form shall require the applicant to indicate that they have in place the necessary framework contract curiously the Central Bank do not necessarily need to see or approve the terms of any framework agreement with customers. However it is always prudent to ensure that a framework agreement is supplied which fully complies with the transparency requirements of the Regulations.
- Safeguarding of Funds. As indicated above safeguarding of funds would be a key element of the application process and particular attention is given to the area particularly by the fact that Appendix 2 of the Application Form sets out a detailed series of questions in respect of safeguarding procedures that an applicant firm must have in place.
- Anti-Money Laundering. Detailed manuals will need to be provided showing the practical steps that an applicant is taking to ensure that it complies in all respects with not only the terms of the anti-money laundering and counter terrorism financing regime in Ireland but also all associated guidance notes issued. The requirement to be scrupulous in this area cannot be overestimated.
- IT Systems. The applicant will need to demonstrate robust IT systems together with a detailed business continuity plan to deal with any outages or interruptions with IT systems.
- The applicant will need to demonstrate how it will manage compliance with the ongoing regulatory requirements and in particular with the Prudential Requirements for Payment Institutions (August 2010 edition). In particular the applicant will need to set out the roles and functions of the compliance officer and supervision of the compliance function.
- Risk Management. An applicant will need to fully satisfy the Central Bank that it has considered each and every possible risk. Therefore the applicant should use standard risk matrix criteria setting out the nature of the risk, its severity, its possible impact and what mitigation steps the entity has in place in respect of any risk. A scoring system should be used. Risks should be broken down into operational, human resources, financial, compliance, outsourcing, IT and security, market and macro-economic.
- Financial Information. Full detailed financial information will need to be provided not only in respect of prior audited accounts but also up to date management accounts. In addition three year projections must be provided. The three year projections need to be provided as of six months from the date of application.
- Directors and Manager. Full CVs will need to be provided in respect of all directors and managers of the operation including CVs in respect of the compliance officer, head of credit and risk, internal audit etc. In addition the Central Bank will also require details particularly in relation to outsourced arrangements, including CVs and information of those who will act as a stand-by in respect of the termination of relationships with key outsourced partners.
- Direct and Indirect Holding. Full information must be provided in respect of all direct and indirect shareholders. The Central Bank require total clarity in respect of all owners of the applicant and in particular must be satisfied that it has full information of the natural persons who ultimately hold beneficially more than ten per cent of the applicant.
- Governance and Staffing. A key element of the application will be that the applicant will need to meet what is known as the “Fitness and Probity Regime”. The Central Bank has established its own regime in satisfying itself that the persons who are operating and controlling a regulated entity have sufficient knowledge and experience of the business and also that they are proper persons to operate a business as regulated by the Central Bank. Therefore they must meet the requirements of what is known as the Fitness and Probity Regime established by the Central Bank. In particular all those who perform what is known as a pre-approved control function must submit onto the Central Bank’s on-line system “individual questionnaires” which are a detailed series of questions providing full and comprehensive information to the Central Bank about individuals performing such pre-controlled functions. This would include all directors, all non-executive directors, compliance officers and other key office holders of the business.
An application to the Central Bank is well indeed achievable under the Irish regime. The Central Bank takes a robust and conservative approach with respect to payment institutions and rightly so. The authorisation is of the highest level that can be obtained under the Irish regulatory regime and should be viewed in the same manner as a banking licence. An applicant must be comfortable with providing full clarity on all aspects of its business and must plan to have in place the necessary ongoing compliance resources to meet the authorisation.
Both Colm Kelly and Geraldine Conroy solicitors have extensive experience in the payments arena. For more information contact firstname.lastname@example.org or email@example.com