29 April 2024

Central Bank Focus Areas For E-money And Payment Firm Applications

Maples Group


The Maples Group is a leading service provider offering clients a comprehensive range of legal services on the laws of the British Virgin Islands, the Cayman Islands, Ireland, Jersey and Luxembourg, and is an independent provider of fiduciary, fund services, regulatory and compliance, and entity formation and management services.
On 9 April 2024, the Central Bank of Ireland ("CBI") published its Expectations for Authorisation of Payment and Electronic Money Institutions and Registration of Account Information Service Providers ("CBI Expectations").
Ireland Finance and Banking
To print this article, all you need is to be registered or login on

On 9 April 2024, the Central Bank of Ireland ("CBI") published its Expectations for Authorisation of Payment and Electronic Money Institutions and Registration of Account Information Service Providers ("CBI Expectations"). These are intended to bring better clarity, transparency and predictability for applicant firms looking to be authorised as payment institutions, electronic money institutions or account information service providers (together, "Firms").

Poorly planned applications can often lead to authorisation process delays and increased costs for applicant Firms. Helpfully, the CBI Expectations set out the top five challenges experienced by Firms during the authorisation process. This update will examine how Firms can prepare their applications to overcome or avoid these challenges.

Inadequate Preparation

The CBI Expectations note that inadequate preparation and incomplete applications are among the most common issues faced by applicant Firms. Ensuring that the Firm is adequately prepared before engaging with the CBI on a potential authorisation and, particularly at the point of submission, are key to avoiding application delays.

Firms should ensure that, before submitting their Key Fact Document and attending their initial CBI meeting, they have prepared a clear outline of their proposal which explains the regulated services the Firm will provide and gives an overview of its products, operating model and target market, and demonstrates an understanding of the application requirements and a capability of meeting the Firm's regulatory obligations from the point of authorisation.

While the assessment stage of any application is an iterative process, providing a high quality and detailed application can minimise the number of queries raised. There is often a conversation early on around resourcing, who needs to be hired and when. The CBI notes that Firms which have identified senior individuals early in the application process often progress more quickly. The rationale is that in the CBI's experience these Firms generally submit a more complete application and these individuals are often well-positioned to discuss the Firm's proposed risk management frameworks; proposed business model and governance; and to address CBI feedback.

Lack of Clarity and Changing Business Models

The CBI has noted an inability to properly describe the proposed business model and customer offering or a lack of detail regarding the products offered; the processes through which they will be delivered; or underlying assumptions as common reasons for prolonged application processes. To help iron out the details of the proposal, the CBI encourages Firms to engage with its Innovation Hub early to help ensure that the authorisation proposal can be clearly articulated before engaging with the authorisation team.

Substantial changes in the proposed business model during the application process are also liable to cause the CBI to raise further comments and queries, which will result in substantial delays. Firms can alleviate these risks by having a clear and detailed business plan prepared from the outset, and by making senior appointments who understand the Firm's business early in the authorisation process. Firms should also consider whether their proposed business model requires more than one type of authorisation and, if so, take steps to seek all required authorisations to avoid delays.

Delayed Responses and Non-Remediation of Issues

The CBI Expectations note that the CBI often experiences delays by Firms in responding to queries or providing requested clarification which slow down the process. Inordinate delays in responding to a request for information or a query from the CBI within 60 business days will lead to an application becoming dormant.

Where an application has become dormant, Firms seeking to subsequently re-engage with the CBI may have to recommence the assessment process entirely depending on the materiality of changes made to the application. In cases of persistent non-response or failure to remediate certain matters raised by the CBI, the CBI may deem the application incomplete and discontinue the assessment altogether.

It is therefore important that Firms work closely with their advisors to promptly prepare adequate responses to the questions and comments raised by the CBI and respond within any deadlines provided.

Localised Functions and Frameworks

The CBI notes that a common issue arising in applications for authorisation of Firms which are subsidiaries within a group structure is not having localised frameworks to manage local risk. The CBI Expectations make it clear that, for the purpose of effectively managing local risk, submitting group risk management frameworks will generally not be accepted by the CBI without appropriate adjustments. Firms should therefore ensure that their risk frameworks take account of the local risks faced by the applicant, whether that involves a bespoke framework or using a group framework which has been tailored for the applicant Firm and approved by the board.

The CBI also expects transaction approval authority on safeguarding accounts to reside within the local entity and not with group or outsourced providers. Firms should also ensure within their IT risk management frameworks that they have adequate local risk management staff as well as appropriate local internal governance to enable the Firm to identify, measure and monitor IT risk, and demonstrate the transparency of IT related governance and decision making. Where Firms propose to outsource the internal audit function to a group or third-party entity, the CBI will also expect adequate oversight of the outsourcing arrangement to be exercised to and ensure that a comprehensive service level agreement is in place.

PCF Suitability

The final element of the authorisation process which the CBI Expectations note most commonly causes delays is the approval of the Firm's candidates for Pre-Approval Controlled Functions ("PCFs"). In particular, the CBI notes that Firms often delay in identifying and proposing their candidates for PCF roles or propose unsuitable candidates who do not possess the necessary qualifications, skills, or experience to perform the relevant role.

Firms should ensure that they have conducted adequate due diligence on their proposed PCF candidates prior to proposing them. This will include consideration of not only the candidates' qualifications, skills, or experience, but also their capacity to perform the role having regard to their location and time commitments. Candidates, particularly those in governance roles, will often be required to be resident within the State to have sufficient proximity to have oversight of the Firm's operations. The Firm will also have to satisfy the CBI that, where a PCF candidate is employed on a part-time basis, the candidate can allocate sufficient time to adequately perform the proposed role. This will be particularly relevant where a candidate is proposed to perform more than one PCF role; in which case the Firm should provide a detailed rationale setting out how the PCF candidate would have sufficient capacity, qualifications and experience to effectively perform the proposed roles. To date, applications which have included proposals for PCF candidates to 'triple hat' PCF roles have not been approved.

Authorisation Timelines

Adequate preparation for submitting an application can help Firms to reduce the time taken to receive authorisation. The Electronic Money Regulations1 and the Payment Services Regulations2 each require the CBI to complete its assessment of an application for authorisation within three months of receipt of a complete application or, in the case of an incomplete application, within three months of receipt of all information necessary for the CBI to make a decision. Generally, however, the CBI Expectations note that it will usually take Firms at least 12 months to provide all necessary information.

How We Can Help

Our dedicated Financial Services Regulatory team has guided many clients successfully through the authorisation process with the CBI and have a clear understanding, from our experience, of what is expected to ensure a smooth and efficient authorisation process. We support support Fintechs and other clients across all regulated sectors in managing regulatory change, drafting policies, procedures and customer documentation, negotiating outsourcing arrangements, assessing corporate governance structures and guiding clients through engagements with the CBI from authorisation applications to supervisory and PRISM engagements (including RMPs and interview preparation) and more contentious enforcement issues.


1. S.I. No. 183/2011

2. S.I. No. 6/2018

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More