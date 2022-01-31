Against the backdrop of the increasingly important role played by electronic money (e-money) institutions and payment institutions in the financial system, and the growing reliance placed on those firms by consumers, the Central Bank sent a Dear CEO letter to the CEOs of Irish e-money institutions and payment institutions on 9 December 2021.
In its letter, which focused on areas that are consistently at the forefront of the Central Bank's supervisory agenda (namely governance and risk management, conduct and culture, safeguarding customer funds, sustainable business models and financial resilience, operational resilience, anti-money laundering and counter terrorist financing (AML/CFT), and orderly resolution/wind-up), the Central Bank:
- summarised its supervisory expectations of those firms (noting that supervisory responsibility for those firms has recently moved to the Central Bank's Credit Institutions Supervision Directorate);
- asked the CEO of each firm to bring the letter to the attention of the firm's board of directors (the Board); and
- set out the actions that it expects the Boards and senior management of those firms to take to ensure compliance with their regulatory requirements and authorisation conditions.
THIS BRIEFING LOOKS AT THE REVIEW THAT FIRMS MUST CARRY OUT BEFORE 31 MARCH 2022, AND THE OTHER STEPS THAT THEY SHOULD TAKE TO ENSURE COMPLIANCE WITH THE CENTRAL BANK'S SUPERVISORY EXPECTATIONS.
WHAT SHOULD E-MONEY INSTITUTIONS AND PAYMENT INSTITUTIONS BE DOING NOW?
Comprehensively review safeguarding requirements and authorisation conditions by 31 March 2022
Each CEO, together with the Board of the firm, must comprehensively assess the firm's compliance with the safeguarding provisions of the European Communities (Electronic Money) Regulations 2011 (E-Money Regulations) (in the case of e-money institutions) and the European Union (Payment Services) Regulations 2018 (Payment Services Regulations) (in the case of payment institutions).
The assessment must also look at the firm's compliance with its conditions of authorisation.
Confirm completion of the review to the Central Bank by 31 March 2022
The firm's Board must oversee the review, and consider both the conclusions of the review and any remediation issues arising from it.
The firm's Board must confirm to the Central Bank by 31 March 2022 that the review has been carried out and concluded.
Approve a remediation plan for any issues identified by the review
|If issues are identified during the review, a Board-approved remediation plan must be put in place that ensures the timely resolution of any issues identified.
Supervisory Expectations
To meet the supervisory expectations set out by the Central Bank in its Dear CEO letter, the Board of each payment institution and e-money institution must be satisfied as to how the firm manages certain key priority areas.
WHAT AREAS SHOULD FIRMS PRIORITISE?
Governance and Risk Management
Each firm should assess:
Conduct and Culture
Culture and conduct are at the heart of the Central Bank's supervisory agenda, and at the core of its proposed new Individual Accountability Framework (see the Financial Regulation: Individual Accountability and SEAR section of our website for our detailed analysis of the proposed framework).
Each firm should:
Safeguarding
The importance attached by the Central Bank to safeguarding customer funds is clear from its requirement that e-money institutions and payment institutions review compliance with the applicable legal and regulatory framework by 31 March 2022 (considered at the start of this briefing).
Each firm should also check:
Business Model and Financial Resilience
Each firm should examine:
The Central Bank reiterated in the Dear CEO Letter that it does "not expect to see firms' business ambitions running ahead of their control environment".
Operational Resilience
Each firm should ensure that:
Echoing its expectations regarding governance (see above), the Central Bank also expects responsibility for IT and cyber risk strategy, and any outsourced activities, to rest with the firm's Board.
AML/CFT
|Each firm must ensure that its AML/CFT risk assessment focuses on risks specific to the firm's business model, is not merely a 'tick-the-box' exercise, and does not reflect a generic rules-based approach.
Resolution/Wind-Up
Each firm should ensure that it has an appropriate exit/wind-up strategy that is linked to its business and operational model, and focuses on the prompt return of customer funds.
The Central Bank highlighted the importance of a firm ensuring, if it fails, that the ensuing insolvency process is capable of being managed "in an orderly fashion without customer detriment".
Comment
There is significant breadth to the areas of focus identified by the Central Bank, with almost the entire waterfront of key regulatory requirements applicable to a payment institution and e-money institution being covered.
The particular and immediate focus on safeguarding makes sense given the very significant impact on customers if a firm's safeguarding arrangements fail. It is clear that the Central Bank expects a firm's Board to take ultimately responsibility for this issue and for all of the other areas of focus identified by the Central Bank.
This article contains a general summary of developments and is not a complete or definitive statement of the law. Specific legal advice should be obtained where appropriate.