Address by Director of Consumer Protection, Bernard Sheridan, at the Financial Services Ireland FinTech Task Force Meeting

I would like to thank Financial Services Ireland for inviting me to speak at its FinTech Task Force meeting on the topic of the regulation of payment and electronic money institutions.

The Central Bank of Ireland is the competent authority in Ireland for the authorisation and supervision of Payment Institutions (PIs) and Electronic Money Institutions (EMIs).  PIs are authorised under the European Communities (Payment Services) Regulations 2009 (the PSRs) which transposed the EU Payment Services Directive (Directive 2007/64/EC) (the PSD) into Irish law. EMIs are authorised under the European Communities (Electronic Money) Regulations 2011 (the EMRs) which transposed the EU Electronic Money Directive (Directive 2009/110/EC) (the EMD) into Irish law. These sectors are regulated by the Consumer Protection Directorate within the Central Bank under three broad functional areas of gatekeeper, supervisor and policy maker/influencer. 

The PI and EMI sectors encompass a broad range of business models. For PIs this includes, for example, merchant acquirers, payment account operators, money remitters and credit card issuers. EMIs can include businesses such as gift card issuers, eWallet providers, prepaid card issuers and virtual card issuers. The breadth of business models, advances in technology and the emergence of new providers are changing the landscape and positioning of payments. This also gives rise to new and changing services which we must understand and to which we must apply the relevant regulatory requirements.  There are currently 11 PIs authorised in Ireland by the Central Bank and, over the last 12 months of reporting, these PIs completed over 30 billion transactions worth over €2 trillion. There are currently no EMIs authorised by the Central Bank in Ireland.

In addition to firms meeting their prudential obligations, we also look to see that there is a consumer focussed culture embedded within the firms we regulate. In February of this year we published our first Consumer Protection Outlook Report which sets out our consumer protection objectives and the risks we see to those objectives.  We seek to deliver our consumer protection mission of “Getting it right for consumers” through what we call the 5 Cs framework.  The issues highlighted in the Outlook Report under each of the 5 Cs of Consumer, Culture, Confidence, Challenge and Compliance should resonate with and be relevant to all regulated firms providing products and services to retail consumers.  Our consumer protection focus is on requiring firms to make the essential cultural shift to putting the consumer first in all that they do, treating their customers fairly and with dignity and respect, and to demonstrate that this shift is deeply rooted and sustained throughout the organisation. 

So let me tell you a little about how we regulate the payments sector across our three functional areas.  

Our Policy Approach

Firstly, Policy.  Our Policy function works to ensure that the regulatory framework itself is fit for purpose and working for consumers. In the area of payments, this means discharging our role under the PSD and EMD as effectively as possible and working together with colleagues across Europe and beyond to continue to enhance this framework. This includes the reforms of PSD2, our work at the EBA on product oversight and governance, security of internet payments and virtual currencies and, in the wider international arena, our work at FinCoNet (where we are currently conducting an international survey on mobile and emerging technologies). We will continue through this work to monitor and respond where necessary to new ways of distributing financial services and new business models, working together with our peers in Europe to ensure that appropriate protections are in place given the cross-border nature of the PI and EMI sector’s business.  

Our Supervisory Approach

Secondly, Supervision. As outlined above there are a relatively small number of firms in this sector authorised and supervised by the Central Bank.  We have a range of supervisory tools which we use in order to monitor and enforce compliance with the relevant rules including both on-site and desk-based risk assessments of firms and thematic reviews. An increasing supervisory focus is on challenging industry on their culture, practices, products or services where we believe it poses or may pose a threat to our consumer protection objectives. The Central Bank has demonstrated its willingness to act when we see potential prudential and consumer detriment by taking regulatory actions where necessary, including consumer redress, directions and enforcement actions under our administrative sanctions procedures.

Our supervisory focus includes areas such as safeguarding of user funds, fees and charges, as well as the broader conduct business rules in place. We also require the payment institutions we regulate to demonstrate that they have the appropriate people, culture and control mechanisms in place to cope effectively with the ever emerging threat of money laundering and terrorist financing. 

Our Gatekeeper Approach

Thirdly, I would like to say a few words about our gatekeeper function as it is clearly important for the development of the sector and for new firms seeking to be authorised and subject to the Central Bank’s regulatory requirements. An applicant seeking authorisation must satisfy the Central Bank that it is able to fulfil the obligations of such an authorisation as set out by the relevant EU directive and transposed into Irish law.  In fulfilling its statutory role in this regard, the Central Bank adopts a structured, robust and risk based process that seeks to ensure that only those firms that demonstrate compliance with these authorisation requirements are authorised.  

The legislation requires applications to include a significant amount of information and requires firms to demonstrate their ability to meet a number of prudential and conduct requirements. These include maintaining sufficient capital, safeguarding user funds, maintaining appropriate governance and control mechanisms (e.g. risk, audit, compliance, AML/CTF) and maintaining appropriate staffing levels. These requirements stem from EU directives and it is the compliance by a firm with these requirements that provides the basis for that firm to passport its services into other Member States without requiring additional authorisations.  Clearly this function is very important in controlling who is authorised to conduct business with retail consumers across Europe with responsibility resting with the Home Member State.  

The Central Bank’s authorisation process currently involves 3 phases – the pre-application submission, the preliminary meeting, and the application submission enabling potential applicants to engage with the Central Bank in advance of any formal application being submitted, and to gain a better understanding of the regulatory requirements.  It also enables the Central Bank to consider how the proposed business model would fall within the existing categories of regulated firms. We considered this especially appropriate in such a dynamic and innovative environment where firms look to bring new products and services to the market to compete with existing providers and where there is no ‘one size fits all’ in terms of either the authorisation process or what we need to focus on for a given individual application. 

Our authorisation process is subject to on-going review and we have been considering how we can move to a more effective and facilitative approach to progressing applications which meet the authorisation standards.  Feedback received from a number of sources has been useful in helping us review and refine our approach.  We have identified a number of key principles to underpin our authorisation approach and specific areas which we believe will assist us in moving to a speedier, more streamlined and effective authorisation model including:

• Accessibility – we will be offering potential applicants the option of an initial meeting with us to discuss the application process and key areas that need to be addressed in any formal application. This is designed to enable firms to focus on making their formal application rather than engaging with us on specific details in a pre-application process. We will also continue to deal with questions/queries from applicants during the authorisation process should they arise. 

• Transparency - we will be further streamlining the authorisation process to ensure that all applicants have a better sight and understanding regarding the authorisation process and, importantly, the stage that their application is at and the next steps in progressing the application. 
• Timelines – following the receipt of an application, we will be clearer with applicants on the expected timelines involved in reviewing their application. 
  We will continue to review the effectiveness of this approach in order to ensure it is working to achieve all of our objectives.

Conclusion

I have outlined the Central Bank’s policy, supervisory and in particular the gatekeeper framework and our underpinning principles and approach within the payments sector that takes account of the nature of the business of providers within this sector.  Our framework is subject to on-going review and enhancement to ensure that we are acting as effectively, expeditiously and efficiently as possible, and are responding to firms in an accessible, open and facilitative way that provides both clarity to applicants and the necessary feedback to enable them to progress through the process in keeping with business timelines. However, it is not our role to be advisors to applicants.  Rather, the onus is on firms to satisfy themselves and to demonstrate to the Central Bank that they meet the required standards to be authorised in Ireland within the overarching European legislative requirements.   It is therefore important that firms are familiar with the relevant regulatory standards and requirements and, where required, that they receive the necessary expert advice in the development of their business models at the earliest possible point that reaches and seeks to exceed these standards.

The service of moving people’s money from one part of the world to another plays an important part in the lives of many consumers and businesses and I believe that both firms and regulators alike must ensure that consumers can have  confidence in that service, now and in the future.  This is all the more so against a backdrop of an ever-increasing number of varying options for consumers within an industry that is inherently international and which seeks to use new technologies and innovations. 

The Central Bank is committed to playing its part in effectively, expeditiously and efficiently authorising and supervising payment firms to ensure that the highest standards are set and met.  What is good for consumers is good for business and the challenge for all firms is to go beyond tick-box compliance to embedding a sustainable compliance-centric culture that is firmly focused at all times on getting it right for consumers.