Some of the biggest global names in the payment and fintech space have chosen Ireland as their European base through authorisation here as a Payment Service Provider (PSP) and this is reflected in the continued growth in payments. In this article, Ian Nelson and our Fintech team explore the regulatory requirements for becoming a PSP, as well as the re-authorisation of firms under PSD3/PSR.
According to the Central Bank of Ireland (CBI) statistics, during 2022, 3.5 billion payment transactions amounting to just over €10.4 trillion were recorded by Irish resident PSPs. This represents an increase of 36.5% in the volume of transactions and 12.2% increase on the amount compared with 2021. 1
As Ireland remains an attractive market for firms with access to skilled, English-speaking resources, the ability to provide services on a cross-border or branch basis through passporting rights and favourable tax incentives, we provide an overview of some of the authorisation requirements under PSD2 for those Firms seeking licences here. Furthermore, we look at the potential changes that PSD3 will bring in regard to already-authorised firms who will need to be re-authorised as a result of the regulatory changes.
We are happy to discuss the regulatory framework with you, including both regarding firms who are initiating a licence application in Ireland as well as those already authorised who are seeking insights into how they should be planning for re-authorisation.
1. (Central Bank of Ireland, Payment Statistics Quarterly, 01/12/2023)
Regulatory framework for current applications
Under PSD2 regulation, the CBI who is the competent authority for authorisation, prudential regulation and supervision of PSPs has defined the following process for obtaining a licence as a PSP;
Pre-application meeting
This meeting is scheduled between potential applicants and the CBI‘s Payments Authorisation team to provide direction on application requirements.
While the CBI is not able to provide legal advice, potential applicants should use this time to seek clarity on any aspect of the application
Submission of application
Application forms should be completed per the CBI application form template and in consideration of the CBI Guidance
CBI receipt acknowledgement
The CBI will acknowledge receipt of an application for authorisation/registration submitted by the applicant within 3 working days.
CBI key information check
The CBI will check that the application material submitted contains all the key information and documentation required to proceed to the assessment phase. A response will be provided within 10 days.
CBI Assessment – 90 working days*
While there is a 90 working day assessment period for applications, typically the CBI will have queries throughout the application process and therefore the 90 day 'clock' will be paused until information is shared with the CBI. In our experience, applications can take 9-12 months.
Notification of assessment and decision
Notification of Assessment – the CBI will notify the applicant of the outcome of the assessment phase as follows: assessment is favourable or not favourable and the applicant has an opportunity to respond.
Notification of Decision – Letter issued by the CBI advising approval, approval with special conditions, or refusal.
Assessment topics
The key assessment topics for application are set out below. While the authorisation process is relatively straightforward, Firms should not underestimate the expectations of the CBI in regard to demonstrating a robust business model that is appropriately capitalised and has primacy as a local legal entity.
Firms should therefore seek to demonstrate to the CBI a strong presence in Ireland, backed by an appropriate senior management team that complies with fitness and probity requirements as well as an organisational structure that demonstrates a three lines of defence approach to risk management.
While the application form does not require submission of all of the Firm’s policies and procedures, there is also an expectation that key documents to support the Firm’s business are in place at a legal entity level and show awareness and compliance with legislation as well as CBI expectations.
We have seen the CBI’s supervisory approach to payment and e-money institutions intensify over the past 24 months with the publication of two industry Dear CEO letters calling out key areas for firms to consider including safeguarding, governance, business model, outsourcing and AML.
As the focus continues to grow in this area particularly through the shift to instant payments, growth in open banking and broader regulatory landscape, the CBI are likely to continue to intensify its review of licence applications to ensure new Payment Service Providers are set up in the right way to meet the requirements of the ever-changing payments landscape.
How KPMG can help with your application
We have “hands on” experience of the CBI’s authorisation process and can set you up for success from the outset of your journey as a Payment Service Provider. For current applications we leverage a ‘best in class’ and peerless CBI network and will draw on our deep knowledge base of the Authorisation process. We can help you to:
- Shape and craft the narrative for pre-application discussions with the CBI for the authorisation sought;
- Review and/or develop your application components;
- Review and challenge of the complete Application before submission to the CBI; and,
- Provide advice on any application queries including providing key insights with regard to the CBI governance process.
Re-authorisation under PSD3/PSR
Noting the evolution of payments, the authorisation process is also set to evolve with the introduction of PSD3/PSR. One of the objectives of PSD3 / PSR is to simplify the regulatory structure governing payments across Europe.
Reflecting this objective, a key proposed change is the merger of the licencing and authorisation frameworks applicable to Payment and E-money Institutions to increase harmonisation of the regulation and supervision process across Europe with the Electronic Money Directive.
With the consolidation of their legislative basis, E-money firms will become a subset of Payments Institutions and existing Payments Institutions and E-money firms will have to reapply for authorisation under PSD3.
What re-authorisation will look like, depends on several factors, including:
- Where competent authorities have evidence that a currently advised Firm meets the requirements of PSD3 they can automatically authorise these firms as PSPs.
- Firms will need to seek re-authorisation from national authorities within 24 months of the new rules coming into force, with existing licences grandfathered for 30 months after PSD3 enters into force.
- Where a Firm does not meet the authorisation requirements of PSD3, the competent authority will decide what measures are necessary to ensure such compliance and if a firm ultimately does not meet the requirements, it will no longer be authorised as an E-money form or Payment Institution once the grandfathering period ends.
- In general, while the requirements for authorisation shouldn’t change significantly, and many firms will meet the majority of the requirements, some of the key changes to promote consistency in authorisation are related to winding-up plan, notification procedures for limited network activities, professional indemnity insurance and initial capital requirements adjusted for inflation.
The new PSD3 legislation is still at proposal stage, and the exact timelines for entry are yet to be finalised, but final versions should be available at the end of 2024, meaning the directive and regulation will likely start to apply from 2026.
What should you do now?
While the proposals for PSD3 / PSR will undoubtedly evolve, firms should not delay in considering the likely impacts the regulatory requirements will have on their business models.
In consideration of the upcoming changes, PSPs should start to prepare by undertaking a gap analysis against the PSD3 / PSR requirements to identify a remediation plan and undertake implementation of the necessary requirements to meet the legislation.
How KPMG can help
We can help prepare you for the upcoming changes as it relates to PSD3 / PSR including:
- Supporting you with preparation of a gap analysis against the relevant regulatory requirements;
- Partnering with you in shaping and crafting the narrative for any discussions with the CBI with regards your authorisation/re-authorisation;
- Helping you to remediate any areas of deficiency where you need to enhance your regime in order to meet PSD3 / PSR; and,
- Supporting you with the implementation of changes to ensure timely compliance.
Get in touch
If you have any queries on the PSP application process, or the implications of PSD3/PSR for your business, our Fintech team are here to help. We look forward to hearing from you.