Strict regulation and compliance is fundamental in financial services, and anyone operating in the payment space must satisfy a range of requirements before going into business.
Consumers need to be confident that their transactions are secure and that their chosen payment service provider (PSP) meets all its legal obligations. This applies to PSPs whether they are seeking approval as payment institutions or electronic money institutions - or indeed both.
As a PSP, Safenetpay is subject to close scrutiny by the FCA (Financial Conduct Authority) and must comply with legislation such as the Second Payment Services Directive (PSD2). Safenetpay was previously an authorised payment institution (API) and has now been re-licensed as an authorised electronic money institution (EMI).
Let’s take a closer look at the role of the FCA, what API and EMI mean, and how Safenetpay is satisfying the regulators and meeting European directives.
The FCA was created to regulate the conduct of the UK’s financial services. Its objectives include protecting consumers, building market integrity, and promoting competition. The FCA is responsible for monitoring the role and actions of PSPs and authorising their legal status as payment institutions and electronic money institutions.
The FCA establishes the basis for authorisation and the minimum standards that must be met to achieve authorisation. It will authorise or approve only those who meet these standards, and it will prevent anyone from entering the market who does not comply. For a detailed discussion of the criteria and standards for compliance, see the FCA’s Approach to Authorisation.
Knowing that firms are closely regulated and vetted means that customers can be more confident in their choice of a payment service provider, and it’s essential for the success of open banking.
An electronic money institution can issue digital money to store on electronic devices. To be authorised by the FCA, the institution must submit a range of business and operational details including:
● An e-money business plan
● Initial capitalisation
● Governance and internal procedures covering roles and responsibilities
● A description of how it will safeguard e-money funds
● A description of procedures for monitoring, handling and following-up security incidents and security-related customer complaints
● An anti-money laundering and countering terrorism financing policy.
The FCA will then analyse all the information. If it’s complete and covers due diligence, the FCA usually makes a decision within three or four months. A negative view will mean a ‘minded-to-refuse’ notice. If the application is successful, as in the case of Safenetpay, the FCA sends a ‘minded-to-approve’ notice followed by formal approval.
There is a distinction between an EMI and a small EMI. With the latter, the institution’s outstanding e-money must not exceed EUR 5m. Registration is cheaper and more straightforward than for an EMI, but there are no passporting rights. When passporting is granted, it means that a firm registered in the European Economic Area (EEA) can do business with any other EEA state without needing additional authorisation from each country. Because Safenetpay operates across Europe, it is an EMI with full passporting rights.
The FCA defines an authorised payment institution as an entity that is authorised to make payments and is included in the FCA’s official register of APIs. The definition spans organisations such as credit card processors, payment account operators, remittance operators, foreign exchange businesses, and payment initiation businesses. Now that Safenetpay has evolved from API to EMI, it can issue and hold electronic money.
If a business has an average payment turnover of no more than €3 million per month, it may elect to be registered as a small payment institution (SPI). However, SPIs are unable to provide payment services into other European Economic Area (EEA) member states, which is something Safenetpay provides as an EMI.
While the FCA is responsible for authorising and monitoring payment providers, the modern framework for payments is provided by the Second Payment Services Directive, which has opened the field for PSPs such as Safenetpay.
Under Directive 2015/2336/EU this new breed of providers can execute payment transactions (including credit transfers and direct debits), issue or acquire payment instruments, and provide remittances, foreign exchange, and account services.
E-money institutions, which share similar characteristics to payment institutions, are subject to Directive 2009/110/EC, which is separate from PSD2. EMIs can do all the things a payment institution can do and far more besides because of the versatility of e-money. For example, e-wallets do not exist under the payment institution specification.
It’s no mere formality to be granted licences in the payment space. Any payment business must be based on trust and have rigorous security. It must prove itself to regulatory bodies such as the FCA, and abide by legislation such as PSD2.
In becoming an authorised EMI, Safenetpay has strengthened its credentials as a versatile online payment service provider that meets the regulatory requirements for electronic money.