This article provides a brief overview of what an aspiring agent of a payment institution (“PI”), electronic money institution (“EMI”) or registered account information service provider (“RAISP”) needs to consider.
The principal-agent relationship
The principal is the entity that holds the full PI, EMI or RAISP authorisation. The agent acts on behalf of the principal to assist in the provision of the specific services for which the principal: (a) is authorised; and (b) has permitted the agent to act. The principal is fully responsible for the agent’s activities.
The registration process
The principal submits an application to register the agent through the Financial Conduct Authority’s (“FCA”) Connect system. The FCA has up to two months to consider a complete application. The agent cannot commence activities on the principal’s behalf until the registration process has been completed. The process is complete when the agent appears on the principal’s page in the FCA’s Register.
|Have you created a business plan?||Creating a good business plan helps to give a registration effort focus, especially if an aspiring agent eventually wishes to be authorised in its own right. Consider including at least:
|Have you budgeted for costs associated with seeking registration?||Aspiring agents are likely to require:
These items may cost more than you think.
|Have you created an organisation chart and job descriptions for your personnel?||Determine responsibilities and reporting lines. Document these. Add version control. A principal could request these documents. Match the skills of your directors and officers to the job descriptions you have drafted.|
|Have you performed criminal records checks?||Check what your principal requires in advance. A standard Disclosure and Barring Service (“DBS”) check is likely to be required for controllers, e.g. shareholders over 10% and key personnel, e.g. directors. The easiest way to perform criminal records checks is to use a comprehensive screening provider. Visit the following link for a list of Responsible Organisations.|
|Have you performed credit history checks?||Similar to the above, a comprehensive screening provider will usually link to key credit reference agencies for this purpose.|
|Have you verified the qualifications of key personnel?||Again, the best way to do this is to engage a comprehensive screening provider.|
|Have you taken references on your key personnel?||The principal may request confirmation that references have been obtained for key personnel.|
|Can you demonstrate that your personnel are competent?||Key personnel will be asked to demonstrate their competence (knowledge of services and the regulatory environment in which they are provided) upon seeking registration and periodically thereafter.|
|Anti-financial crime controls|
|Have you performed an anti-financial crime risk assessment?||Taking into account the nature of the services you will be involved in providing, you should risk assess your exposure to:
|Have you determined what policies you need?||Once you have performed your risk assessment, you should seek to put in place appropriate policies and procedures to mitigate any risks you face. A principal may request sight of these as a part of its: (a) due diligence processes for registering an agent; and (b) periodic reviews of your systems and controls.|
|Have your personnel been trained on their responsibilities?||Using the services of an e-learning provider is a cost-effective way of ensuring your employees obtain a basic understanding of the anti-financial crime environment in which a small agent will operate. Your principal may seek to enrol your employees in its e-learning programme. Enquire with your principal before purchasing any licences. As your business expands (or if you assess your business to be highly exposed to financial crime) you’ll probably need customised, classroom based training to develop the understanding of your employees.|
|Terms and conditions|
|Is it clear to a customer that you will be acting on the principal’s behalf? Is the agreement to provide payment services between the principal and the customer?||Per the answer to question 28 of part 15.4 of the FCA’s Perimeter Guidance Manual (“PERG”), the agreement to provide payment services must be between the principal and the customer. Accordingly, the aspiring agent must be careful to ensure any supplemental terms it produces does not misrepresent its status (an offence under the PSRs). Check with the principal what its expectations are and have any supplemental terms reviewed by a lawyer to make sure you don’t stray offside.|
|Data protection arrangements|
|Do you need to register with the Information Commissioner’s Office (“ICO”)?||The easiest way to determine if you need to register with the ICO is to take the Registration Self-Assessment here and record the outcome. If you do need to register, this can also be done online at the ICO’s website. Registration fees are normally very low (between £40 or £60). However, it is essential that you do this before collecting or processing any personal data.|
|Have you completed the ICO’s self-assessment checklists?||An excellent resource for small businesses, completing the ICO’s self-assessment checklists is a quick way to ascertain if you are ready to handle personal data.|
|Have you created a Privacy Notice?||Most aspiring agents are likely to be small businesses. The ICO provides a template for small businesses that you could use. When complete, you should upload this to your website and direct data subjects to it before you collect or process their personal data.|
|Have you written a Data Protection Policy and associated procedures?||These should document your policies, e.g. with regards to sending personal data offshore and processes for meeting specific obligations, e.g. subject access requests.|
|Have you provided all staff with data protection and information security training?||A similar approach could be taken to that recommended for anti-financial crime related learning.|
|Have you established what insurance you require?||You’re likely to require one or more of the following:
Your principal may require evidence of cover as a part of its due diligence.
|Have you checked what systems and controls insurers expect to be in place?||Insurers may impose systems and control requirements that are in addition to those expected by your principal and/or applicable regulations, e.g. in relation to business continuity or fraud controls. Accordingly, it is worth reviewing application paperwork early on to help prevent delays (or increased premiums!).|
Careful planning will enhance an aspiring agent’s prospects of achieving a swift registration.
A.C.Culley & Co. has experience in payment services operations and can provide practical assistance to entities seeking registration as a PI, EMI and RAISP agent. For more information, please contact us.
Originally published by Thomson Reuters © Thomson Reuters.
The Payment Services Regulations 2017, No.752. Available at: https://www.legislation.gov.uk/uksi/2017/752/contents/made (last accessed 1st March 2022).
2022. Payment Services and Electronic Money – Our Approach, Financial Conduct Authority, November 2021 (Version 5). Available at: https://www.fca.org.uk/publication/finalised-guidance/fca-approach-payment-services-electronic-money-2017.pdf (last accessed 1st March 2022).
2021. Perimeter Guidance Manual (“PERG”) 15.4: Small payment institutions, agents and exempt bodies. Available at: https://www.handbook.fca.org.uk/handbook/PERG/15/4.html (last accessed 1st March 2022).