Legal act: Resolution of the Board of the Bank of Lithuania On the Amendment of the Resolution of the Board of the Bank of Lithuania No. 238 of 24 December 2009, On the Permits Issued by the Bank of Lithuania to Electronic Money and Payment Institutions.
Effective date: 12 November, 2020.
The main changes related to the content and requirements for applications for a payment or electronic money institution license:
- detailed requirements for the business plan, requesting a description of the business model (intended to provide licensing and other services, analysis of priority markets, detailed customer groups, service delivery channels, market entry plan, long-term goals, etc.).
- the institution must at all times have a minimum amount of capital in excess of the minimum amount of capital to cover unforeseen expenses; base the budget estimate and financial forecasts on evidence or have at least the amount of fixed general administrative expenses for the first financial year.
- to submit a completed report on material changes in the requirements for the safeguarding of funds of electronic money holders and payment service users, a written obligation to submit a copy of the concluded agreement on the safeguarding of clients’ funds to the Bank of Lithuania before the commencement of the provision of licensed financial services.
- to specify the number of employees planned to be hired and the main functions of the employees already hired or planned to be hired in the institution, the actual place of work (state) of the employees.
- a requirement arises to indicate the employees of the institution or persons who will be responsible for the preparation and submission of reports and notifications to the Bank of Lithuania, to indicate whether any of the electronic money or payment institution managers will actually (physically) work in the Republic of Lithuania, to explain how communication with the Bank of Lithuania for supervisory purposes in the state language will be ensured.
- there is a requirement to indicate the number of persons whose work responsibilities will be related to the implementation of money laundering and terrorist financing prevention measures, the applicant intends to hire after the issuance of the license, as well as the responsibilities of these persons.
- when providing initial risk assessment of money laundering and terrorist financing, related to its intended activities, it shall be detailed: the requirements for the description of customer risk assessment – requesting the identification of target customer groups according to their field of activity, natural / legal customer ratio, customer distribution by country of residence, other criteria according to which the applicant intends to group customers; geographical risks – by requesting the submission of the part of the services provided or planned to be provided by the applicant in the Republic of Lithuania and other countries, indicating the part of the countries where the services are planned to be provided.
- the question must be answered whether the applicant intends to provide financial services to other financial institutions, and if so, to which.
- participants are requested to indicate the policies and procedures that the applicant has in place to prevent money laundering and terrorist financing;
- to describe in writing the procedures for monitoring international financial sanctions of clients, client representatives, beneficiaries and transactions (what information systems will be used to monitor financial sanctions, what procedures will be followed, how will they be implemented).
- to describe in writing the procedures for checking clients, client representatives, beneficiaries and / or transactions in lists or databases of politically exposed persons (what information systems will be used for the inspection, how often the inspection will be performed, what procedures will be followed, how they will be implemented).
- information on the person(s) and internal units and service providers responsible for information and communication technology (ICT) and security management is required under 3 lines of defense (will come into force from the 1 Januar, 2021)
- there is a requirement to provide a list of the outsourced payment services operational and / or ICT services and the functions of the ICT system of any activity, including those outsourced from group entities, and details of such outsourced agreements (will come into force from the 1 January, 2021).
- there is also a requirement to submit a declaration in the prescribed form for the notification of major operational or security risk events.
- a requirement to provide a description of the application programming interface (API) is imposed: an assessment of whether the institution has an obligation to implement the API, an indication of the specific type of interface, the expected date of implementation in the test and production environment for third parties, and a contract or draft contract with IT service providers on the implementation of the technical API.
- the requirement to provide a description of the principles and concepts used in the collection of statistics is waived.
Both the companies that are preparing for the licensing procedure, as well as the already-licensed financial market participants shall be aware of the requirements highlighted by the Bank of Lithuania:
- to ensure capital adequacy.
- to comply with requirements for the safeguarding of clients’ funds, which covers ensuring that all mandatory clauses are set in the agreements.
- to have sufficient and experiences staff, including employees responsible for reporting to the Bank of Lithuania.
- to address AML-related risks and proper mitigation measures.
- to have policies and procedures ensuring prevention of money laundering and terrorist financing
Prepared by associate, assistant attorney-at-law Eglė Juškaitė