How to prepare Risk map for payment and e-money institutions?

The Bank of Lithuania has set requirements for electronic money institutions and payment institutions regarding internal control, risk management and safeguarding of received funds (Resolution No. 03-106). According to this resolution, electronic money institutions and payment institutions should have approved risk strategy, assign responsible for risk person, who should present to the management body quarterly risk map and annual risk report.

Which risks should be covered with the risk map?

Risk map it is a list of all companies existing and potential risks, risk evaluation, risk mitigation measures, responsible person in the company and defined acceptable risk level (limits). While preparing risk map, following threats should be taken into consideration:

  • Operational risk;
  • Counterparty credit risk, settlement risk;
  • Liquidity risk, capital risk;
  • Concentration risk;
  • Market risk;
  • Business (strategic) risk.

Special attention requires operational risk as its risk assessment should follow requirements of the Bank of Lithuania:

  • IT and IT security risks (resolution of the BoL No 03-174);
  • Outsourcing risk (resolution of the BoL No 03-166);
  • AML/TF risk (Law on the Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania);
  • Compliance risk;
  • Products, process and reporting management risk;
  • Employment practices and workplace safety risk;
  • Fraud risk;
  • Legal risk.

The Bank of Lithuania has already announced the financial market participant inspection plan for 2021. The inspections will largely focus on risk management, compliance with internal control requirements and anti-money laundering/counter-terrorist financing regulations, as well as quality assurance. Bank of Lithuania plans five audits of EMI (to be announced in June) on internal control and management system reliability.

ECOVIS ProventusLaw recommendations for financial market participants:

  • To ensure that Company has assigned person for risk management, directly reporting to the collegial management body.
  • To assess all company ‘s risks, management body should approve the risk map.
  • To ensure a clear and effective organizational structure according legal requirements.
  • To approve risk strategy.
  • To check compliance of internal documents to the regulations of the Bank of Lithuania, which came into effect from January 1 of this year.

Should you have some questions, please contact risk experts of Ecovis ProventusLaw.


Newsletter SubscriptionGet in touch