The Bank of Lithuania announced the report of the payment market for 2020. They also informed the market participants that they would make all efforts to strengthen the maturity of the FinTech sector in Lithuania by putting emphasis on the management and internal control of electronic money and payment institutions (EMIs and PIs). At least 12 inspections, surveys or analyses are planned in 2021 and they cover about 70 EMIs and PIs. So what should be taken into consideration?
Growing FinTech market has led to closer supervisory attention
At the end of 2020, 132 EMIs and PIs were operating in Lithuania. The revenues from licensing activities of FinTech companies increased 2.2 times to EUR 142.4 billion, and payment transactions increased more than three times to EUR 51.2 billion. Although payment transactions and income of EMIs and PIs significantly increased, the Bank of Lithuania focused on strengthening the sector’s maturity and sought to ensure that the development of EMIs and PIs goes hand in hand with the compliance and the institutions would learn not only from their own mistakes.
Since the beginning of 2019, the Bank of Lithuania has carried out more than 50 inspections, surveys, analysis of or visits to EMIs and PIs. Violations in the management of money laundering and terrorist financing risks led to the revocation of the licenses of two institutions, and the revocation of another license in 2021. Failure to provide timely supervisory reports limited the activities of one institution. Fines were imposed on ten institutions for improper segregation and protection of client funds, as well as on the head of one institution that did not ensure proper compliance with the requirements for segregation and protection of client funds and for violations of other legal acts. A fine was imposed on one institution for violations of the Law on Payments of the Republic of Lithuania. One warning was revoked for non-compliance with capital requirements, one fine was imposed on one institution, eleven public notices of violations and two warnings were given.
The importance of internal control procedures in FinTechs
This information also corresponds to the letter “Dear CEO letter” of the Bank of Lithuania to the managers of electronic money and payment institutions operating in Lithuania where the Bank of Lithuania presented their expectations on the improvement of governance and internal control as well as strengthening of a compliance culture. In the letter to representatives of the FinTech sector, the Bank of Lithuania emphasized the requirements related to money laundering and terrorist financing risk management, equity capital, internal control, protection of customer funds, investigation of customer complaints, information and communication technology and security risk management, notification of the changes of managers and shareholders, reporting, data reliability, timely submission of reports and outsourcing.
“Internal control procedures help to safeguard assets, promote accountability as well as increase efficiency, and decrease the probability of fraudulent behaviour. Financial companies are expected to adopt a risk management program that provides a thorough and consistent evaluation of the nature and extent of risks to which they are exposed”, says Inga Karulaitytė, FinTech team leader, Partner of ECOVIS ProventusLaw.
She also pays attention to the following requirements and recommendations of the Bank of Lithuania:
- A need to have the organizational scheme, detailed description of the duties and responsibilities by specifying staff members responsible for management, internal control, risk management and process for implementation of compliance procedures.
- A need to have the main staff members responsible for decision making in Lithuania, i.e. AML manager, Compliance, local management, IT security.
- Involvement of the CEO into daily activities of the licensed entities and reviews, if the CEO has other duties in other organizations. The CEO must dedicate to the company as much time as possible.
- Evaluation of the competencies of the CEO, Compliance officer, IT security officer, AML officer; having and keeping the proof of the their proper education and experience in other financial institutions, as well as trainings which they have passed in recent years.
- Internal and external communication procedures, which are necessary to perform the activities, controls, management and supervision functions. Responsible persons for external communication with BoL must be appointed.
ECOVIS ProventusLaw services for strengthening of internal control, internal audit
ECOVIS ProventusLaw recommends performing the following internal audits in order to strengthen management and internal control:
- Internal management
- Internal communication
- Internal control
“Gaining and preserving the trust of consumers with robust risk management and internal controls is critical to the success of the financial technology business. Inadequate evaluation of potential risk scenarios can lead to unexpected surprises as a result of previously unknown risks. Our law firm has prepared recommendations of what companies should implement to ensure proper governance and internal control as well as strengthen compliance culture”, says Inga Karulaitytė.