The Bank of Lithuania has shared comprehensive practical guidance which shall help FinTech newcomers to become ready and participate in licensing procedure.
There are group of basic and most common and tips which are tailored to each specific financial sector, i. e. starting from electronic money institution license and up to tips for specialized banks.
Main tips from the Bank of Lithuania:
- If you are using cloud computing services, check whether providers of these services do not qualify as third party service providers. Remember that agreements with such service providers are subject to specified requirements.
- Make sure that your designated person responsible for information security is independent (i.e. s/he is not subordinate to the IT manager and is not related to any ongoing IT processes).
- Make sure that when submitting the findings of the business impact analysis, which will provide the basis for a business continuity plan, you are to provide a list of business tasks (services to be provided).
For EMIs and PIs:
- Check whether you have included in your application dossier a clear and detailed explanation of how you intend to implement requirements concerning the open API (Application Programming Interface) resulting from the Commission Delegated Regulation EU) 2018/389 of 27 November 2017.
- Check whether you are providing your financial projections in line with the established and relevant form.
- Check whether you have included in your application dossier documents (e.g. an agreement or a draft agreement with a credit institution) to support that you meet the requirements of Article 25 of the Republic of Lithuania Law on Electronic Money and Electronic Money Institutions or of Article 17 of the Republic of Lithuania Law on Payment Institutions.
- Make sure that, as soon as you are granted the licence, you have the required specialists responsible for compliance and AML (anti-money laundering).
- If you intend to provide account information or payment initiation services only and, to ensure protection of customer funds, you will choose professional indemnity insurance, check whether you have included in your application dossier an insurance agreement or its draft.
- Check whether you are providing a report on the assessment of operational and security risks.
- Check whether, when describing the institution’s suspicious transaction monitoring scenarios, you have specified which of the scenarios will be implemented when monitoring the business relationship or operations of customers and whether your description is not limited to the copy-paste of the list of criteria for identifying possible money laundering and suspicious monetary operations or transactions, as approved by the order of the Director of Financial Crime Investigation Service.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances