Central Bank Dear CEO Letter to Payment & E-Money InstitutionsJanuary 2023
On 20th January 2023, the Central Bank published a Dear CEO Letter (‘January 2023 Letter’) to payment and electronic money institutions highlighting recent supervisory weaknesses and reaffirming supervisory expectations and actions for these sectors.
The January 2023 Letter follows the December 2021 Dear CEO Letter
from the Central Bank to these institutions which it provided greater clarity on its supervisory expectations for the sector. The January 2023 Letter also refers to the Consumer Protection Outlook Report 2022
published in March 2022 which sets out the key cross sectoral risks identified by the Central Bank as the primary drivers of risk for consumers of financial services in Ireland and across the EU today. The Central Bank highlights these risks are particularly relevant to the payment and e-money sector based on what it has observed over the course of 2022.
It also refers to the recent reference in the International Monetary Fund’s (IMF) Technical Note on Oversight of Fintech in Ireland
of the payment and e-money sector’s growing importance within the broader fintech sector in Ireland.
The January 2023 Letter sets out actions identified by the Central Bank to remedy deficiencies in five key areas, namely:
- Governance, risk management, conduct and culture,
- Business model, strategy, and financial resilience,
- Operational resilience, and
- Anti-money laundering and countering terrorist financing.
The main focus of the January 2023 Letter is safeguarding. In the December 2021 Dear CEO Letter, the Central Bank asked all firms to comprehensively review compliance with the safeguarding requirements set out in the E-Money Regulations or Payment Services Regulations (as appropriate) by 31st March 2022. One quarter of those firms self-identified deficiencies in their safeguarding risk management frameworks, and deficiencies were later identified in other firms.
As a result, the Central Bank sets out its expectations as follows for firms to:
- Have robust, Board approved, safeguarding risk management frameworks in place which ensure that relevant users’ funds are appropriately identified, managed and protected on an ongoing basis. This includes the clear segregation, designation and reconciliation of users’ funds held on behalf of customer.
- Be proactive in ensuring that the design and operating effectiveness of the firm’s safeguarding frameworks is tested on an ongoing basis.
- Notify the Central Bank immediately of any safeguarding issues identified.
- Take mitigating and corrective measures immediately to ensure that users’ funds are safeguarded where, in exceptional circumstances, issues are identified.
- Investigate and remediate on a timely basis the underlying root cause of the safeguarding issue(s).
The Central Bank also request all payment institutions and e-money firms who are subject to the safeguarding requirements to commission an audit of their compliance with those requirements from an audit firm which has the necessary specialist skill to audit compliance in this area. Each firm must provide that audit opinion, together with a response from its board to the outcome of that audit, to the Central Bank by 31st July 2023
Given the 31st July 2023 deadline, the January 2023 Letter should promptly be brought to the attention of the board of any payment institution or electronic money institution and if your particular entity has a query regarding any of the issues highlighted by the Central Bank above, feel free to contact us at firstname.lastname@example.org
To read the January 2023 Letter in full, please follow the link below: Dear CEO Letter - Supervisory Findings and Expectations for Payment and Electronic Money (E-Money) Firms (centralbank.ie)