Get Started

Dec 09, 2019 | Risk Management

Payments and Fintech Regulation: Licensing and Hot Topics

Justin Simon -Shore, Counsel and Director at Western Union Business Solutions, and Max Savoie, Senior Associate at Sidley Austin LLP, recently gave a webinar about regulatory licensing and hot topics in the payments and fintech space. For those who didn’t get a chance to listen to the webinar, we wanted to provide you with some highlights and key takeaways.

For payments, fintech and other financial and technology service providers across Europe, questions are asked every day about how to balance the commercial focus of a business (i.e. drive customers, bring products to market, innovate, drive growth and progress, etc) on one hand, and “dealing” with compliance and/or regulatory matters on the other.  Topics like licensing, KYC, data protection and risk management can seem unwelcomed distractions for a business that is not familiar or well resourced in these areas.

Overall, while regulation can be challenging, we believe a savy firm operating in this space can use licensing and overall regulatory oversight and controls to the benefit of its customers and ultimately its business. There are a few key points that all such firms should consider:

  1. Consider what you’re selling

Generally, regulators and policymakers care just as much as you do about what products and services are being offered to customers, particularly end-users of financial and technology services. They care because – when it comes to oversight and the sale of financial products – the customer may need certain protections.

When thinking about what products and services your business is selling, consider whether they are financial products or could be seen by the customer as a financial product which deserves the protections from regulation.  

  1. Does the business require a license?

Let’s say you have a payroll administrative business that collects in funds from your clients and helps to arrange payments to employees of your clients around the world. You aren’t a bank or a similar financial institution, so you need to hire someone who has the relevant banking infrastructure.

We have seen the above business many times and are sometimes asked whether this business model requires a license. This is not a simple question. However, the key points to consider here are:

  1. Are you holding or controlling funds?
  2. Do you allow your clients to store value or prefund an account?
  3. Are you providing a service to enable your client to transfer money from an account at a bank or another payment service provider (even if you don’t hold the account or the funds)?
  4. Are you providing a service to allow your client to see data across different bank, credit card or other payment accounts?

Your answers to these questions are likely to determine whether a license is required in the UK or in other EU/EEA member states, if you have customers or operations in any of these jurisdictions. These types of questions are also likely to be relevant for determining whether you require a license in other countries. However, the relevant rules will depend on the jurisdiction. Providing a regulated payment or other financial service without a license is usually a criminal offence and could expose the company to significant fines and other liabilities (including to clients), as well as reputational damage. In short, licensing is something businesses need to get right.

  1. Rules for licensing

Updating a license for new permissions or getting a brand new license doesn’t need to be a daunting or overwhelming experience. You will effectively need to satisfy the regulator that you can be trusted to provide the relevant regulated services in accordance with applicable rules and that your business and its key personnel and contractors have the appropriate knowledge and skills to do so.  Regulators will care about, amongst others, things like:

  • Do you have enough capital to give customers enough of a buffer in case your firm gets into financial difficulties?
  • Do you have a strong business plan to substantiate your products and license?
  • Do you have the right compliance, risk management and data management frameworks in place?
  • How do you manage and supervise your outsourcing arrangements?
  • How do you conduct KYC on your customers?

You may need help from consultants and/or lawyers to determine which particular regulatory rules apply to your business and how to satisfy these for your business, including preparing and implementing appropriate policies, systems and controls and ensuring agreements with clients and key suppliers include any provisions required by regulation.

  1. Do you need a partner?

As we mentioned above, outsourcing and oversight is an important consideration for regulators. This is because accountability and governance of a financial services business is seen as a critical part of its overall risk management and a precondition of operating in the regulated space. There are also potentially major negative impacts to customers if things go wrong. That said, partnerships and outsourcing are increasingly becoming part of the financial services landscape and generally regulators understand that most firms cannot operate alone. 

If your business needs help with processing KYC and gets a third party to help, this is outsourcing. If your business doesn’t have the bank accounts or payment rails and hires a third party to help, this is outsourcing. If you’re part of a group where different companies perform different functions (all supporting your customers), this too can be outsourcing. Having emails and client data on a cloud can also trigger outsourcing rules and regulations.

The European Banking Authority has published guidelines setting out how regulated payment service providers in the EU must be manage such outsourcing arrangement, including provisions they should include in their agreements with outsourced service providers. These expand on requirements under PSD2 and other EU Directives. 

When thinking about outsourcing, it’s important is that your business looks at what functions it’s given away to a third party (even within the same group) and considers what controls and oversight it has in place to help ensure your customers are always protected if something were to go wrong.

Listen Now

This blog was written by Justin Simon-Shore of Western Union and Max Savoie of Sidley Austin LLP.

This blog has been prepared by Sidley Austin LLP and Affiliated Partnerships (Sidley) for informational purposes and is not legal advice. Views reflected in this presentation may not represent the views of Sidley or its clients. This information is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. All views and opinions expressed in this presentation are those of the presenters and you should not act upon this information without seeking advice from a lawyer licensed in your own jurisdiction. Sidley is not responsible for any errors or omissions in the content of this presentation or for damages arising from the use or performance of this presentation under any circumstances.

The information contained within this blog does not constitute financial advice or a financial recommendation, is general in nature and has been prepared without taking into account your objectives, financial situation or needs.