EBA shows peer review for PSD2 authorisation


The European Banking Authority (EBA) has published its peer review on authorisation of payment institutions and e-money institutions under the revised Payment Services Directive (PSD2)

The European Banking Authority (EBA) has published its peer review on authorisation of payment institutions and e-money institutions under the revised Payment Services Directive (PSD2). According to the general reviews, there are increased transparency and consistency of the information required in the authorisation process.

However, the peer review also identified reportedly significant divergences in competent authorities’ assessment and the degree of scrutiny of applications. Thus, the review established a series of measures to address such divergencies, to level out the supervisory playing field, and to mitigate against ‘forum shopping’. The review looked over the EBA Guidelines implementation in this area.

Overall, the EBA discovered that competent authorities have mostly or fully applied the Guidelines, thus contributing to consistency and transparency in the authorisation process. However, the peer review identified divergent practices in relation to the assessment of business plans, applicants’ governance arrangements, and internal control mechanisms. It also highlighted differences in applicants’ compliance with PSD2 requirements on ‘local substance’, i.

e. the need for payment institutions to have their head office in the Member State where they are seeking authorisation and to conduct part of their activities there. The average duration of the overall authorisation process was found to vary seriously across competent authorities, from 4 to 20 months or more.

The delay seems to be mainly caused by the quality of applications and applicants’ timeliness in addressing the identified issues. However, different timelines set out in national laws and different procedural approaches in the acceptance and assessment of applications also cause variations in duration. The EBA adopted follow-up measures for competent authorities, which it will review in two years’ time and some best practices, which might benefit competent authorities.

These follow-up measures include targeted measures for specific competent authorities to strengthen consistency and effectiveness, as well as follow-up measures for all competent authorities, to: review their authorisation resources and processes to ensure that they remain adequate to scrutinise applications within a reasonable timeframe; ensure that applicants have a ‘three lines of defence’ model that includes the functions of risk management, compliance, and internal audit, where the nature, scale, and complexity of their activities makes this appropriate; and ensure that applicants are effectively managed and controlled from the jurisdiction in which they seek authorisation. The review also concluded that any future review of the Guidelines should provide more detailed guidance on how the proportionality principle should be applied in assessing the suitability of shareholders with qualifying holdings. Finally, the review recommends to the European Commission to clarify, as part of its ongoing PSD2 review process, the delineation between the different categories of payment services and e-money issuance, the applicable governance arrangements for institutions, including the criteria that competent authorities should use in assessing the suitability of management, and what having sufficient local substance requires.

.


Jan 12, 2023 13:23
Original link