knowledge 6 July 2023 |

Ireland as a Location for E-Money Institutions 2023

Aside from Ireland’s position as a FinTech hub, there are a number of advantages to being authorised in Ireland as an e-money institution, including:

• a strong regulatory framework with a credible and experienced regulator, the Central Bank of Ireland (“CBI”);

• a favourable passporting regime with the ability to passport to other EEA Member States either on a branch or a cross-border services basis;

• a favourable tax regime, due to a combination of a 12.5% corporate tax rate and an exceptionally extensive and comprehensive set of double tax agreements; and

• access to a sophisticated financial services ecosystem with a deep pool of staff, managers, professional advisers, regulators and service providers including not only native English speakers but a sizeable international population.

Regulatory Framework

E-money is regulated under the European Communities (Electronic Money) Regulations 2011 (the “E-Money Regulations”), which transpose the E-Money Directive 2009/110 into Irish law, without any significant additional national measures or “gold plating”.

The CBI is responsible for the authorisation, prudential regulation and supervision of e-money institutions in Ireland.

The Markets in Crypto-Assets Regulation (“MiCA”) will introduce a new regulatory framework for European crypto-assets, and notably it will establish new rules for stablecoins, including e-money tokens. There are strict conditions on the issuance of e-money tokens under MiCA, with a requirement for e-money tokens to be issued either by a credit institution or an e-money institution. Therefore, once MiCA becomes operational, additional business opportunities may arise for e-money institutions.

Passporting

An e-money institution can avail of the right to issue, redeem and distribute e-money and provide the services for which it is authorised in Ireland throughout the EEA. An e-money institution authorised in another EEA Member State can also passport into Ireland.

An e-money business established outside the EEA can obtain passporting rights either by establishing itself or a subsidiary in Ireland (or in another Member State) and obtaining authorisation as an e-money institution from the CBI (or from the relevant national competent authority in another EEA Member State) or by acquiring an existing authorised e-money institution.

Authorisation Requirements

An entity that wishes to become authorised as an e-money institution under Irish law must fulfil a number of requirements. In particular, applicants will be expected to show that they will have substance in Ireland, be adequately capitalised, have appropriate arrangements in place to run an e-money institution and comply with fitness and probity requirements.

Substance

The CBI places considerable emphasis on ensuring that the applicant’s “heart and mind” will be located in Ireland.  This essentially means that the CBI will need to be satisfied that the applicant will be properly run in Ireland and that the CBI will be able to supervise it effectively.  Among other things, the CBI will expect to see present in Ireland:

• a senior management team with strength and depth overseen and directed by a strong board; and

• an organisation structure and reporting lines which ensure there is appropriate separation and oversight of all activities.

In terms of residency, the persons who are to fulfil the applicant’s core functions should operate out of Ireland and the expectation is that virtually all of the senior personnel will be permanently based in Ireland.

An Irish authorised e-money institution can outsource/delegate activities to entities in other jurisdictions.  However, overall responsibility for ensuring compliance with legislative requirements must stay in Ireland.  In addition, an e-money institution must notify the CBI when it intends to outsource critical or important functions (or when it intends to materially alter its existing outsourcing arrangements for such functions). The E-Money Regulations set out a number of requirements with which an e-money institution must comply when outsourcing “important” operational functions, such as IT systems. The CBI expects an e-money institution to comply with the EBA’s Guidelines on Outsourcing, as well as the CBI’s Cross-Industry Guidance on Outsourcing.

Capital Requirements

An e-money institution must hold initial capital of at least €350,000. The actual amount of initial capital required for each individual firm will be notified to the firm as a part of the authorisation process, and can vary depending on the nature, scale and complexity of the applicant’s business.

Arrangements

An applicant will need to provide detailed information to the CBI regarding how it intends to function as an e-money institution, including details of its: programme of operations; business plan; structural organisation; governance arrangements and internal control mechanisms; and business continuity arrangements procedure for dealing with security incidents.

Governance and Risk Management

An applicant is required to maintain governance arrangements, control mechanisms and procedures that are proportionate and appropriate to their business. In addition, an applicant must consider the composition (both number and skills) of their board and management team, to ensure they are sufficient to run their business from Ireland. An applicant’s board has responsibility for setting and overseeing the strategy of the firm, and ensuring that adequate and effective governance, risk management and internal control frameworks are in place.

Conduct and Culture

An applicant is expected to have a consumer-focused culture with robust internal systems and controls, including well developed risk management frameworks.

Safeguarding

An applicant must have a safeguarding risk framework in place, approved by its Board, which ensures that relevant client funds are appropriately identified, managed and protected on a day-to-day basis. There must be oversight of this framework by an applicant’s second line of defence (risk and compliance functions) and third line of defence (internal audit). In 2023, an external audit of safeguarding requirements is required for e-money firms who safeguard users’ funds. While this audit is just for 2023, depending on the outcome of the audit, it is possible that similar audits may be required in the future.

Business Model, Strategy and Financial Resilience

An applicant is expected to have a capital accretive business model that is viable and sustainable with due regard given to potential firm specific and wider market stress scenarios.

While an applicant may operate as part of a larger group, and be reliant on group strategic decisions to inform local strategy, there must be sufficient financial (capital and liquidity) and operational (resources, IT systems etc.) capacity and capability within the firm to execute that strategy.

An applicant is expected to have robust strategic and capital planning frameworks which demonstrate that they have a good understanding of the risks that they face and their potential financial impact, such that they can proactively manage their capital to ensure that they are in a position to meet their own funds (capital) requirements on a stand-alone basis at all times, i.e. sufficient regulatory capital is available to absorb losses, including during stress conditions.

An applicant is expected to have board-approved business strategies in place supported by robust financial projections and must understand and meet their capital requirements at all times. Strong internal controls must be in place, that are subject to regular testing, to ensure the accuracy and integrity of data used by the firm for regulatory reporting purposes, and for strategic and financial planning.

Operational Resilience

The CBI expects an applicant to be able to respond to, recover and learn from operational disruptions. If an applicant is part of a wider group, the CBI will expect the applicant to operate sufficiently on a stand-alone basis to ensure the primacy of the legal entity authorised in Ireland.

An applicant’s board and senior management teams must ensure they themselves have the skills and knowledge to meaningfully understand the risks their firm faces and the responsibilities they have. This responsibility also extends to outsourced activities where the activities are conducted on the firm’s behalf by any third party, including any group entity.

Financial Crime

As a designated firm, an e-money institution must comply with the know-your-customer / anti-money laundering (AML) obligations set out in the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010. An applicant must have a strong AML control framework that specifically focusses on the money laundering and terrorist financing risks arising from the applicant’s business model.

Where distributors and/or agents undertake AML preventative measures and controls, such as customer due diligence (CDD), on behalf of an e-money firm, this must be completed in line with the e-money firm’s own risk assessments and AML policies and procedures. E-money firms must also exercise adequate oversight of their agents and distributors with an appropriate level of ongoing assurance conducted. E-money firms must undertake appropriate assessment of their agents and distributors that undertake activities on their behalf. The responsibility for carrying out customer risk assessments and CDD on the end user of the products and services ultimately rests with e-money firms, even where such tasks are being performed by agents and distributors.

Resolution and wind-up

An applicant is expected to have an appropriate exit/wind-up strategy which is linked to their business and operational model that ensures the return of customer funds as soon as is reasonably practical in an exit/wind-up scenario.

Fitness and Probity

Once an application is submitted, the applicant will also need to ensure that all relevant individuals proposed to hold a Pre-Approval Controlled Function (“PCF”) role (typically board members, senior management, key function holders) complete Fitness and Probity Individual Questionnaires.

The CBI’s fitness and probity requirements are based on Guideline 16 of the “EBA Guidelines on the information to be provided for the authorisation of payment institutions and e-money institutions and for the registration of account information service providers” which relates to the “identity and suitability assessment of directors and persons responsible for the management of the payment institution or electronic money institution”.

The CBI has published “Guidance on the Specific Requirements that apply to persons seeking approval for a Pre-Approval Controlled Function role in a Payment Institution or Electronic Money Institution” (here).

All relevant individuals must submit an Individual Questionnaire electronically, however, access to the online Individual Questionnaire only becomes available after an application has been deemed to contain all the key information needed to progress to the assessment phase of the application process.

Authorisation Process

An application for authorisation as an e-money institution must be submitted to the CBI.  According to the CBI, it:

seeks to process each application as expeditiously as possible while meeting its obligation to operate a rigorous and effective gatekeeper function.  It aims to ensure that the application process is facilitative and accessible from the perspective of applicants and, importantly, that applicants have clarity with regard to the process, its requirements and timelines.

All applications for authorisation as an e-money institution in Ireland must be submitted using the following form:

• Authorisation as an Electronic Money Institution (here) (except where the firm only intends to apply for Registration as a Small Electronic Money Institution, in which case a different registration form should be used (here)).

The CBI has also published a Guidance Note on completing authorisation/registration applications under the E-Money Regulations (here). In addition, an applicant must complete:

• the Anti-Money Laundering, Counter-Terrorist Financing and Financial Sanctions Pre-Authorisation Risk Evaluation Questionnaire for Payment Institution and Electronic Money Institution Applicants (here);

• Qualifying Holder Application Forms (here) as appropriate; and

• Fitness and Probity Individual Questionnaires for all PCF roles.

Pre-application meetings are scheduled with all potential applicants to provide direction on application requirements and answer any specific questions applicants may have about the application process.

There are five stages to the authorisation process for an e-money institution following a pre-application meeting, and once the applicant has submitted a completed Application Form and relevant accompanying documentation. The five stages are as follows:

 

Application Process
Pre-application meeting	Pre-application meetings are scheduled with all potential applicants to provide direction on application requirements and answer any specific questions applicants may have about the application process, service standards or completing the application form.  All applicants will be required to return a ‘Key Facts Document’ at least 5 working days prior to the pre-application meeting. The CBI recommends applicants take into consideration all items discussed during the pre-application meeting prior to submitting an application.
Stage 1: Submitting the Application Form and Acknowledgement	This is the first formal stage in the application process. When applying for authorisation, an applicant must provide certain information to the CBI, including details of its: programme of operations; business plan; structural organisation; evidence of initial capital; governance arrangements and internal control mechanisms; process for dealing with sensitive payment data; business continuity arrangements; security policy document; AML/CFT Internal Control Mechanisms; and identity and suitability assessments for persons with qualifying holdings in the applicant and senior managers. The CBI will acknowledge receipt of an application for authorisation submitted by the applicant within 3 working days of receipt.
Stage 2: Key Information Check	The CBI checks that the applicant has submitted all the key information and documentation and confirms whether or not this is the case within 10 working days of receipt of the application. If the application is lacking any key information, the CBI will identify this information and the applicant can then decide to resubmit.  Any subsequent application will be considered a new application and the process will commence again.
Stage 3: Assessment phase	The CBI assesses the application against the authorisation requirements and issues initial comments to the applicant on its application as well as subsequent comments based on its review of the applicant’s responses.  The CBI has committed to a 90 working day assessment phase however, this period will be paused in certain circumstances, for example, should the CBI request further information, which is likely.
Stage 4: Notification of Assessment	The CBI notifies the applicant of the outcome of the assessment process. Where the assessment is favourable, the CBI will notify the applicant that it proposes to authorise.  This letter will also specify any specific conditions the CBI proposes to impose on the authorisation itself once granted, along with the reasons for these conditions. Applicants will have the opportunity to make representations regarding these conditions before the CBI makes its decision. If the CBI is not satisfied that it should authorise the applicant on the basis of the assessment, it will set out the areas to be addressed. The applicant has the right to respond to any issues raised by the CBI in its notification and the CBI will assess any responses made before notifying the applicant of its decision in Stage 5 of the process.
Stage 5: Notification of Decision	Where the CBI intends to authorise the applicant, it aims to notify the applicant of its decision within 10 working days of any pre-conditions to authorisation being satisfied. In a case where the CBI is minded to refuse the application, the Central Bank will notify the applicant of the proposed grounds for refusal and the next steps in that process. These steps will include an opportunity for the applicant to make submissions in response to the proposed refusal.

How Can McCann FitzGerald LLP Help?

McCann Fitzgerald LLP is a premier law firm in Ireland and advises on the full range of legal, tax and compliance activities undertaken by e-money institutions in Ireland.  We have substantial experience in successfully guiding applicants through the regulatory authorisation process and in helping them to comply with their legal obligations, once established. If you are considering setting up an e-money institution authorised under Irish legislation, please contact us for further information as to how we can help.