Blog article
See all stories »

The Fintech Regulatory Puzzle: From AISP to Bank

When discussing the dynamic world of Fintech, particularly in the context of neo-banks and payment Fintechs, licenses play a crucial role. This regulatory aspect, while less glamorous than cutting-edge user experiences, is a fundamental component of the Fintech ecosystem. Unfortunately, it often does not receive the attention it deserves in Fintech media.

Yet, with Fintech funding drying out, the changed interest rate climate, and increased regulatory scrutiny, the discussion around licenses has once again risen to prominence among Fintech executives.

Regulation, especially in terms of licenses, is an intricate domain typically navigated with the assistance of specialized law firms. These firms guide Fintech companies through a labyrinth of complex regulations, compliance requirements, and the intricate nuances of each country’s unique interpretation of supra-national regulations. Furthermore, securing a license remains a somewhat informal process, wherein Fintech executives must convince regulators that their operations pose no threat to the existing financial system. Building strong relationships with regulators can significantly ease this complex journey.

Now, let us explore some fundamental concepts related to licenses, particularly within European countries. It is essential to note that licenses in the European Union (EU) are, in principle, EU licenses. This means that a license obtained in one EU country can, with minimal effort, be passported to another EU country. Consequently, many Fintechs search for the EU country with the most accommodating regulatory environment. Lithuania, for example, has attracted numerous Fintechs seeking an EU license due to its favorable regulatory climate.

In addition to selecting the right country, Fintechs can choose from a range of licenses, such as:

  • AISP (Account Information Service Provider): Offers account aggregation services, providing customers with a single view of all their accounts in one place.

  • PISP (Payment Initiation Service Provider): Facilitates direct bank transfers from a customer’s account.

  • PI (Payment Institution): Supports various payment and money transfer services. A payment institution must specify which payment services it wishes to offer, including:

    • Service 1: Cash depositing (e.g. ATM).

    • Service 2: Cash withdrawal (e.g. ATM).

    • Service 3: Execution of payment transactions (credit transfers, direct debits and other money transfers).

    • Service 4: Similar to service 3 but involving credit lines.

    • Service 5: Issuing and acquiring services (merchant acquiring and payment card issuing).

    • Service 6: Money remittance (cross-border international payments).

  • EMI (Electronic Money Institution): Licensed to manage electronic money, allowing the issuance, distribution and redemption of eMoney, the execution of transactions (e.g. payments and remittances) and the issuing of payment cards.

  • Bank: Offers all the services of an EMI institution but with additional capabilities, such as using client deposits for internal investments or financing credits. Lending is where a bank distinguishes itself from an EMI institution.

These licenses are ranked in order of complexity to obtain and maintain. As you move down the list, the capital requirements, reporting demands, compliance checks, and regulatory oversight become more rigorous. For instance, a bank typically needs a capital base of at least 5 million EUR, while an EMI can operate with a capital base as low as 350,000 EUR, and a PI with a base of less than 125,000 EUR. As licenses become more comprehensive, entities lower on the list are often automatically licensed for services higher on the list, or they can easily obtain them. For example, a "Bank" automatically holds licenses as an AISP, PISP, PI, and EMI.

Consequently, choosing the right license is a critical decision for Fintech companies. Some Fintechs may opt to operate without a license by partnering with third parties that possess the necessary licenses. For instance, for a Fintech wanting to offer

  • AISP / PISP services : Companies like Tink, Digiteal, or Ibanity/Ponto offer an abstraction layer, eliminating the need for a license while simplifying PSD2 integration with various banks.

  • Payment services (requiring a PI license): Payment Service Providers (PSPs) like Mollie, Adyen, or Stripe facilitate these services. More complex services are sometimes required, e.g. for marketplaces that handle funds collected from one party to pay another. Some PSPs like MangoPay or Thunes are specialized in offering these kinds of services.

  • Holding money (requiring an EMI license): Companies such as Stripe, Adyen, Swan, or Tresor offer these services, making them valuable partners for Fintechs. Cfr. my blog "Fintech Fusion: How Integration is Driving Change" (https://www.finextra.com/blogposting/24977/fintech-fusion-how-integration-is-driving-change).

  • Banking services: Banking as a Service (BaaS) providers like Solarisgroup, Treezor, Contis, Railsr, Bankable, ClearBank, 11:FS Foundry, or traditional incumbent banks acting as partners (e.g. BBVA, Starling Bank, J.P. Morgan, or Goldman Sachs) provide these services.

Besides working with third parties, it is possible to circumvent specific licensing requirements by avoiding certain financial flows or securing particular exemptions. For example:

  • marketplace that intermediates between a buyer and a seller should have a PI license if the buyer pays to the marketplace and the marketplace then pays out the seller. This can be avoided by working with an intermediary PSP (see above) but can also be avoided by just mediating between the buyer and seller, meaning the buyer directly pays to the seller and the marketplace just gets a commission for the mediation.

  • "Commercial Agent" principle, i.e. institution acts as an intermediary on behalf of the principal. For instance, a city wants to issue a small city voucher to its citizens. This could be managed entirely by a voucher issuer (including all money flows), but this would require the voucher issuer to have an EMI license. The voucher issuer could however also function as a commercial agent on behalf of the city. In this case all money linked to the vouchers stays in the city’s bank account, but the voucher issuer offers the commercial platform for the city voucher on behalf of the city.

  • Limited network exemption: the PSD2 regulation exempts also certain financial instruments from the definition of eMoney. As a result, the issuing company does not need a license. Typically these are financial instruments which only allow to pay in a limited network (e.g. a gift card for 1 store or 1 chain), for a specific product (e.g. a fuel card, phone card or meal voucher) or for instruments for which there is a specific social or fiscal law in place in the local country (e.g. meal vouchers, service vouchers…​).
    Under this last category, we could also categorize specific regulated money flows, like e.g. social secretariats paying out salaries to employees or notaries paying out the seller of a house.

  • Cash collection and delivery within the framework of a nonprofit or charitable activity

  • Small institutions: institutions which manage eMoney but stay under certain limit in the amount of payment transaction and/or money issued, can avoid also a license (until they excecoed the threshold), as long as they execute a certain self-declaration.

Ultimately, licenses and regulations aim to safeguard the financial system and ensure that customer funds remain secure, and financial commitments made by financial institutions are met. This complexity is ensured through several mechanisms:

  • Operational Controls: These encompass security measures, IT processes, documented procedures, and independent audits, all designed to minimize the risk of mishandling money or illegal activities.

  • Restrictions on Fund usage: These define how institutions can use customer deposits for investments and credits. They also require mechanisms to manage risk (including hedging techniques and insurances) and ensure liquidity. E.g. payment institutions and EMI should put in place necessary safeguards to protect those funds, while banks can use the funds to generate revenues.

  • Capital Requirements: These serve as buffers that institutions can tap into in case of (temporary) issues.

  • Deposit Guarantee Schemes: These schemes, organized at the country level, act as insurance in the event that other mechanisms fail.

Understanding these risk management mechanisms provides insight into why different licenses exist and why regulators enforce varying levels of control. Notably:

  • Money deposited with an EMI institution is not protected by the "Deposit Guarantee Scheme" but with proper safeguards, this may not be a concern, as all EMI deposits are typically ring-fenced.
    As a result one could say that money at an EMI is less safe (as there is no deposit guarantee scheme), but on the other hand they are more safe, as an EMI should (if all processes are correctly in place) protect all funds, while a bank’s deposit are only protected up to 100.000 EUR.

  • EMIs cannot typically offer interest on accounts (although some do) since they ring-fence deposits, preventing them from generating revenue.

  • EMIs can lend using their own capital but cannot use client deposits for lending, which distinguishes them from banks with more extensive lending capabilities.

  • An EMI is allowed to store clients' funds for a longer period, in contrast to a PI, which can only keep clients' funds for a short period (enough to manage the transfer).

  • An EMI institution should protect customers’ rights to the same high standards as banks - for example, the right to information before and after a payment and fair treatment when something goes wrong.

  • EMI institutions must adhere to similar Know Your Customer (KYC) and Anti-Money Laundering (AML) standards as banks.

As you can see, there’s considerable nuance in these licenses. Given their high cost in terms of acquisition and maintenance, it is vital for Fintech companies to assess whether a license is necessary for their business and explore potential exemptions or partnerships with third parties. If a license is indeed required, selecting the right one is of paramount importance, including the possibility of obtaining a more favorable license in a different country.

Check out all my blogs on https://bankloch.blogspot.com/

 

8132

Comments: (0)

Now hiring