Regulations amending Finansinspektionen’s regulations and general guidelines regarding payment institutions and registered payment service providers

Finansinspektionen’s Regulatory Code Publisher: Finansinspektionen, Sweden, www.fi.se ISSN 1102-7460 This translation is furnished for information purposes only and is not itself a legal document. 1 Regulations amending Finansinspektionen’s regulations and general guidelines (FFFS 2010:3) regarding payment institutions and registered payment service providers; decided on 9 November 2011. Finansinspektionen prescribes pursuant to section 5, points 1 and 7–9 of the Payment Services Ordinance (2010:1008) with regard to Finansinspektionen's regulations and general guidelines (FFFS 2010:3) governing payment institutions and registered payment service providers in part that Chapter 6, sections 6–8 shall be repealed, in part that the headings immediately preceding Chapter 2, sections 8 and 9 shall be removed, in part that Chapter 1, section 1, Chapter 2, sections 2–9, 11, 13, 14, 16–18, 20 and 21, Chapter 3, sections 2–5 and 7–10, Chapter 4, section 2, Chapter 5, section 1, Chapter 6, sections 3–5, Chapter 7, section 4, Chapter 8, sections 2–4, 10, 11 and 13, Chapter 12, sections 6 and 7 and the headings immediately preceding Chapter 12, sections 4, 6 and 9 shall have the following wording, in part that the headings immediately preceding Chapter 2, sections 4–6 and Chapter 6, sections 7 and 8 shall be placed immediately preceding Chapter 2, sections 3–5 and Chapter 6, sections 4 and 5, in part that new headings shall be inserted into the regulations immediately preceding Chapter 2, sections 7 and 8 with the following wording. Chapter 1 Section 1 These regulations and general guidelines contain provisions for – limited liability companies and economic associations applying for authorisation to provide payment services, – natural and legal persons applying for exemption from the authorisation obligation to provide payment services, and – payment institutions and registered payment service providers pursuant to the Payment Services Act (2010:751). The regulations contain provisions regarding – application for authorisation to provide payment services (Chapter 2), – application for exemption from the authorisation obligation (Chapter 3), – provision of ancillary payment services (Chapter 4), – cross-border operations for payment institutions (Chapter 5), FFFS 2011:51 Published on 16 November 2011

FFFS 2011:51 2 – ownership and management assessments (Chapter 6), – other business operations subject to a notification or authorisation obligation (Chapter 7), – organisational requirements for payment institutions (Chapter 8), – capital requirements for payment institutions (Chapter 9), – outsourcing agreements (Chapter 10), – safeguarding of funds for executing payment transactions (Chapter 11), – reporting information to Finansinspektionen (Chapter 12). Chapter 2 Section 2 In its application an undertaking shall indicate which of the payment services set out in Chapter 1, section 2 of the Payment Services Act (2010:751) it is applying to provide. The application shall include the undertaking's name, company registration number and business address and shall be signed by an authorised representative of the undertaking. Ownership Section 3 In its application an undertaking shall provide a description of its ownership structure. The undertaking shall also append the information for the ownership assessment set out in Chapter 6, section 2. Furthermore, the firm shall provide information about the natural or legal persons it has or is expected to have close relationships with in accordance with Chapter 1, section 5 of the Payment Services Act (2010:751). Where the undertaking belongs to the same group as another payment institution, institution for electronic money, credit institution, investment firm, management company or insurance undertaking, the names and company registration numbers of these undertakings shall be provided. General guidelines The description of the ownership structure may be general in nature and may, for example, consist of an outline of the owners or group that states the names, personal identification numbers/company registration numbers and ownership shares. Management list Section 4 An undertaking’s application shall include information about the members and, if any, alternate members of its board of directors and identify the chairman of the board of directors. The firm shall also state the name of the managing director, if such a position has been appointed, and the name of the deputy managing director, if one exists. The undertaking shall also identify the person responsible for the payment service operations and this person's replacement, if one exists.

FFFS 2011:51 3 With regard to the persons set out in the first paragraph, the undertaking shall also provide the information for management assessment set out in Chapter 6, section 4. Economic situation Section 5 An undertaking shall submit in its application a forecast for the next three financial years. The forecast shall include

1. a balance sheet and profit and loss account,
2. a calculation of capital requirements, and
3. how the results of the balance sheets and profit and loss accounts impact the firm's initial capital. The undertaking shall account for the assumptions on which the forecast is based. In particular it shall indicate the assumptions about the total sum of payment transactions per year on which the firm is basing its forecast. The firm's forecast shall account for how the firm intends to finance its payment service operations. Section 6 In its application, an undertaking shall state the method it would like to apply when calculating the capital requirement in accordance with Chapter 3, section 3 of the Payment Services Act (2010:751) The undertaking shall state its reasons for selecting this method and, if it is not clear that they are not needed, also append forecasts for all three methods set out in the Act. The forecasts shall refer to the next two financial years. General guidelines A description of how an undertaking shall regularly report own funds/capital requirements to the authority is available on Finansinspektionen's website. When preparing its forecasts, the undertaking should use the template available on the website. Ongoing judicial or arbitration proceedings Section 7 An undertaking shall state in its application if it is a party to an ongoing judicial or arbitration proceeding that can result in financial uncertainty and risk for the undertaking's payment service operations and, if it is, describe the circumstances. Business plan Section 8 In its application an undertaking shall append a business plan prepared in accordance with sections 9–22. Section 9 An undertaking's business plan shall include
4. a detailed description of the payment service activities the firm intends to carry out, and

FFFS 2011:51 4 2. flow charts showing the administrative processes in place for the payment services the undertaking intends to provide. If the undertaking receives deposits or other repayable funds from the general public, information about the national or international payment systems it intends to participate in shall be provided. Section 11 Where an undertaking also provides or intends to provide related services and conduct operations other than those related to payment services, the undertaking shall specifically describe these operations and their scope in the business plan. The undertaking shall also describe how it safeguards its financial soundness and that Finansinspektionen's opportunities to exercise supervision of the undertaking are not impaired by the provision or intention to conduct operations other than those related to payment services. Section 13 Where an undertaking has delegated or intends to delegate to a third party a certain task or certain operational functions that are part of its payment service operations, the undertaking shall provide information in its business plan about to whom it is delegating or intends to delegate an assignment and describe the scope of the assignment. In its business plan the undertaking shall also account for how it will ensure that

1. it complies with the conditions set out in Chapter 3, section 28, second paragraph of the Payment Services Act (2010:751) and Chapter 10 of these regulations, and
2. that it otherwise complies with the Payment Services Act and other regulations regulating the operations. The undertaking shall also append to its business plan the outsourcing agreements it has entered into, or intends to enter into, that refer to functions of material significance to its payment service operations. Section 14 An undertaking's business plan shall state if it intends to engage agents in its payment service operations and which payment services the agent will provide on behalf of the undertaking. The undertaking shall in addition to providing the information about each agent set out in Chapter 3, section 17 of the Payment Services Act (2010:751) also provide the agent's personal identification number or company registration number. General guidelines The undertaking should use the form for the notification of agents that is available on Finansinspektionen's website. Section 16 An undertaking shall state in its business plan how it will organise its IT activities for payment services. The undertaking shall in part describe in general the functions and areas of use of its systems and in part describe which confidentiality functions it uses in its payment service operations to prevent unauthorised persons from obtaining access to information about an individual's personal or financial circumstances.

FFFS 2011:51 5 The business plan shall also state if the undertaking shares its premises or technical equipment with other parties and how the undertaking, when applicable, intends to handle confidentiality issues within its payment service operations due to such an arrangement. Section 17 The business plan shall state how an undertaking intends to ensure that it complies with the regulations that apply to its payment service operations. The business plan shall also contain a description of how the compliance function will be designed and how its work will be carried out. The undertaking shall append a separate instruction for compliance pursuant to Chapter 8, section 6. Section 18 The business plan shall state how an undertaking intends to identify, measure, govern, report internally and control the risks associated with its payment service operations. Furthermore, the business plan shall contain a description of how the risk control function will be designed and how its work will be carried out. The undertaking shall append a separate instruction for risk management pursuant to Chapter 8, section 9. Section 20 The business plan shall state the procedures in accordance with Chapter 8, section 12 that the undertaking intends to apply when handling complaints from payment service users. Section 21 The business plan shall state how an undertaking intends to carry out the prevention of money laundering and financing of terrorism in its payment service operations. Information about the person at the undertaking responsible for the central function in these issues shall be identified. The undertaking shall also describe its risk assessment in its business plan pursuant to Chapter 2, section 3 of Finansinspektionen's regulations and general guidelines (FFFS 2009:1) governing measures against money laundering and terrorist financing and in a separate appendix append the internal rules the undertaking shall have pursuant to Chapter 3, sections 1 and 2 of the same regulations. Chapter 3 Section 2 A legal person shall, when applying for exemption from the authorisation obligation, provide information in accordance with Chapter 2, sections 2 and 6. The application shall also include the information set out in sections 3–8. Section 3 1 The application shall contain a forecast of the total sum of expected payment transactions for the first two years of operation. The forecast shall specify the assumptions on which it is based. Section 4 The application shall contain a description of the ownership structure of the legal person.

1 Under the amendment, the second paragraph is repealed.

FFFS 2011:51 6 The application shall also contain a list of the natural or legal persons with a qualifying holding of shares or participating interests in the legal person. The list shall include

1. information identifying the owner and information about this person's operations,
2. information identifying the members of the board of directors and senior management of the owner, their education, work experience, other assignments and reputation,
3. a description of the ownership chain, and
4. information about the reputation of the owner. General guidelines The description of the ownership structure may be general in nature and may, for example, consist of an outline of the ownership or group that states the names and personal identification numbers/company registration numbers and the ownership shares. To submit information pursuant to the third paragraph, the ownership assessment form available on Finansinspektionen's website should be used. Section 5 A legal person shall provide information in its application about the board members and any alternate members or equivalent that will be part of its board of directors and identify who

FFFS 2011:51 7 will be the chairman of the board of directors. The application shall also identify the managing director or equivalent if such a position has been appointed and this person's deputy managing director, if one exists. The undertaking shall also identify the person who will be responsible for the payment service operations and this person's replacement, if one exists. A legal person shall append the management assessment information pursuant to Chapter 6, section 5 for the persons identified in the first paragraph. Section 7 A legal person shall state in its business plan the procedures in place to monitor that it at all times fulfils the conditions to be exempt from the authorisation obligation pursuant to Chapter 2, section 3 of the Payment Services Act (2010:751) and notifies Finansinspektionen pursuant to Chapter 2, section 4, second paragraph of the same Act. Section 8 A legal person shall describe in its business plan the procedures in place for determining the total sum of the payment transactions executed by the legal person over a period of one month. The business plan shall also state how the legal person ensures that the reporting of this information is submitted to Finansinspektionen in accordance with Chapter 12, section 9. Section 9 A natural person shall, when applying for exemption from the authorisation obligation, provide information in accordance with Chapter 2, sections 2 and 7. The application for a natural person shall also include the information set out in sections 10-12. Section 10 The application for a natural person shall contain a forecast of the total sum of expected payment transactions for the first two years of operation. The forecast shall account for the assumptions on which it is based. Chapter 4 Section 2 A payment institution shall append to its application to provide ancillary payment services documents and disclosures in accordance with Chapter 2, – section 2, and – section 5, first and second paragraphs about the capital requirement in accordance with Chapter 3, section 1 of the Payment Services Act (2010:751) if payment services are modified as a result of the ancillary payment services the institution is applying to provide. In its application the institute shall also provide an updated business plan with modifications made in accordance with Chapter 2, – section 9, first paragraph, – sections 10 and 12 if the institution makes modifications as a result of an ancillary payment service it is applying to provide, – section 13 if an ancillary payment service in total or in part will be outsourced to a third party, – section 14 if an ancillary payment service will be provided via an agent,

FFFS 2011:51 8 – section 17 if an ancillary payment service that will be provided affects how the institution carries out its work to ensure that it complies with the rules that apply to its payment service operations, – section 18 if an ancillary payment service that will be provided affects how the institution carries out its work to manage the risks associated with its the payment service operations, – section 19 if an ancillary payment service that will be provided modifies the need for an internal audit function, or modifies how the existing function is formed and carries out its work, and – section 21 if the institution's internal rules regarding money laundering and financing of terrorism need to be modified as a result of the ancillary payment services the institution is applying to provide. Chapter 5 Section 1 A payment institution shall, when notifying Finansinspektionen about cross-border operations pursuant to Chapter 3, sections 18, 19 and 21 of the Payment Services Act (2010:751), use the form available on Finansinspektionen's website. A translation of the notification into an official language of the country of establishment or English should also be submitted to Finansinspektionen. Chapter 6 Section 3 When a registered payment provider becomes aware that a natural or legal person intends to acquire or has acquired a qualifying holding in the registered payment service provider, it shall immediately notify Finansinspektionen about this. Such a notification shall include

1. information identifying the acquirer,
2. information identifying the members of the board of directors and senior management of the acquirer, their education, work experience, other assignments and reputation,
3. a description of the ownership chain before and after the acquisition,
4. information about the acquirer's reputation,
5. information about the size, date and purpose of the acquisition, and
6. information about how the acquisition will be financed. When a registered payment service provider becomes aware of a change in the management of a legal person with a qualifying holding in the registered payment service provider, it shall immediately notify Finansinspektion about this change. Notification pursuant to the third paragraph shall contain information identifying a new member of the board of directors and senior management as well as information about this person's education, work experience, other assignments and reputation. General guidelines A registered payment service provider should use the ownership assessment form available on Finansinspektionen's website.

FFFS 2011:51 9 Management assessment - payment institution Section 4 A payment institution shall immediately notify Finansinspektionen about a change to its board of directors or senior management in accordance with Finansinspektionen's regulations (FFFS 2009:3) governing ownership and management assessment. When a new head of the payment service operations or deputy head is appointed, information in accordance with that set out in the first paragraph shall be provided for the person in question.

FFFS 2011:51 10 Management assessment - registered payment service provider Section 5 A registered payment service provider that is a legal person shall immediately notify Finansinspektionen about a change to its board of directors, senior management or head or deputy head of its payment service operations.

Such a notification shall contain information identifying members of the board of directors and senior management as well as information about their education, work experience, other assignments and reputation. General guidelines A registered payment service provider should use the management assessment form available on Finansinspektionen's website. Chapter 7 Section 3 A notification in accordance with Chapter 3, section 17, first paragraph of the Payment Services Act (2010:751) from a payment institution or a registered payment service provider shall contain the information set out in Chapter 2, section 14. General guidelines A payment institution or registered payment service provider should use the form for notification of payment service agents that is available on Finans￾inspektionen's website. Section 4 A payment institution or a registered payment service provider that intends to provide or change related services or carry out operations other than providing payment services shall notify Finansinspektionen about such intent. The notification shall contain the information set out in Chapter 2, section 11. The payment institution or registered payment service provider shall submit a notification in accordance with the first paragraph no later than one month before the planned change. Chapter 8 Section 2 A payment institution shall have

1. documented decision-making procedures that clearly specify reporting lines and an organisational structure that clearly allocates functions and areas of responsibility,
2. control mechanisms that ensure compliance with decisions and procedures at all levels within the institution, and
3. effective internal reporting and dissemination of information within the institution.

FFFS 2011:51 11 The institution shall, when applying the first paragraph, take into consideration the nature, scope and complexity of its payment service operations. Section 3 A payment institution shall have procedures to minimise the risk of, as a result of e.g. misuse of funds, fraud, deficient administration, insufficient documentation or negligence, not being able to fulfil its comments to payment service users. Section 4 A payment institution shall monitor and, on a regular basis, evaluate its internal control mechanisms, instructions and procedures implemented in accordance with sections 2-3 to ensure that they are current, effective and adequate. The institution shall also take measures to rectify any deficiencies. Section 10 A payment institution shall have an effective risk control function that works independently. The institution shall appoint a person to be responsible for the function and to furnish reports and counsel to the board of directors and the managing director in accordance with the requirements set out in section 5. The function shall be responsible for

1. controlling that the instructions and procedures pursuant to section 9 are current, adequate and effective,
2. implementing the instructions and procedures set out in section 9,
3. controlling the degree to which the institution, its employees and its agents comply with the instructions and procedures for managing risks in accordance with section 9,
4. controlling that the institution takes appropriate and effective measures to rectify deficiencies in instructions and procedures or in its employees' and agents' application of these instructions and procedures. However, the institution is not obligated to comply with the independence requirement in the first paragraph if the institution can demonstrate, taking into account the nature, scope and complexity of its payment service operations, that these requirements are not proportionate and that its risk control function is still effective. Section 11 A payment institution shall have an internal audit function if it is adequate and suitable given the nature, scope and complexity of the payment service operations. The function shall be separate and independent from the institution's other functions and payment service operations. The internal audit function shall
5. maintain a current audit plan to examine and assess if the institution's systems, internal control mechanisms and procedures are adequate and effective,
6. issue recommendations based on the work carried out pursuant to point 1,
7. monitor compliance with these recommendations, and
8. furnish reports about internal audit issues to the board of directors and the managing director in accordance with the requirements set out in section 5. Section 13 A payment institution shall maintain the following relevant information in accordance with Chapter 3, section 8 of the Payment Services Act (2010:751):
9. the business plan in accordance with Chapter 2, section 8,

FFFS 2011:51 12 2. internal rules, procedures, instructions and reports for the payment service operations, 3. documentation of applications, notifications and reporting to Finansinspektionen, 4. minutes from board meetings, 5. information about the rights and obligations of the institution and the customer with regard to agreements to provide payment services or the terms and conditions the institution applies to provide the customer with payment services, 6. information about executed payment transactions, and 7. information about balances of payment accounts.

FFFS 2011:51 13 Chapter 12 Events of material significance Section 4 A payment institution shall without undue delay report to Finansinspektionen events that can compromise the institution's stability and safeguarding of the payment service users' funds or that may entail that the institution cannot fulfil its obligations to its payment service users. The payment institution shall also without undue delay report to Finansinspektionen any events that can result in significant financial harm to a large portion of its payment service users. The payment institution shall also state the measures it has taken as a result of such an event. General guidelines A payment institution should use the form for reporting events of material significance that is available on Finansinspektionen's website. Regular reporting for payment institutions Section 6 A payment institution shall submit to Finansinspektionen twice a year information for calculating its own funds and capital requirement in accordance with the method the authority determined the undertaking shall use. The institution shall also submit the total payment volume for each month since the previous reporting date and state which method(s) in accordance with Chapter 3, section 7 of the Payment Services Act (2010:751) it uses to safeguard the funds of its payment service users. Information about the calculation of own funds and capital requirements shall refer to the circumstances as of 30 June and 31 December (balance sheet dates) and be reported in SEK. When translating into a different currency, the spot rate that applies on the balance sheet date shall be used. Section 7 A payment institution shall submit information via Finansinspektionen's online service, Regular Reporting, following the instructions provided there. Finansinspektionen shall have received the information no later than 21 January and 21 July, respectively. With regard to the annual accounts, the information shall have been received no later than the fifteenth day of the second month following the balance sheet date. Regular reporting for registered payment service providers Section 9 A registered payment service provider shall submit information to Finansinspektionen twice a year about the total payment volume per month since the previous reporting date. A registered payment service provider shall at the same time state the method(s) in accordance with Chapter 3, section 7 of the Payment Services Act it uses to safeguard the funds of its payment service users.

FFFS 2011:51 14 The registered payment service provider shall submit information via Finansinspektionen's online service, Regular Reporting, following the instructions provided there. Finansinspektionen shall have received the information no later than 10 January and 10 July, respectively.

---

These regulations shall enter into force on 1 December 2011. MARTIN ANDERSSON Roger Jacobsson