LogoRegulatory Alerts
2018-11-15

Regulations amending Finansinspektionen’s regulations and general guidelines regarding payment institutions and registered payment service providers (FFFS 2018:6)

Finansinspektionen issued these amendments to update the regulatory framework for payment institutions and registered payment service providers in Sweden. The regulations specify detailed application requirements for authorization and exemptions, including mandatory business plans, financial forecasts, and proof of professional indemnity insurance. Additionally, the text introduces new provisions for reporting obligations, cross-border operations within the EEA, and enhanced organizational and risk management standards for entities providing payment initiation or account information services.

Finansinspektionen logo

Sweden

Finansinspektionen

Click to view thumbnail

Finansinspektionen’s Regulatory Code Publisher: Finansinspektionen, Sweden, www.fi.se ISSN 1102-7460 This translation is furnished solely for information purposes. Only the printed version of the regulation in Swedish applies for adjudication purposes. 1 Regulations amending Finansinspektionen’s regulations and general guidelines (FFFS 2010:3) regarding payment institutions and registered payment service providers; decided on 17 April 2018. Finansinspektionen prescribes1 pursuant to section 5, points 1–3, 17 and 19 of the Payment Services Ordinance (2010:1008) with regard to Finansinspektionen’s regulations and general guidelines (FFFS 2010:3) governing payment institutions and registered payment service providers in part that Chapter 2, section 22 and Chapter 12, section 4 shall be repealed, in part that the headings immediately preceding Chapter 2, section 22 and Chapter 12, section 4 shall be removed, in part that Chapter 1, section 1, Chapter 2, sections 2, 5, 6, 14, 20 and 21, Chapter 3, sections 2, 6, 7, 9 and 12, Chapter 4, sections 2 and 4, Chapter 5, section 1, Chapter 6, section 3, Chapter 8, sections 8, 10 and 12, Chapter 9, sections 2–4 and Chapter 12, sections 1 and 11 and the heading of Chapter 5 shall have the following wording, in part that a new chapter, Chapter 3a, 16 new paragraphs, Chapter 2, sections 2a, 5a, 6a, 16a, 16b, 18a and 22, Chapter 3, section 1a, Chapter 4 , sections 3a and 6, Chapter 5, sections 2–4, Chapter 8, section 5a, and Chapter 12, sections 4 and 5a, and new headings with the following wording immediately preceding Chapter 2, section 22, Chapter 3, section 1a and Chapter 12, sections 4 and 5a, shall be inserted, in part that a new heading shall be inserted immediately preceding Chapter 12, section 5 with the wording, “Information obligation in the event of action on the part of an auditor”. Chapter 1 Section 1 These regulations and general guidelines apply to – limited liability companies and cooperative societies that are applying for authorisation to provide payment services, – undertakings with reporting obligations pursuant to Chapter 1, section 9 of the Payment Services Act (2010:751), – natural and legal persons that are applying for exemption from the authorisation obligation to provide payment services, and – payment institutions and registered payment service providers pursuant to the Payment Services Act. 1 Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC. FFFS 2018:6 Published on 23 April 2018

FFFS 2018:6 2 The regulations contain provisions regarding – application for authorisation to provide payment services (Chapter 2), – application for exemption from the authorisation obligation (Chapter 3), – information for reporting obligations (Chapter 3 a), – provision of additional payment services (Chapter 4), – operations in other countries (Chapter 5), – ownership and management assessments (Chapter 6), – other business operations subject to a notification or authorisation obligation (Chapter 7), – organisational requirements for payment institutions (Chapter 8), – capital requirements for payment institutions (Chapter 9), – outsourcing agreements (Chapter 10), – safeguarding of funds for executing payment transactions (Chapter 11), – reporting information to Finansinspektionen (Chapter 12). Chapter 2 Section 2 In its application, an undertaking shall indicate which of the payment services set out in Chapter 1, section 2 of the Payment Services Act (2010:751) it is applying to provide. The application shall include the undertaking’s name, organisation registration number and the address of its head office and shall be signed by an authorised representative of the undertaking. Section 2a An undertaking shall append its current articles of association or statutes to the application. Section 5 An undertaking shall submit in its application a forecast for the subsequent three financial years. The forecast shall include

  1. a balance sheet and profit and loss account,

  2. a calculation of capital requirements, and

  3. a calculation of own funds. The undertaking shall account for the assumptions on which the forecast is based. In particular, it shall state the assumptions concerning the total sum of payment transactions per year on which the undertaking is basing its forecast. In the forecast, the undertaking shall report on how it intends to finance its payment service operations. Section 5a An undertaking shall append to the application documentation to show that it has the initial capital required in accordance with Chapter 3, sections 1 and 2 of the Payment Services Act (2010:751). Section 62 In its application, an undertaking shall state which method it would like to use when calculating its capital requirement in accordance with Chapter 3, section 3 of the Payment Services Act (2010:751). 2 The implications of the amendments include that the third paragraph is removed, as is the general guidelines.

FFFS 2018:6 3 The undertaking shall state its reasons for selecting this method and, if it is not clear that they are unnecessary, shall also append forecasts for all three methods set out in the act. Section 6a An undertaking that is applying for authorisation to provide payment services in accordance with Chapter 1, section 2, point 7 or 8 of the Payment Services Act (2010:751) shall append to its application documentation to show that the undertaking has professional indemnity insurance or another comparable guarantee such as is referred to in Chapter 2, section 6, point 6 of the same act. The undertaking shall also append its calculations in order to establish the minimum amount that the undertaking’s professional indemnity insurance or comparable guarantee will cover.

FFFS 2018:6 4 General guidelines In order to calculate the minimum amount of the undertaking’s professional indemnity insurance or comparable guarantee, the undertaking should use the template containing formulae that is published on Finansinspektionen’s website. Section 143 An undertaking’s business plan shall state

  1. whether it intends to engage agents in its payment service operations,

  2. which payment services the agent will carry out on behalf of the undertaking, and

  3. how the undertaking intends to conduct inspections of the agent. General guidelines The undertaking should use the forms for notification of agents that can be found on Finansinspektionen’s website. Section 16a An undertaking shall describe in its business plan its system for managing operational risks and security risks in accordance with Chapter 5b, section 1 of the Payment Services Act (2010:751) and Chapter 5, section 1 of Finansinspektionen’s regulations (FFFS 2018:X) governing activities of payment service providers. The description shall encompass the undertaking’s procedures for informing Finansinspektionen about serious operational incidents and security incidents in accordance with Chapter 6, section 4 of Finansinspektionen’s regulations governing activities of payment service providers. The undertaking shall also provide in its business plan the information set out in Chapter 6, section 1 of Finansinspektionen’s regulations governing activities of payment service providers. Section 16b An undertaking shall state in its business plan whether it is given access to sensitive payment data and, if so, shall describe how it files, monitors, tracks and restricts access to this data. Section 18a An undertaking shall state in its business plan the activities that are critical in order for the undertaking to maintain the function of its payment services, and the contingency plans that are in place. Section 20 An undertaking shall provide in its business plan an account of the procedures set out in Chapter 2, section 1 of Finansinspektionen’s regulations (FFFS 2018:X) governing activities of payment service providers that it intends to apply in order to handle complaints from payment service users. Section 21 An undertaking shall provide in an appendix to its business plan an account of its general risk assessment in accordance with Chapter 2, sections 1 and 2 of the Anti Money Laundering and Terrorist Financing Act (2017:630) and Chapter 2, section 1 of Finansinspektionen’s regulations (FFFS 2017:11) regarding measures against money laundering and terrorist financing. 3 The implications of the amendments include that the second paragraph is removed.

FFFS 2018:6 5 In a separate appendix to the business plan, the undertaking shall also append the internal procedures and guidelines that it must have pursuant to Chapter 2, section 8 of the Anti Money Laundering and Terrorist Financing Act. The undertaking shall also submit information about who its central function is in matters pertaining to money laundering and the financing of terrorism. The business plan shall state whether the undertaking’s payment services are encompassed by Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds and repealing Regulation (EC) No 1781/2006. If the undertaking’s payment services are encompassed, the plan shall state how the undertaking intends to comply with the regulation. Collection of statistical data Section 22 An undertaking shall state in its business plan how it collects statistical data about operations, transactions and fraudulent proceedings. Chapter 3 Account information services Section 1a An undertaking that applies for exemption from the authorisation obligation to only provide one payment service as set out in Chapter 1, section 2, point 8 of the Payment Services Act (2010:751) (account information services) shall, when applying, comply with the provisions in section 2, first paragraph, sections 5– 7, section 9, first paragraph, sections 11 and 12. Section 2 A legal person shall, when applying for exemption from the authorisation obligation, provide information in accordance with Chapter 2, sections 2, 6a and 7. The application shall also include the information set out in sections 3–8. Section 6 A legal person shall append a business plan that is drawn up in accordance with Chapter 2: – sections 9–14, – section 16a, – section 16b, – section 17, first paragraph, – section 18, first paragraph, and – sections 20–22, For undertakings as set out in section 1a, however, the business plan shall not contain information in accordance with Chapter 2, sections 12 and 21. Section 7 A legal person shall state in its business plan its procedures both for monitoring its compliance at all times with the conditions for exemption from the authorisation obligation as set out in Chapter 2, section 3 of the Payment Services Act (2010:751), and for informing Finansinspektionen in accordance with Chapter 2, section 4, second paragraph of the same act.

FFFS 2018:6 6 An undertaking that applies to provide account information services shall specifically state which procedures are used for the purposes of annually reviewing and checking the minimum amount of the applicant’s professional indemnity insurance or comparable guarantee. Section 9 A natural person shall, when applying for exemption from the authorisation obligation, provide information in accordance with Chapter 2, sections 2, 6a and 7. The application for a natural person shall also include the information set out in sections 10–12. Section 12 A natural person shall append a business plan that is drawn up in accordance with sections 6–8. A business plan for a natural person who is applying to only provide account information services shall not contain information in accordance with section 8. Chapter 3 a Information concerning activities subject to reporting obligations Section 1 The provisions in this chapter apply to undertakings that carry out the activities subject to reporting obligations set out in Chapter 1, section 9 of the Payment Services Act (2010:751). Section 2 An undertaking that provides any of the services set out in Chapter 1, section 6a, point 1 of the Payment Services Act (2010:751) shall append to its application – a description of the activity, the service and the payment instrument, – a list of the goods or services that can be purchased using the instrument, and – a list of the providers at which the instrument can be used. Section 3 An undertaking that renders payment transactions in accordance with Chapter 1, section 7, first paragraph, point 8 of the Payment Services Act (2010:751) shall, in its application to Finansinspektionen, describe which measures it is putting in place in order to – ensure that transactions do not exceed an amount equivalent to EUR 50, and – ensure that the cumulative value for an individual subscriber does not exceed an amount equivalent to EUR 300 per month. The undertaking shall also submit a certificate from an authorised or approved public accountant that confirms the undertaking has not exceeded the monetary limits set out in the first paragraph in the preceding financial year. Chapter 4 Section 2 A payment institution shall append to its application to provide additional payment services documents and disclosures in accordance with Chapter 2: – section 2, and – section 5, first and second paragraphs if the institution’s capital requirements in accordance with Chapter 3, section 1 of the Payment Services Act (2010:751) are

FFFS 2018:6 7 amended as a result of the additional payment services the institution is applying to provide. The institution shall also append to its application an updated business plan if amendments to the plan are required as a consequence of the new payment service operations in accordance with Chapter 2 – section 9, first paragraph, – sections 10 and 12 if the institution is amending anything as a result of an additional payment service it is applying to provide, – section 13 if the provision of an additional payment service is to be fully or partly outsourced to another party, – section 14 if an additional payment service is to be provided via an agent, – section 16a if an additional payment service has an impact on the operational risks and security risks, – section 16b if an additional payment service entails the institution gaining access to sensitive payment data, – section 17 if an additional payment service that is to be provided has an impact on how the institution carries out its work to ensure that it complies with the rules that apply to its payment service operations, – section 18 if an additional payment service that is to be provided has an impact on how the institution carries out its work to manage the risks associated with its payment service operations, – section 18 a if an additional payment service has an impact on the institution’s contingency plans and operational continuity measures, – section 19 if an additional payment service that is to be provided alters the requirement for an internal audit function or alters how the existing function is structured and carries out its work, – section 21 if the institution’s internal anti-money laundering and terrorist financing procedures and guidelines need to be amended as a consequence of the additional payment services the institution is applying for authorisation to provide, and – section 22 if the new payment service operations has an impact on the institution’s collection of data concerning operations, transactions and fraudulent proceedings. Section 3a A payment institution that applies to also provide payment services in accordance with Chapter 1, section 2, point 7 or 8 of the Payment Services Act (2010:751) shall append the information set out in Chapter 2, section 6a. Section 4 A registered payment service provider shall append to its application to provide additional payment services documents and information in accordance with Chapter 2, section 2. The registered payment service provider shall also append to its application an updated business plan containing amendments made in accordance with the following paragraphs of Chapter 2: – section 9, first paragraph, – sections 10 and 12 if the registered payment service provider is amending anything as a result of an additional payment service it is applying to provide, – section 13 if the provision of an additional payment service is to be fully or partly outsourced to another party, – section 14 if an additional payment service is to be provided via an agent, – section 16a of an additional payment service has an impact on the operational and security risks, – section 16b if an additional payment service entails the registered payment service provider gaining access to sensitive payment data,

FFFS 2018:6 8 – section 17 if an additional payment service that is to be provided has an impact on how the registered payment service provider carries out its work to ensure compliance with the regulations that apply to its payment service operations, – section 18 if an additional payment service that is to be provided has an impact on how the registered payment service provider carries out its work to manage the risks associated with its payment service operations, – section 21 if the registered payment service provider’s internal anti-money laundering and terrorist financing procedures and guidelines need to be amended as a consequence of the additional payment services it is applying for authorisation to provide, and – section 22 if the new payment service operations has an impact on the registered payment service provider’s collection of data concerning operations, transactions and fraudulent proceedings. Section 6 A registered payment service provider that applies to also provide payment services in accordance with Chapter 1, section 2, point 8 of the Payment Services Act (2010:751) shall append the information set out in Chapter 2, section 6a of these regulations. Chapter 5. Operations in other countries Section 1 A payment institution or registered payment service provider that only provides account information services and intends to provide payment services via an agent in another country within the EEA shall, when it informs Finansinspektionen in accordance with Chapter 3, section 18 of the Payment Services Act (2010:751), use Annex III to Commission Delegated Regulation (EU) 2017/2055 of 23 June 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for the cooperation and exchange of information between competent authorities relating to the exercise of the right of establishment and the freedom to provide services of payment institutions. When the undertaking informs Finansinspektionen of the day on which it intends to begin operating in the other country, it shall use Annex VI to the Commission Regulation. Section 2 A payment institution or registered payment service provider that only provides account information services and intends to provide payment services via a branch in another country within the EEA shall, when it informs Finansinspektionen in accordance with Chapter 3, section 19 of the Payment Services Act (2010:751), use Annex II to Commission Delegated Regulation (EU) 2017/2055 of 23 June 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for the cooperation and exchange of information between competent authorities relating to the exercise of the right of establishment and the freedom to provide services of payment institutions. When the undertaking informs Finansinspektionen of the day on which it intends to begin operating in the other country, it shall use Annex VI to the Commission Regulation. Section 3 A payment institution or registered payment service provider that only provides account information services and intends to provide payment services via cross-border operations in another country within the EEA shall, when it informs Finansinspektionen in accordance with Chapter 3, section 21 of the Payment Services Act (2010:751), use Annex V to Commission Delegated Regulation (EU)

FFFS 2018:6 9 2017/2055 of 23 June 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for the cooperation and exchange of information between competent authorities relating to the exercise of the right of establishment and the freedom to provide services of payment institutions. Section 4 When a payment institution or a registered payment service provider that only provides account information services informs Finansinspektionen in accordance with sections 1–3, the undertaking shall also submit a translation of the forms into English or into an official language of the country in which the establishment is taking place. Chapter 6 Section 3 When a registered payment provider that does not only provide account information services becomes aware that a natural or legal person intends to acquire or has acquired a qualifying holding in the registered payment service provider, it shall immediately report this to Finansinspektionen. Such a report shall include

  1. information identifying the acquirer,

  2. information identifying the members of the board of directors and senior management of the acquirer, their education, professional experience, other appointments and reputation,

  3. a description of the ownership chain before and after the acquisition,

  4. information about the acquirer's reputation,

  5. information about the size, date and purpose of the acquisition, and

  6. information about how the acquisition is to be financed. When a registered payment service provider that does not only provide account information services becomes aware of a change in the management of a legal person that has a qualifying holding in the registered payment service provider, it shall immediately report this to Finansinspektionen. Reports pursuant to the third paragraph shall contain information identifying a new member of the board of directors and senior management as well as information about their education, professional experience, other appointments and reputation. General guidelines A registered payment service provider should use the ownership assessment form available from Finansinspektionen’s website. Chapter 8 Section 5a The board of directors and the managing director of a payment institution that provides payment initiation services or account information services in accordance with Chapter 1, section 2, point 7 or 8 of the Payment Services Act (2010:751) shall ensure that the undertaking reviews and checks the minimum amount of the undertaking’s professional indemnity insurance or comparable guarantee at least once per year.

FFFS 2018:6 10 Section 8 In order to enable the compliance function to discharge its duties correctly, the board of directors and the managing director shall be responsible for

  1. ensuring that the function has the necessary powers, resources and expertise required, as well as access to all relevant information,

  2. appointing a person who is responsible for the function and all compliance reporting to senior management in accordance with the requirements set out in section 5,

  3. ensuring that the people who make up the function work independently and do not participate in the execution of payment services in the operations they are supervising, and

  4. ensuring that the method for determining remuneration of the employees that make up the function does not, or is unlikely to, compromise their objectivity. Finansinspektionen is able to grant an exemption from the requirements set out in the first paragraph, points 3 and 4 if, taking into account the nature, scope and complexity of the payment service operations, it is not proportional for the requirements to be set and the institution’s compliance function is effective, despite the requirements not being met. Section 10 A payment institution shall have an effective risk control function that works independently. The institution shall appoint a person who is responsible for the function and for providing reports and advice to the board of directors and the managing director in accordance with the requirements set out in section 5. The function shall be responsible for

  5. ensuring that the instructions and procedures pursuant to section 9 are current, adequate and effective,

  6. implementing the instructions and procedures set out in section 9,

  7. monitoring the extent to which the institution, its employees and its agents are compliant with the instructions and procedures for managing risks pursuant to section 9,

  8. ensuring that the institution is taking appropriate and effective action to rectify shortcomings in instructions and procedures or in its employees’ and agents’ application of these. Finansinspektionen is able to grant an exemption from the requirement for independence set out in the first paragraph if, taking into account the nature, scope and complexity of the payment service operations, it is not proportional for the requirement to be set and the institution’s risk control function is effective, despite the requirements not being met. Section 12 Provisions concerning how a payment institution is to handle complaints concerning payment services are set out in Chapter 2, section 1 of Finansinspektionen’s regulations (FFFS 2018:x) governing activities of payment service providers. Chapter 9 Section 2 A payment institution’s fixed overheads denotes a) staff costs such as salaries (including commissions and bonuses), social security contributions and pension commitments, b) costs for buildings and premises and associated costs, c) other contractual costs such as for computers and other equipment, and

FFFS 2018:6 11 d) depreciation and amortisation. A payment institution that is to apply Chapter 3, section 10 of the Payment Services Act (2010:751) only needs to include fixed overheads that are attributable to its payment service operations. The capital requirement is ten per cent of the undertaking’s fixed overheads for the preceding financial year or, if the institution has conducted its operations for less than one year, the fixed overheads stated in its business plan. If the institution’s operations have changed materially since the preceding year or if Finansinspektionen believes the business plan needs to be corrected, the authority may decide to change the basis for the calculation. General guidelines Example 1: The EUR exchange rate on the date of authorisation is EUR 1 = SEK 10. A payment institution that provides money remittances in accordance with Chapter 1, section 2, point 6 of the Payment Services Act has fixed overheads totalling SEK 5 million. The capital requirement is subsequently SEK 500,000. Example 2: The EUR exchange rate on the date of authorisation is EUR 1 = SEK 10. A payment institution that provides money remittances in accordance with Chapter 1, section 2, point 6 of the Payment Services Act has fixed overheads totalling SEK 1 million According to Chapter 3, section 1 of the Payment Services Act, the initial capital for providing money remittances is SEK 200,000. Since the required initial capital is greater than ten per cent of the fixed overheads, the capital requirement is the same as the initial capital requirement, i.e. SEK 200,000. Section 3 Payment volume denotes one twelfth of the total amount of the payment transactions executed by the payment institution in the preceding financial year. The capital requirement is the sum of the elements calculated under a–e, multiplied by an appropriate scaling factor in accordance with the third paragraph. a) 4 per cent of the slice of the payment volume up to EUR 5 million, b) 2.5 per cent of the slice of the payment volume above EUR 5 million up to EUR 10 million, c) 1 per cent of the slice of the payment volume above EUR 10 million up to EUR 100 million, d) 0.5 per cent of the slice of the payment volume above EUR 100 million up to EUR 250 million, and e) 0.25 per cent of the slice of the payment volume above EUR 250 million. Scaling factors:

FFFS 2018:6 12 a) 0.5 if the payment institution is to provide payment services referred to in Chapter 2, section 6 of the Payment Services Act (2010:751), b) 1 if the payment institution is to provide payment services referred to in Chapter 1, section 2, points 1–5 of the Payment Services Act. General guidelines Example: d) The EUR exchange rate on the reporting date is EUR 1 = SEK 10. A payment institution that provides money remittances in accordance with Chapter 1, section 2, point 6 of the Payment Services Act (2010:751) remitted a total of SEK 12 billion, which corresponds to EUR 1.2 billion. Step 1: Payment volume = EUR 1.2 billion/12 = EUR 100 million. Step 2: 4 per cent of EUR 5 million (EUR 0 to 5 million) = EUR 200,000 + 2.5 per cent of EUR 5 million (EUR 5 to 10 million) = EUR 125,000 + 1 per cent of EUR 90 million (EUR 10 to 100 million) = EUR 900,000 + Total = EUR 1,225,000. Step 3: x 0.5 = EUR 612,000, which corresponds to SEK 6,120,000. Conclusion: The payment institution’s capital requirement is SEK 6,120,000. Section 4 The elements set out in Chapter 3, section 3, point 3 of the Payment Services Act (2010:751) shall be calculated using the data from the most recent financial year. The sum of these elements is referred to below as the ‘relevant indicator’. If the relevant indicator falls below 80 per cent of the average of the relevant indicator for the three previous financial years, 80 per cent of the average shall be used as the relevant indicator. The capital requirement is the value of the relevant indicator multiplied by a multiplication factor calculated in accordance with the fifth paragraph and by an appropriate scaling factor as set out in section 3, fourth paragraph. If revised information is not available, the business forecasts may be used in the calculation. Multiplication factor: a) 10 per cent of the slice of the sum up to EUR 2.5 million, b) 8 per cent of the slice of the sum above EUR 2.5 million up to EUR 5 million, c) 6 per cent of the slice of the sum above EUR 5 million up to EUR 25 million, d) 3 per cent of the slice of the sum above EUR 25 million up to EUR 50 million, e) 1.5 per cent of the slice of the sum above EUR 50 million. General guidelines Example:

FFFS 2018:6 13 The EUR exchange rate on the reporting date is EUR 1 = SEK 10. Step 1: A payment institution that provides money remittances in accordance with Chapter 1, section 2, point 6 of the Payment Services Act (2010:751) has a relevant income indicator of EUR 25 million. Step 2: 10 per cent of EUR 2.5 million (0 to EUR 2.5 million) = EUR 250,000 + 8 per cent of EUR 2.5 million (EUR 2.5 to 5 million) = EUR 200,000 + 6 per cent of EUR 20 million (EUR 5 to 25 million) = EUR 1,200,000 Total = EUR 1,650,000. Step 3: x 0.5 = EUR 825,000, which corresponds to SEK 8,250,000. Conclusion: The payment institution’s capital requirement is SEK 8,250,000. Chapter 12 Section 1 This chapter contains provisions concerning the information that payment institutions, registered payment service providers and undertakings that have a reporting obligation pursuant to Chapter 1, section 9, second paragraph of the Payment Services Act (2010:751) must report to Finansinspektionen. Serious operational incidents or security incidents Section 4 Provisions concerning the reporting of serious operational incidents and security incidents by payment institutions and registered payment service providers are set out in Chapter 6, section 4 of Finansinspektionen’s regulations (FFFS 2018:x) governing activities of payment service providers. Annual auditor’s certificate for activities subject to reporting obligations Section 5a An undertaking that has reporting obligations pursuant to Chapter 1, section 9, second paragraph of the Payment Services Act (2010:751) shall submit to Finansinspektionen a written certificate from an authorised or approved public accountant no later than 30 June each year. The certificate shall state that the auditor confirms with limited assurance that the undertaking has not exceeded the monetary limits set out in Chapter 1, section 7, point 8 of the Payment Services Act (2010:751) in its operations in the preceding calendar year. Section 11 Finansinspektionen decides on exemptions from the provisions set out in sections 5a, 6 and 9, if there are specific grounds.

These regulations shall enter into force on 1 May 2018. ERIK THEDÉEN

FFFS 2018:6 14 David Lothigius

Share