2020-06-29
Payment Service Providers Authorisation Checklist
The checklist outlines the requirements for Payment Service Providers (PSPs) seeking authorization in Kenya, including preliminary engagements, company and product name approval, company documents, evidence of capital, business plan, program of operations, governance, and internal control mechanisms. Applicants must submit a sworn affidavit, application fee, business model, financial projections, and regulatory compliance information. Evidence of capital includes bank statements, government bonds, and shareholder distribution details. The business plan should cover services offered, financial projections, and compliance with anti-money laundering regulations.
Payment Service Providers (Psps) Authorization Checklist - This A-Z Guide Provides A List Of Steps And Requirements For Payment Service Provider'S (Psps) Authorization.
| Requirements SECTION 1: | Yes/No | Comments |
|---|
| PRELIMINARY ENGAGEMENTS/REQUIREMENTS 1. Determine if you are a PSP as defined in the National Payment System Act 2011 and that your service can be classified under any of the classes of PSPs as defined in The National Payment System Regulations, 2014 If in doubt, inquire from the Central Bank of Kenya (CBK) either through telephone 286 3113, 3107, 3117, 3112, e-mail nps@centralbank.go.ke or a letter addressed to theAssistant Director, Payment Services of the Central Bank of Kenya. 2. Request for a meeting with CBK to discuss the intended application, concept note and application requirements should be submitted via nps@centralbank.go.ke. Request for a meeting can be made simultaneously with the application for name approval. Request for name approval should be accompanied by three names in order of preference. 3. Submission of Application Form 1 as set out in the First Schedule. The application should be addressed to the Director, Banking and Payment Services of the Central Bank of Kenya. This application should be accompanied by a sworn affidavit, in line with the Annex 1 template in the NPS Regulations 2014. 4. The application should be submitted together with a non-refundable application fee of Kshs. 5,000.00 by Banker's Cheque or RTGS in favor of the Central Bank of Kenya. A/C No. 1472200020001 Application should be accompanied by the following documents and/or information; SECTION 2: COMPANY AND PRODUCT NAME APPROVAL DOCUMENTS 5. Submit the proposed names to the CBK in descending order of preference accompanied by the following preliminary documents for review; a) Business model of the proposed payment service solution including the scope of proposed business activities and marketing strategy; b) Proposed objects of the company; c) Ownership structure and governance of the company; d) Evidence of sources and availability of capital (as detailed in Section 4); e) Proposed financial projections for 3 years; f) Legal and regulatory compliance function; g) High level outlines of proposed infrastructure and internal controls; h) High level outlines of the proposed risk management policies and procedures and internal control systems manual; | | |
| SECTION 3: COMPANY DOCUMENTS 6. A certified copy of the certificate of incorporation and the memorandum and articles of association of the applicant. 7. Acertifiedcopy ofthe certificate ofincorporation andMemorandum and Articles ofAssociation of any corporate body that proposes to have a significant shareholding (more than5%shareholding)inthe applicant's company. 8. A certified copy of the current license from the communication services regulator where this is applicable or a certified copy of any other regulatory license where the applicant is subject to any other regulatory authority. The name and addresses of the regulator should also be provided. 9. Current tax compliance certificate from tax authorities. 10. Current credit rating report from a credit reference bureau. 11. Physical and PO Box address of the head office. 12. A certified copy of the latest audited statements, from a reputable firm, of financial position and statement of comprehensive income for each of the three years immediately preceding the date of the application if the applicant has been operating. 13 In case of a foreign company: i) A letter of no objection from the home regulatory authority allowing the applicant to establish a payment service business in Kenya. j) A notarized copy of the signed minutes of the board of the foreign company passing the resolution to establish payment service business in Kenya. k) Background of the foreign entity including list of all countries they operate from including services offered in the different countries as well as the details of respective regulators. l) An undertaking by the board or other oversight body of the foreign company to maintain minimum assigned capital in Kenya throughout the business period. m) Signed declaration by the board of directors to adhere to the NPS Act 2011 and NPS Regulations 2014 issued thereunder and other relevant Kenyan Laws at all times during the validity of the authorization. n) An understanding that the home country regulator will exchange supervisory information with the Central Bank of Kenya. SECTION 4: EVIDENCE OF CAPITAL 14. Evidence that the payment service provider holds the requisite capital set out in the First Schedule of the NPS Regulations 2014. a) Evidence should be reflected in a bank statement of a licensed bank or a deposit taking microfinance institution indicating the isolated funds and/or Government of Kenya Treasury Bills and Bonds not under lien; b) Evidence should either be in the name of the company and/ or the promoters/ shareholders of the company. c) The promoters/ shareholders should give the Central Bank authority to verify the authenticity of the bank statement directly from the bank or microfinance institution. |
|---|
| d) | The promoters/ shareholders should provide the distribution or allocation (ultimate beneficiaries, citizenship, amount and percentage) of core capital to each individual promoter/ shareholder and/ or company, indicating significant capital contributors (contributors of at least 10% of the share capital). |
|---|
| e) | Information on and documentary evidence of source of funds/capital. Details should be provided on the sources of capital contributed by each significant shareholders. |
| f) | A sworn declaration by all the significant shareholders to the effect that the proposed capital is not from proceeds of crime should be provided through an Affidavit. |
| SECTION 5: BUSINESS PLAN 15. The business plan should include the following a) The business concept and the list and/or type of services to be offered. b) The program of operations to offer these service including rules and procedures for: Measures to ensure safety, security and operational reliability of the service including contingency arrangements. Maintenance of separate records and accounts for its e-money activities from other business activities; and Internal control mechanisms. c) Information on the public interest that will be served by the provision of the payment service. d) The business strategy and the business model to be used. e) Projections of statements of financial affairs and statements of comprehensive income for the next three years of operations. f) Proposed products and planned channels of delivery. g) Activities to be run in-house and those that shall be outsourced. h) Statistical and other data which may have been collected in respect of the area in which the applicant intends to serve including population of the area, - coverage of the area by other PSPs. i) Information on the business plan guideline as set out in Annex 2 of the First Schedule to the NPS Regulations, 2014. SECTION 6: PROGRAM OF OPERATIONS 16. Terms and conditions that will apply to its customers and/or agents and cash merchants. 17. Draft standard contracts to be signed with agents and cash merchants. 18. A draft copy of the master agreement between the applicant and the commercial banks. 19. Operational policies and procedures covering the areas below; a) Information Systems and Security Policy; b) Information storage/Data storage/Data Retention; c) Accounting and Operating Procedures manuals; d) Complaints handling procedures; e) Anti-Money Laundering and CFT Policy; f) Human Resource and Manpower Development; | |
| g) | Settlement procedures accompanied by a diagram of flow of funds and management of settlement risk; |
|---|
| h) | Agent/cash merchant operational policies and procedures; |
| i) | Demonstration of segregation of other activities of the PSP from the PSP business; |
| 20. | Outsourcing / Third Party Services a) Documentation on outsourcing arrangement/Draft outsourcing contract; b) Due diligence report on proposed third parties including the IT Platform/Connectivity provider (if any) Due diligence report should encompass i. The scope of third party / outsourced services; ii. Third party suitability assessment; iii. Approval process for third party service providers; |
| SECTION 7: GOVERNANCE AND INTERNAL CONTROL MECHANISMS 21. The identity of: i. Directors and Senior Managers of the payment service provider as well as Senior Managers of the division under which the authorized solution will fall under. ii. Custodial trustees holding the cash which is represented in the payment service of the applicant; iii. Significant Shareholders (anyone who owns more than 5% shares in the business). iv. "Fit and Proper Form" as set out in the Second Schedule of the Regulations for persons listed in paragraph (i) (ii) and (iii); The Fit and Proper Form above should be accompanied by; i. Up-to-date and detailed curriculum vitae of the above-named persons. ii. Contact details (postal and e-mail addresses, phone contacts of at least three independent referees, one of whom should be the immediate previous employer). iii. Valid Personal Identification Number (PIN). iv. National Identity Card or Passport or any other valid identification document acceptable to CBK. v. Tax compliance certificate issued by the relevant tax authority. vi. The latest credit report from a licensed credit reference bureau. vii. A certificate of good conduct from the National Police Services of Kenya. 22. A description of: i. Shareholding structure - List of shareholders, respective shareholdings, respective percentages of shareholdings, and the ultimate beneficiaries. Any shareholding agreements should be submitted to CBK. Shareholding records held by the Registrar of Companies should be submitted. ii. Group structure where the applicant is a member of a group. | |
| iii. | Organizational structure - Board of directors (show executive and nonexecutive directors), proposed Chief Executive Officer, senior management, key business/ management/ departmental/ functional units. This can be summarized by use of an organizational chart. |
|---|
| iv. | The internal control mechanisms which the applicant has established to comply with its Anti-Money Laundering and Combating the Financing of Terrorism laws and regulations as set out in the AML/CFT Laws and Regulations |
| SECTION 8: SAFEGUARDING OF CUSTOMER FUNDS 23. Establishment of a trust a) A copy of the trust deed. b) Minimum contents of the trust deed in line with Section 26 (1) of the NPS Regulations 2014; c) A certified copy of the management agreement where a custodial Trust relationship exists with the mobile payment service provider; d) Details of the bank(s) where the trust fund will be held (in a local bank; e) Employ risk mitigation strategies to ensure that the funds held in the Trust Fund are sufficientlydiversified and placed in licensed commercial banks - proposed trust fund protection scheme/arrangement; i. Principal characteristics of the service provided pursuant to the Trust; ii. Details of how the fund shall be held and invested in line with Section 25 (3) of the NPS Regulations 2014; iii. Procedures for nomination of the Trustees; iv. Duties, responsibilities and the extent of liability of Trustees; v. Provisions on discontinuation or termination of the Trust and subsequent handling of the Trust Fund vi. Procedure of handling of dormant accounts; vii. Procedure of handling accounts of deceased persons; viii. Rights of system participants and beneficiaries; ix. Applicable law and mode of resolution of disputes; x. Where the trustee is a company, duties of the management company and key particulars of the management arrangement; xi. Use ofincome generated from the trustfund. Should be in line with Section 25 (5) oftheNPSRegulations 2014. SECTION 9: RISK, IT AUDIT AND BUSINESS CONTINUITY PRACTICES 24. A description of a) A risk assessment report of the operations to be performed; b) A risk matrix on all the risks identified and how they will be mitigated; c) Risk Management Policies and Procedures; d) IT system audit report by a qualified, professional and reputable audit firm; e) Vulnerability and Assessment Report (Due diligence report); f) Internal audit report regarding the adaptation of internal controls performed in readiness for commencement of business; | | |
| g) | Business Continuity and Disaster Recovery plan; |
|---|
| h) | Procedure for handling security incidences; |
| i) | Organizational measures and tools for the prevention of fraud; |
| j) | Transaction and cash holding limits. |
| SECTION 10: ACCESS TO SENSITIVE PAYMENT DATA 25. A description of a) The data classified as sensitive payment data in the context of the payment institution's business model; b) The access right policy, detailing access to all relevant infrastructure components and Systems; c) The IT system and technical security measures that have been implemented such as encryption to prevent access to sensitive payment data, firewalls and updated anti-virus scans; d) Identification of the individual's access to the sensitive payment data; e) An explanation of how breaches will be detected and addressed; f) Demonstration of compliance with the Data Protection Act 2019. Any other information CBK may require | | |
Tags
payments
fintech
licensing
Regulatory Alerts