Regulations amending Finansinspektionen’s regulations governing payment institutions and registered payment service providers

Finansinspektionen’s Regulatory Code Publisher: Finansinspektionen, Sweden, www.fi.se ISSN 1102-7460 This translation is furnished solely for information purposes. Only the printed version of the regulation in Swedish applies for the application of the law. 1 Regulations amending Finansinspektionen’s regulations and general guidelines (FFFS 2010:3) governing payment institutions and registered payment service providers; decided 18 June 2019. Finansinspektionen prescribes pursuant to section 5, points 2, 17 and 19 of the Payment Services Ordinance (2010:1008) that Chapter 2, sections 16a, 20 and 21, Chapter 8, section 12, Chapter 9, section 3 and Chapter 12, sections 4, 5 and 9 of Finansinspektionen’s regulations (FFFS 2010:3) governing payment institutions and registered payment service providers shall have the following wording. Chapter 2 Section 16a An undertaking shall describe in its business plan its system for managing operational and security risks in accordance with Chapter 5b, section 1 of the Payment Services Act (2010:751) and Chapter 5, section 1 of Finansinspektionen’s regulations (FFFS 2018:4) regarding activities for payment service providers. The description shall encompass the undertaking’s procedures for notifying Finansinspektionen about major operational and security incidents in accordance with Chapter 6, section 4 of Finansinspektionen’s regulations for activities of payment service providers. In its business plan, the undertaking shall also provide the information set out in Chapter 6, section 1 of Finansinspektionen’s regulations regarding activities for payment service providers. Section 20 An undertaking shall describe in its business plan the procedures pursuant to Chapter 2, section 1 of Finansinspektionen’s regulations (FFFS 2018:4) regarding activities for payment service providers that it intends to apply to manage complaints from payment service users. Section 21 An undertaking shall append to its application a general risk assessment, internal rules and procedures prepared in accordance with the provisions in Chapters 2–6 of the Anti Money Laundering and Terrorist Financing Act (2017:630) and Chapter 2, section 1 of Finansinspektionen’s regulations (FFFS 2017:11) regarding measures against money laundering and terrorist financing. The business plan shall specify if the undertaking’s payment services are subject to Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds and repealing Regulation (EC) No 1781/2006. If the undertaking’s payment services are subject to this Regulation, the business plan shall specify how the undertaking intends to comply with the Regulation. FFFS 2019:11 Published 25 June 2019

FFFS 2019:11 2 Chapter 8 Section 12 Provisions on how a payment institution shall manage complaints regarding payment services are set out in Chapter 2, section 1 of Finansinspektionen’s regulations (FFFS 2018:4) regarding activities for payment service providers. Chapter 9 Section 3 Payment volume refers to one-twelfth of the total amount of the payment transactions executed by the payment institution the preceding financial year. The capital requirement is the sum of the elements calculated under a–e, multiplied by an appropriate scaling factor in accordance with the third paragraph. a) 4 per cent of the slice of the payment volume up to EUR 5 million, b) 2.5 per cent of the slice of the payment volume above EUR 5 million up to EUR 10 million, c) 1 per cent of the slice of the payment volume above EUR 10 million up to EUR 100 million, d) 0.5 per cent of the slice of the payment volume above EUR 100 million up to EUR 250 million, and e) 0.25 per cent of the slice of the payment volume above EUR 250 million. Scaling factors: a) 0.5 if the payment institution shall provide payment services provided for in Chapter 1, section 2, point 6 of the Payment Services Act (2010:751), b) 1 if the payment institution shall provide payment services referred to in Chapter 1, section 2, points 1–5 of the Payment Services Act, General guidelines Example: The euro rate on the reporting date is EUR 1 = SEK 10. A payment institution that provides money transfers in accordance with Chapter 1, section 2, point 6 of the Payment Services Act (2010:751) had a total payment volume of SEK 12 billion in the preceding year, which corresponds to EUR 1.2 billion. Step 1: Payment volume = EUR 1.2 billion/12 = EUR 100 million. Step 2: 4 per cent of EUR 5 million (0 to EUR 5 million) = EUR 200,000 + 2.5 per cent of EUR 5 million (5 to EUR 10 million) = EUR 125,000 + 1 per cent of EUR 90 million (10 to EUR 100 million) = EUR 900,000 Total = EUR 1,225,000. Step 3: x 0.5 = EUR 612,000, which corresponds to SEK 6,120,000.

FFFS 2019:11 3 Conclusion: The capital requirement for the payment institution is SEK 6,120,000. Chapter 12 Section 4 Provisions on reporting major operational or security incidents for payment institutions and registered payment service providers are set out in Chapter 6, section 4 of Finansinspektionen’s regulations (FFFS 2018:4) regarding activities for payment service providers. Section 6 A payment institution shall submit to Finansinspektionen twice a year information for calculating the own funds and capital requirement in accordance with the method the authority determined the undertaking shall use. The institution shall submit at the same time information about the total payment volume for each month since the previous reporting occasion. If the institution provides any of the payment services set out in Chapter 1, section 2, points 1–6 of the Payment Services Act (2010:751), it shall also specify which of the methods set out in Chapter 3, section 7 of the same Act are used to protect a payment service user’s funds. Information about the calculation of own funds and capital requirements shall refer to the circumstances as of 30 June and 31 December (balance sheet dates) and be reported in SEK. When translating into a different currency, the spot rate that applies on the balance sheet date shall be used. Section 9 A registered payment service provider shall submit information to Finansinspektionen twice a year about the total payment volume per month since the previous reporting date. A registered payment service provider shall state at the same time which method (s) n accordance with Chapter 3, section 7 of the Payment Services Act (2010:751) t uses to safeguard the funds of its payment service users. The registered payment service provider shall submit information via Finansinspektionen’s online periodic reporting service that is available at the authority's website in accordance with the instructions provided there. Finansinspektionen shall have received the information no later than 10 January and 10 July, respectively. The requirement to submit information does not apply to a registered payment service provider that only provides account information services in accordance with Chapter 1, section 2, point 8 of the Payment Services Act (2010:751).

These regulations shall enter into force on 15 July 2019. ERIK THEDÉEN Love Wilén Örnulf