Electronic transfers

Bank for International Settlements Discussion Paper on the Regulation of Digital Payment Services and Electronic Money

The Bank for International Settlements (BIS) is an international financial institution that supports central banks around the world in their quest for monetary and financial stability, through international cooperation. To achieve its mission, the BIS provides a platform for responsible innovation and knowledge sharing and conducts in-depth analyzes on fundamental issues of financial stability policy. One of these policy issues is the regulation of digital payment services and electronic money.

In early July 2021, the BIS published a document on regulatory requirements for digital payment and electronic money services offered by non-bank service providers (“non-banks“). The document was informed by responses to a survey administered in early 2021 by the Committee on Payments and Market Infrastructures (CMPI)[1] to 75 jurisdictions[2], which was then supplemented by a desk review of public documents issued by selected authorities. Of the 75 jurisdictions studied, 23 were from advanced economies and 52 from developing economies.

The paper discusses the proliferation of non-banks in retail payments and issues related to their regulation. It focuses on non-banks offering consumer-oriented services (electronic money and payments), rather than those involved in “back-end” processes such as clearing, settlement and payment processing. It divides services intended for consumers into two categories: accepting, managing or transferring value and providing ancillary services. In addition, it examines the types of services that belong to each category.[3] and the extent to which they are regulated in both advanced and developing economies.

Regulatory requirements

Advanced economies compared to developing economies

The study found that, generally, most jurisdictions allow non-banks to offer at least some of the digital payment and e-money services described above. However, he also found that advanced economies tend to regulate nonbank services more lightly, allowing them to provide more services than in developing economies, where nonbank services are more restricted and regulation more intensive. Interestingly, mandatory partnerships with banks, minimum capital, security deposits, and interoperability are more common regulatory requirements in developing economies than in advanced economies, where consumer protection rules have been applied. tend to be more popular than in developing economies.

Most and least authorized services

More traditional payment services, such as e-money accounts and electronic funds processing for third parties, have proven to be the most common payment services that non-banks are allowed to offer. This is followed by electronic wallet and money transfer services and the acquisition of payment transactions. Conversely, the least authorized activities appeared to be newer type services such as virtual asset services, payment initiation, account information services and activities generally associated with banking operations such as as transaction accounts (other than electronic money transaction accounts).

In addition, the survey results indicated that the issuance of electronic money is subject to the most stringent regulation, while virtual asset services are subject to the weakest regulation.

Most common regulatory requirements

The authors reported that of the thirteen types of regulatory requirements applicable to non-banks included in the survey[4], an average of nine types involved issuing electronic money, while only four types involved virtual asset services.

The most prevalent requirements across jurisdictions, according to the results, were around anti-money laundering (AML), with most jurisdictions (87%) indicating that their AML rules apply to non-banks. Other common requirements included those related to risk management, data protection and to a lesser extent licensing / registration.

The least common requirements were for interoperability. Only a fifth of the responding countries indicated that they have specific interoperability rules for non-banks.

Regulatory requirements and their application

The document said rules governing areas such as AML, risk management, cybersecurity, data protection and consumer protection tend to be applied consistently across the payments landscape. While the rules applicable, for example, to licensing / registration, minimum capital, protection of funds, security and interoperability were generally applied differently, depending on the nature of the payment service.

Fight against money laundering (“AML”) and the financing of terrorism (“CTF”)

  • The most common requirements in payment services and jurisdictions were related to AML and CTF.
  • Some jurisdictions have adopted a tiered regulatory approach based, for example, on the value of transactions, while others have exempted transactions entirely based on the risk they present.

Risk management

  • Internal controls and other risk management measures are requirements that tend to apply in all jurisdictions. Typically, obligations include operational resilience as well as monitoring and assessing the risks associated with outsourcing.
  • Most jurisdictions require non-banks to develop cybersecurity risk policies appropriate to their business model, the size of their operations, the types of transactions they process, the risks they present, and the types of data. that they deal with.

Data and consumer protection

  • Most jurisdictions have general laws to protect data held by a wide range of organizations, including non-banks. These laws generally define “personal data”, cover consents to data transfer and the rights of data “subjects”. Some jurisdictions also impose these requirements on cross-border data transfers.
  • Other jurisdictions have specific laws to protect consumers in their dealings with non-banks and the payment services they offer. The obligations are generally related to the disclosure of fees, complaint handling processes and fraud prevention.

License / Registration

  • While some jurisdictions have general license frameworks that apply to all or more payment services[5], others vary their requirements depending on the type of services provided, the size of the transactions[6] or geographic areas covered by the services[7].
  • Jurisdictions that allow non-banks to issue electronic money normally require that they be licensed or registered.[8]

Minimum capital

  • Most jurisdictions have initial and ongoing capital requirements for non-banks offering payment services. Initial capital requirements are usually a lump sum, while ongoing capital requirements tend to be adjusted based on business volumes.[9]
  • Capital requirements in some jurisdictions depend on the location of the non-bank entity or the type of services it provides.[10]
  • Ongoing capital requirements are often set at between 2% and 5% of a non-bank’s electronic money float.[11]

Safety and security

  • Almost all of the jurisdictions where non-banks are permitted to issue electronic money, and most of those where non-banks can provide transaction accounts, require funds to be protected to protect consumers from bank default. an electronic money issuer or its inability to reimburse consumers.[12]

Interoperability

  • The requirement for interoperability is the least common requirement among the jurisdictions studied.[13]
  • There is no interoperability requirement in any of the jurisdictions studied for virtual asset services. That said, some jurisdictions require interoperability, albeit to a very limited extent, for account information and money transfer services.[14]
  • As part of their national payment strategies, many jurisdictions are developing plans to achieve interoperability.[15] These initiatives aim to increase efficiency and strengthen competition in payments markets.

New regulatory responses to new payment methods

The paper points out that disruptive new technologies are likely to create more payment methods in the future. The authors cite the emergence of the distributed ledger, blockchain, and crypto assets as examples. However, they don’t seem convinced that technologies like cryptocurrencies will ever emerge as an efficient payment method due to their many shortcomings.[16] That said, they note that the introduction of stablecoins as a variant of cryptoassets may evolve over time to become “a convenient form of payment for e-commerce (especially when integrated with online platforms. line) and peer-to-peer and micro-payments “[17] with the potential to become systemically important, if adopted globally.[18]

Some jurisdictions such as the United States and the United Kingdom have already started to adapt their regulatory frameworks to the advent of stablecoin.[19] The document goes on to mention that jurisdictions where stablecoin exists and looks like an already regulated product or service will likely deal with it under existing frameworks.

Regulation of digital payment services and electronic money in Canada

The federal government introduced legislation, which received Royal Assent on June 29, 2021, to regulate retail payment service providers in Canada. The eagerly awaited Retail Payment Activities Act (short name: Retail Payment Activities Act (“RPAA‘)) Assigns the Bank of Canada to oversee payment service providers, which include entities that perform electronic payment functions, such as payment processors, digital wallets, currency transfer services, and others. payment technology companies. The Bank of Canada will oversee the operational risks posed by service providers and their ability to protect end-user funds. Please refer to our recent legal update for more information.

The Financial Transactions and Reports Analysis Center of Canada (FINTRAC) will continue to regulate money services businesses with respect to AML and FCT matters, as well as monitor their AML compliance programs.

Comment here

placeholder="Your Comment">