Ireland as a Location for Electronic Money Institutions 2024
Ireland is home to a substantial number of e-money institutions (sometimes called EMIs), some home grown, and others drawn to Ireland by its active and thriving FinTech sector.
Aside from Ireland’s position as a FinTech hub, there are a number of advantages to being authorised in Ireland as an e-money institution, including:
- a strong regulatory framework with a credible and experienced regulator, the Central Bank of Ireland (“CBI”);
- a favourable passporting regime with the ability to passport to other EEA Member States either on a branch or a cross-border services basis;
- a favourable tax regime, due to a combination of a standard 12.5% corporate tax rate for businesses with revenues less than €750 million per year and an exceptionally extensive and comprehensive set of double tax agreements; and
- access to a sophisticated financial services ecosystem with a deep pool of staff, managers, professional advisers, regulators and service providers including not only native English speakers but a sizeable international population.
Regulatory Framework
E-money is regulated under the European Communities (Electronic Money) Regulations 2011 (the “E-Money Regulations”), which transpose the E-Money Directive 2009/110 into Irish law, without any significant additional national measures or “gold plating”.
The CBI is responsible for the authorisation, prudential regulation and supervision of e-money institutions in Ireland.
The Markets in Crypto-Assets Regulation1 (“MiCA”) will introduce a new regulatory framework for European crypto-assets, and notably it will establish new rules for stablecoins, including e-money tokens. MiCA entered into force on 20 June 2023, with certain provisions covering the offerors and issuers of asset-reference tokens and e-money tokens to apply from 30 June 2024 and the remainder of the provisions to apply from 30 December 2024. There are strict conditions on the issuance of e-money tokens under MiCA, with a requirement for e-money tokens to be issued either by a credit institution or an e-money institution. Therefore, once MiCA becomes operational, additional business opportunities may arise for e-money institutions.
Passporting
An e-money institution can avail of the right to issue, redeem and distribute e-money and provide the services for which it is authorised in Ireland throughout the EEA. An e-money institution authorised in another EEA Member State can also passport into Ireland.
An e-money business established outside the EEA can obtain passporting rights either by establishing itself or a subsidiary in Ireland (or in another Member State) and obtaining authorisation as an e-money institution from the CBI (or from the relevant national competent authority in another EEA Member State) or by acquiring an existing authorised e-money institution. Where an existing authorised e-money institution is acquired, engagement with the CBI is likely to be necessary.
Authorisation Requirements
An entity that wishes to become authorised as an e-money institution under Irish law must fulfil a number of requirements. In particular, applicants will be expected to show that they will have substance in Ireland, have a viable business model and be adequately capitalised, have appropriate arrangements in place to run an e-money institution and comply with fitness and probity requirements. These concepts are discussed in more detail below.
Authorisation Requirements | |
---|---|
Substance |
The CBI places considerable emphasis on ensuring that the applicant’s “heart and mind” will be located in Ireland. This essentially means that the CBI will need to be satisfied that the applicant will be properly run in Ireland and that the CBI will be able to supervise it effectively. Among other things, the CBI will expect to see present in Ireland:
In terms of residency, the persons who are to fulfil the applicant’s core functions should operate in Ireland and the expectation is that virtually all of the senior personnel will be permanently based in Ireland. An Irish authorised e-money institution can outsource/delegate activities to entities in other jurisdictions. However, overall responsibility for ensuring compliance with legislative requirements must stay in Ireland. In addition, an e-money institution must notify the CBI when it intends to outsource critical or important functions (or when it intends to materially alter its existing outsourcing arrangements for such functions). The E-Money Regulations set out a number of requirements with which an e-money institution must comply when outsourcing “important” operational functions, such as IT systems. The CBI expects an e-money institution to comply with the European Banking Authority’s (“EBA”) Guidelines on Outsourcing (available here) as well as the CBI’s Cross-Industry Guidance on Outsourcing (available here), including compliance with specific obligations in relation to the outsourcing of “critical and important” functions. |
Capital Requirements |
An e-money institution must hold initial capital of at least €350,000. The actual amount of initial capital required for each individual firm will be notified to the firm as part of the authorisation process, and can vary depending on the nature, scale and complexity of the applicant’s business. In most cases, the initial capital that will be required will be higher than the minimum figure set out above. |
Arrangements |
An applicant will need to provide detailed information to the CBI regarding how it intends to function as a regulated e-money institution, including details of its: programme of operations; business plan; structural organisation; governance arrangements, internal control mechanisms, business continuity arrangements and procedures for dealing with security incidents. |
Governance and Risk Management |
An applicant is required to maintain governance arrangements, control mechanisms and procedures that are proportionate and appropriate to its business. This includes having sufficient resources, staff, a risk management framework, IT policies, and data protection policies. Applicants must use the EBA’s tool for calculating the professional indemnity insurance where applicable to them (available here). In addition, an applicant must consider the composition (both number and skills) of its board and management team, to ensure they are sufficient to conduct the applicant’s business from Ireland. An applicant’s board has responsibility for setting and overseeing the strategy of the firm, and ensuring that adequate and effective governance, risk management and internal control frameworks are in place. The board should have an appropriate balance of executive, non-executive and independent non-executive directors (“INEDs”). The INEDs must understand the business to a sufficient degree to be able to effectively contribute and provide an independent challenge to the executive directors of the board and be skilled in relevant areas to the applicant’s business such as accounting or risk. |
Conduct and Culture |
An applicant is expected to have a consumer-focused culture with robust internal systems and controls, including well developed risk management frameworks. The applicant’s approach to engagement with the CBI, such as how long the applicant takes to reply to queries raised by the CBI, will be considered when assessing the firm’s corporate culture. In addition, the applicant will be expected to show that it has considered diversity and inclusion, particularly in forming its board and how the business will assist with the fight against climate change. In relation to conduct, the applicant must comply with the Central Bank (Individual Accountability Framework) Act 2023 once authorised as an e-money institution, which includes compliance by senior role holders with the Common Conduct Standards and the Additional Conduct Standards. The CBI’s expectations on the Individual Accountability Framework are set out in its Guidance on the Individual Accountability Framework (available here). For further information on the Individual Accountability Framework, please see our dedicated information page on our website (available here). |
Safeguarding |
An applicant must have a safeguarding risk framework in place, approved by its board, which ensures that relevant client funds are appropriately identified, managed and protected on a day-to-day basis. Transaction approval authority regarding safeguarding accounts must reside within the Irish applicant entity and not with other group entities or third parties. There must be oversight of this framework by an applicant’s second line of defence (risk and compliance functions) and third line of defence (internal audit). In 2023, an external audit of safeguarding requirements was required for e-money firms who safeguard users’ funds. While the audit requirement was initially just for 2023, it is possible that similar audits may be required in the future. An applicant should have an independent Internal Audit Charter clearly setting out the roles and responsibilities of the Internal Audit Function which should be directly reported to the board of the applicant. Applicants should also ensure they have appropriate compliance policies in place such as a whistleblowing policy and a conflicts of interest policy. |
Business Model, Strategy and Financial Resilience |
An applicant is expected to have a capital accretive business model that is viable and sustainable with due regard given to potential firm specific and wider market stress scenarios. The CBI expects plausible projections covering a three-year period and the CBI has a standardised business model template for this which is provided to firms upon application. While an applicant may operate as part of a larger group and be reliant on group strategic decisions to inform local strategy, there must be sufficient financial (capital and liquidity) and operational (resources, IT systems etc.) capacity and capability within the firm to execute that strategy. An applicant is expected to have robust strategic and capital planning frameworks which demonstrate that it has a good understanding of risks it faces and potential financial impacts, such that the applicant can proactively manage its capital to ensure that it is in a position to meet own funds (capital) requirements on a stand-alone basis at all times, i.e. sufficient regulatory capital is available to absorb losses, including during stress conditions. An applicant is expected to have board-approved business strategies in place supported by robust financial projections and must understand and meet its capital requirements at all times. Strong internal controls must be in place, that are subject to regular testing, to ensure the accuracy and integrity of data used by the firm for regulatory reporting purposes, and for strategic and financial planning. |
Operational Resilience |
The CBI expects an applicant to be able to respond to, recover and learn from operational disruptions. If an applicant is part of a wider group, the CBI will expect the applicant to operate sufficiently on a stand-alone basis to ensure the primacy of the legal entity authorised in Ireland. An applicant’s board and senior management teams must ensure they have the skills and knowledge to meaningfully understand their responsibilities and risks the firm faces. This responsibility also extends to outsourced activities where the activities are conducted on the firm’s behalf by any third party, including any group entity. |
Financial Crime |
As a designated firm, an e-money institution must comply with the know-your-customer / anti-money laundering (“AML”) obligations set out in the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010. An applicant must have a strong AML control framework that specifically focusses on the money laundering and terrorist financing risks arising from the applicant’s business model. Where distributors and/or agents undertake preventative AML measures and controls, such as customer due diligence (“CDD”), on behalf of an e-money firm, these must be completed in line with the e-money firm’s own risk assessments and AML policies and procedures. E-money firms must also exercise adequate oversight of their agents and distributors with an appropriate level of ongoing assurance conducted. E-money firms must undertake appropriate assessment of their agents and distributors that undertake activities on their behalf. The responsibility for carrying out customer risk assessments and CDD on the end user of the products and services ultimately rests with e-money firms, even where such tasks are being performed by agents and distributors. |
Resolution and wind-down |
An applicant is expected to have an appropriate exit/wind-down strategy which is linked to its business and operational model and that ensures the return of customer funds as soon as is reasonably practical in an exit/wind-up scenario. An effective wind-down plan would include:
|
Fitness and Probity |
Once an application has entered the assessment phase, the applicant will also need to ensure that all relevant individuals proposed to hold a Pre-Approval Controlled Function (“PCF”) role in the applicant entity (typically board members, senior management, key function holders) complete Fitness and Probity Individual Questionnaires. The CBI expects applicants to have conducted their own due diligence before proposing a candidate for appointment to a PCF role. Where it is proposed for a person to hold more than one PCF role, sufficient information on why this is appropriate should be provided to the CBI. The CBI has confirmed in its Expectations for Electronic Money Institutions document (available here) that a proposal for a person to hold three or more PCF roles will not be approved. The CBI’s fitness and probity requirements are based on Guideline 16 of the “EBA Guidelines on the information to be provided for the authorisation of payment institutions and e-money institutions and for the registration of account information service providers” which relates to the “identity and suitability assessment of directors and persons responsible for the management of the payment institution or electronic money institution”. The CBI has published “Guidance on the Specific Requirements that apply to persons seeking approval for a Pre-Approval Controlled Function role in a Payment Institution or Electronic Money Institution” (available here). All relevant individuals must submit an Individual Questionnaire electronically. However, access to the online Individual Questionnaire only becomes available after an application has been deemed to contain all the key information needed to progress to the assessment phase of the application process. |
Authorisation Process
An application for authorisation as an e-money institution must be submitted to the CBI.
All applications for authorisation as an e-money institution in Ireland must be submitted using the following form:
- Authorisation as an Electronic Money Institution (available here) (except where the firm only intends to apply for Registration as a Small Electronic Money Institution, in which case a different registration form should be used (available here)2).
The CBI has also published a Guidance Note on completing authorisation/registration applications under the E-Money Regulations (available here). More recently, the CBI published a document setting out the Central Bank of Ireland Expectations for Authorisation of Payment and Electronic Money Institutions and Registration of Account Information Service Providers (the “CBI Expectations Document”) (here) which notes:
The CBI notes that common issues during the authorisation assessment are:
- inadequate preparation and application completeness;
- an applicant’s inability to clearly describe the proposed business model or changing its proposed business model during the process;
- applicants failing to respond to the CBI’s queries in a timely manner;
- applicants failing to prepare appropriate local risk frameworks; and
- issues with proposed candidates for PCF roles.
In addition to the application form, an applicant must complete:
- the Anti-Money Laundering, Counter-Terrorist Financing and Financial Sanctions Pre-Authorisation Risk Evaluation Questionnaire for Payment Institution and Electronic Money Institution Applicants (available here);
- Qualifying Holder Application Forms (available here) as appropriate; and
- Fitness and Probity Individual Questionnaires for all PCF roles.
Pre-application bespoke meetings are scheduled between the CBI’s Authorisation Team and potential applicants to provide direction on application requirements and answer any specific questions applicants may have about the application process. The CBI has also stated in its recent CBI Expectations Document that detailed assessment meetings will also be held in relation to various areas of the proposal.
Additionally, the CBI encourages potential applicants to engage with the CBI early in relation to the applicant’s business plan and to consider doing so initially via its Innovation Hub (see further information here).
The different stages in the process to obtain authorisation as an e-money institution are set out in the table below.
Application Process | |
---|---|
Stage 1: Exploratory Stage | |
Phase 1: Initial meeting and Key Facts Document |
Bespoke pre-application meetings are scheduled with all potential applicants to provide direction on application requirements and answer any specific questions applicants may have about the application process, service standards or completing the application form. All applicants will be required to return a ‘Key Facts Document’ to the CBI at least 5 working days prior to the pre-application meeting. The Key Facts Document was updated in April 2024 and is now required to be between 15-20 pages in length. The CBI recommends applicants take into consideration all items discussed during the pre-application meeting prior to submitting an application. The CBI will usually raise any concerns it has at this point but will not provide any legal advice. At this meeting the CBI can:
|
Phase 1: Submitting the Application Form and Acknowledgement |
When applying for authorisation, an applicant must provide certain information to the CBI, including details of its:
The CBI aims to acknowledge receipt of an application for authorisation submitted by the applicant within 3 working days of receipt. |
Phase 2: Key Information Check and Initial Assessment |
The CBI checks that the applicant has submitted all the key information and documentation. The CBI aims to confirm whether or not this is the case, generally within 10 working days of receipt of the application. The CBI also carries out an initial assessment of the application to check whether the applicant is likely to meet the CBI’s expectations. There are two possible outcomes to this initial assessment: (a) Progression: The CBI will permit the application to proceed to the assessment stage. The CBI will assign a specific case manager as the primary point of contact for the applicant at this stage. The CBI notes that applicants which make “the necessary senior appointments early in the process generally submit a more complete application” and tend to be authorised more quickly (available here); or (b) Issues have been Identified Precluding Progression: This is where the CBI is of the view that the applicant cannot progress to the assessment stage. The CBI will identify the issues and the applicant will have the opportunity to address these issues which may be via written submissions or meetings (in person or online) with the CBI. |
Stage 2: Assessment Stage | |
Stage 2: Assessment Stage |
The CBI assesses the application against the authorisation requirements and issues initial comments to the applicant on its application as well as subsequent comments based on its review of the applicant’s responses. Additional information and detailed assessment meetings may be requested by the CBI. Individuals proposed for Pre-Approval Controlled Function roles are sometimes invited for interview as part of the assessment of their Fitness and Probity for key roles. There are two possible outcomes:
In 90% of cases, the CBI will complete the assessment phase within 90 working days, although the clock will be paused in certain circumstances. |
Stage 3: Authorisation Decision | |
Stage 3: Authorisation Decision |
The CBI notifies the applicant of the outcome of the assessment process. There are two possible outcomes:
|
Following its authorisation, the electronic money institution must comply with its ongoing obligations and supervisory requirements under relevant legislation, such as its obligations to safeguard customers’ funds, comply with ongoing capital requirements and its other obligations under the the E-Money Regulations, to comply with the AML/CFT legislation, and to comply with the Consumer Protection Code 2012 (as amended) (which is currently being revised, as discussed in our briefing available here). Authorised firms are expected to, among other things, act honestly, fairly and professionally.
How Can McCann FitzGerald LLP Help?
McCann Fitzgerald LLP is a premier law firm in Ireland and advises on the full range of legal, tax and compliance activities undertaken by e-money institutions in Ireland. We have substantial experience in successfully guiding applicants through the regulatory authorisation process and in helping them to comply with their legal obligations, once established. If you are considering setting up an e-money institution authorised under Irish legislation, please contact us for further information as to how we can help.
- Regulation (EU) 2023/1114.
- Small Electronic Money Institutions can apply for registration instead of authorisation, and benefit from the waiver of some of the requirements for authorisation as an Electronic Money Institution. However, their registration cannot be passported into any other EEA state and therefore this option tends not to be used in practice.
This document has been prepared by McCann FitzGerald LLP for general guidance only and should not be regarded as a substitute for professional advice. Such advice should always be taken before acting on any of the matters discussed.
Select how you would like to share using the options below