Robust risk management and consumer protection has been at the heart of the Central Bank of Ireland’s (“CBI”) approach to the supervision of regulated financial services firms for many years. In recent times, we have seen European regulators requiring E-Money Firms (“EMI”) to implement and maintain robust risk management and governance processes and procedures for the maintenance of their risk profiles and control environment.

If risk and governance frameworks or systems and controls are not fit for purpose, the potential for harm to customers and markets increases materially, something we have seen in numerous consumer protection scandals across the EU. This heightened supervisory focus on EMIs risk management, controls and governance mechanisms are due in part to:

i. the increase of multi-national technology companies, in particular, seeking authorisation as e-money firms. In the last two years in Ireland, there has been an increase of 150% of e-money firms seeking authorisation from the CBI1. Brexit has predominantly been the catalyst for such an upsurge, with many UK regulated e-money firmsseeking Irish authorisation in order to continue to avail of the free movement of financial services rules around the EEA;

ii. consumers using innovative e-money solutions (multi-currency cards accounts and virtual wallets accessed online quickly adopted as standard), which have the benefit of processing payments swiftly, simply, ubiquitously and increasingly in real-time using SEPA Inst Credit rails compared to more traditional payment methods (cash, debit cards). As of May 2020, 1 in 4 Irish
adults have an e-money account2;

iii. the Covid-19 effect on global market volatility, creating unprecedented stressful scenarios and business/ services continuity issues for regulated financial services firms;

iv. an increase in e-money regulation imposing obligations on EMIs to design and implement robust and prudent risk management, control mechanisms and governance arrangements. This is set out in regulation 11(3) of the European Communication (E-Money) Regulations 2011 (Ireland)3; and

v. (v) global e-money issues such as WireCard, Curve, and ANNA. Recognising this heightened supervisory focus on EMIs alongside Deloitte’s extensive risk management experience, this article will discuss the key regulatory requirements under EMR and PSD2 that EMIs must adhere to in order for them to identify, assess, manage and monitor their risks on an ongoing basis, whilst also recognising some of the challenges and opportunities faced by EMIs in this risk management journey.

Download the document for the full article.