The attitude of the Bank of Lithuania has become more strict lately towards the fulfilment of compliance requirements by electronic money (EMI) and payment institutions (PI) in Lithuania. The main areas where EMIs and PIs (both those in the process of obtaining a licence and those that already have it and have been operating for some time) should focus their attention on are safeguarding of customer funds, observing the requirements regarding capital indicators and adherence to anti-money laundering and counter-terrorist financing (AML/CTF) regulation. Licenced EMIs and PIs should also make sure that they operate within the limits of the licence and submit precise and correct reports to the Supervision Service of the Bank of Lithuania.
EMIs and PIs should also take into consideration the changes in the laws regulating their activities that occurred since they were licenced. A lot of changes in the laws, regulating the activities of EMIs and PIs, were implemented in 2018. The Republic of Lithuania Law on the Prevention of Money Laundering and Terrorist Financing has changed several times since 2018. The latest changes of this law will come into effect in several stages until 1 August 2021. The first significant changes have already come into effect on 10 January 2020, and the next stage of changes will become effective on 10 July 2020.
If, for example, at the time of obtaining the licence the AML/CTF procedures and the internal control and risk management processes were complying with the requirements of the laws, but were not updated until now, the Supervision Service may find some violations in such EMIs and PIs during an inspection.
Safeguarding of Customer Funds
There is a mandatory requirement in the laws regulating activities of EMIs and PIs to implement measures ensuring the safeguarding of customer funds. Even if an EMI or PI becomes insolvent, when such measures are in place, the customer funds would be protected from being seized to cover the debts of the EMI or PI. For example, one of such measures is a clear declaration of the status of customer funds as well as including special provisions in the contracts with credit institutions (banks, credit unions) and central banks regarding the safekeeping of customer funds, confirming the protection of funds of EMI and PI customers who use their payment services. Furthermore, an EMI or PI, which chooses the method of separation for the safeguarding of customer funds, may invest such funds only into safe, liquid and low-risk assets.
The laws regulating activities of EMIs and PIs contain the criteria, which should be followed in determining the mandatory amount of equity. It cannot drop below the amount, which is calculated according to the approved methodology. In carrying out their inspections, the Supervision Service of the Bank of Lithuania was also interested in how EMIs and PIs are complying with this requirement.
Following Anti-money Laundering and Counter-terrorism Financing Requirements
EMIs and PIs must clearly identify the criteria for the evaluation and management of money laundering and terrorist financing risks, as well as strictly adhere to other requirements of the Republic of Lithuania Law on the Prevention of Money Laundering and Terrorist Financing such as determining an identity of the customer or customer’s representative, implementation of international financial sanctions, a proper introduction to employees of the requirements for the prevention of money laundering and terrorist financing, etc.
Presentation of Correct Reports to the Bank of Lithuania
EMIs and PIs must regularly provide the Supervision Service of the Bank of Lithuania with the following reports: financial and operations reports, reports related to the supervision of the implementation of money laundering and (or) terrorist financing prevention measures, and reports on operational and safety risk events. It is paramount that the data submitted in such reports are correct. If the Bank of Lithuania determines that incorrect data was submitted intentionally, ignoring the set requirements, the most severe enforcement measure – revocation of licence – may be adopted.
Operation within the limits of the licence
EMIs and PIs must provide only licenced services. For example, the laws indicate a very clear distinction between the electronic money institutions and payment institutions, between full and limited licence. When a payment institution has a limited licence which entitles to provide only money remittance services in Lithuania, such institution may not open accounts for customers and accept funds into them, keep those funds in the accounts for an unlimited period of time. Furthermore, if the licence allows providing services only in Lithuania, it is not permissible to provide services in other EU countries. It is also forbidden to publicly mislead customers, claiming to be an electronic money institution, which is entitled to provide a wider scope of services, when the company holds only payment institution licence. Finally, issuing electronic money is not included in the scope of services allowed under the payment institution licence.
If the Supervision Service finds violations, it can order to eliminate the infringements and to impose enforcement measures such as warning, a public announcement about the violations of laws, penalties and even revocation of a licence. „We have repeatedly stressed that the Bank of Lithuania is a fintech-conducive regulator, yet we have zero tolerance to non-compliance with legal acts or abuse of our trust,” said Jekaterina Govina, Director of the Supervision Service of the Bank of Lithuania.
In case of one-time violations, the Supervision Service mostly imposed such enforcement measures as a penalty and public announcement about the violations of laws. Penalties for the violation of requirements associated with the safeguarding of customer funds were imposed on six EMIs or PIs, for non-compliance with the requirements regarding capital indicators – five, for the violations failing to adhere to anti-money laundering and counter-terrorist financing requirements – three, and for providing incorrect reports to the Supervision Service – two. The amounts of penalties have ranged from EUR 9 000, EUR 17 000, EUR 23 000, EUR 27 000, EUR 30 000 to EUR 245 050. When gross and systemic violations, i. e. several of the mentioned violations and intentional non-compliance with the provisions of the laws and requirements of the Bank of Lithuania, were found, two companies were stripped of their licences.
Thus, in order to avoid enforcement measures by the Bank of Lithuania, EMIs and PIs should review the compliance of their internal operating procedures, internal control and risk management processes, required equity indicators and other aspects of their activities to the requirements of the laws and the recommendations of the Bank of Lithuania. This will allow not only to avoid sometimes rather painful penalties by the Bank of Lithuania but also help to maintain a good reputation of the institution both in the Fintech community, in the financial services market and in the eyes of the supervising institution.