What We Think
January 6, 2022
Applying for a PSD2 license: tips for fintechs
The introduction of the Second Payment Services Directive (PSD2) enables innovative financial technology companies, known as FinTechs, to enter the world of payments. But obtaining a payments license can be an uphill struggle. Senior Consultant Daniel Attard shares some tips for FinTechs embarking on the licensing journey after giving a brief overview of PSD2 and licensing.
PSD2 is a fundamental piece of payment legislation in Europe. Its accompanying regulations drastically impact the financial ecosystem and infrastructure for banks, payment service providers, fintech’s and businesses using payment data for the benefit of consumers. In this sense, PSD2 is often perceived as an enabler. Payment data is among the most sensitive types of consumer data, and thus it is heavily regulated across Europe. For FinTechs to make use of the enabling activities provided by PSD2, they need to obtain a financial services license, which in Malta is granted by the Malta Financial Services Authority (MFSA). This step can be intricately complex, and as a result many FinTechs face challenges complying with the requirements and with the process.
The proportionality principle
Whether you are a bank or financial institution with 5,000 employees or a start-up with 10, the same regulation applies. How do you deal with this? And when is good, good enough? How do you apply the principles on which the regulation is based without ‘overdoing’ it and staying true to the nature of your business?
The answer is not straight forward, and the reality is that one needs to remain constantly aware of the evolving rules and regulations concerning your business environment and reconciling the two. With every change, keep asking yourself what this means for your business, how should you respond? And what are the consequences of those choices? Tips that can help you stay on top:
- Stay in close contact with the regulator. Discuss what you do and why you do it, including your interpretation of the regulation, translated to your business.
- Rethink your governance. Make sure you have a solid second and third line of defense. Solid means someone (or multiple people, depending on the size of your business) that can relate to your business, stand next to it but at the same time act independently, distance themselves, and ask the right questions. This can be done internally, or outsourced, depending on your size and business model. Such a structure will allow you to generate insights that are as objective as possible, not clouded by business dilemmas, hence both improving your business as well as your compliance success.
Align risk assessment to business activities
I often notice that companies regard obtaining a PSD2 license as a checklist exercise, whereby a set of documents are produced for the regulator and not necessarily aligned to the business philosophy or operation. This is especially true in risk assessments which run the risk of being merely desk-based exercises and not truly reflective of what is actually done in the organization. A proper risk assessment will help you ask and answer fundamental questions in a structured way, enabling you to act and take precautionary measures if and when necessary. It is important to first visualize your business as a whole – assessing risks associated with different compliance topics will be automatically part of that exercise.
Take compliance a step further
Despite all the differences, the one thing FinTechs generally have in common is the constant drive to innovate and improve. In that process, being compliant is often seen as a must, and not necessarily as an integrated part of their core business. When applying for a license your company is “vetted” on how compliant you are. Don’t make the mistake of viewing this as a one-time exercise. Especially in financial services, compliance-related topics and regulations are a major part of your product and service delivery. Embed compliance as a part of your day-to-day business – not just because you must but because it will help you.
Do what you said you would do
In the process of obtaining a license, it is completely understandable that you will present the best version of yourself to the regulator. Do however keep the bigger picture and longer-term in mind. Knowing how your processes work, including where you might have potential gaps, is important. Not only for obtaining and maintaining your license, but also to seize opportunities where they arise. An external advisor, someone who knows the application procedure, can help you prioritise.
Be patient, the regulatory landscape is fast evolving
As a final remark: the FinTech community, its participants, and regulator are fast evolving whilst technology developing even faster. Given this fast-paced environment, it is critical for any applicant to be patient and recognize that the regulator might not have all the answers to queries or to issues as they arise. Mutual understanding and respectful communication is key to ensuring a smooth licensing process.
For further information on the above kindly contact: