Ireland's central bank has fired a shot across the bows of payment and e-money firms after finding "significant deficiencies" in the governance, risk management and control frameworks of some in the sector.
In late 2021, the central bank wrote a "Dear CEO" letter to the sector that aimed to provide clarity on the supervisory expectations for the firms.
A little over a year later, the bank has followed up with another letter, signed by director of credit institutions supervision Mary-Elizabeth McMunn, that makes clear that it is still seeing issues with many payment and e-money providers.
"Overall, during the last 12 months we have had a further year of intense supervision of the sector. The level of intensity, which is beyond what we would expect for this sector, is on the basis of the significant deficiencies identified in the governance, risk management and control frameworks of some Payment and E-Money firms," write McMunn.
The letter notes: "We continue to see examples of firms’ strategic ambitions outpacing their frameworks and capacity. Firms are not fully considering the entire suite of financial and non-financial risks they face, including new and emerging risk, particularly in the context of a rapidly changing environment."
The central bank sets out its findings relating to five key areas: safeguarding; governance, risk management, conduct and culture; business model, strategy and financial resilience; operational resilience and outsourcing; and AML/CFT.
On safeguarding, the bank notes that one in every four payment and e-money firm has self-identified deficiencies. To tackle this, it is introducing a new rule this year that firms required to safeguard users’ funds obtain a specific audit of their compliance with the safeguarding requirements under the PSR/EMR. This needs to be submitted by the end of July.
Elsewhere, the bank says that risk management frameworks need to better aligned with business strategies and objectives and that there needs to be strong knowledge at the top of firms about the technology risks they face.
The letter concludes by telling companies: "The Central Bank expects all firms in the sector to discuss this letter with their Board, and to reflect on the supervisory findings called out."
Read the full letter:
Download the document now 425.8 kb (Chrome HTML Document)