In this article we look at obtaining a Payment Institution license in Estonia.
Regulation of Payment Institution
In Estonia, PI-s are mainly regulated by Payment Institutions and E-money Institutions Act (PIEIA) and Payment Service Directive 2 (PSD2) which sets requirements for businesses that provide payment services. PSD2 is an EU Directive (Directive 2015/2366) that applies to banks, building societies, payment institutions, e-money institutions, and their customers. Supervision over PI-s is done by Estonian Financial Supervision Authority (EFSA). An authorized payment institution license enables a business to provide payment services across the European Economic Area.
Payment Institution can:
A PI is a company that provides payment services. A PI may operate only as a public limited company if it provides any of the following:
- services which enable to make cash payments to payment accounts and all acts required for the holding of payment accounts;
- services which enable to withdraw cash from payment accounts and make all acts required for the holding of payment accounts;
- execution of payment transactions, including the transfer of funds to a payment account, opened with a payment service provider;
- execution of payment transactions if the funds have been granted as a loan to the client of the PI;
- issue of payment instruments and acceptance of payment transactions;
In addition, a PI may engage in the following services and activities:
- provision of ancillary services closely related to payment services, such as ensuring the execution of payment transactions, foreign exchange services, safekeeping activities, and the storage and processing of data;
- operation of payment systems;
- other activities not related to the provision of payment services unless otherwise provided by law.
Licensing of PI
In order to operate as a PI, a company shall hold a relevant activity license. To apply for an operating license, a written application must be submitted to EFSA together with the following documents and data required by the PIEIA:
- A copy of the statutes for a business that is operating, any decision by the general meeting to amend the statutes, and the amended text of the statutes;
- A notarized copy of the foundation contract or decision for a business being founded;
- Documentation proving the existence of share or equity capital paid in or to be paid in;
- An operating plan describing all the planned payment services;
- A business plan that meets the requirements of PIEIA;
- The initial balance of the applicant and a review of income and expenses or the balance and profit report as at the end of the month prior to the application for an operating business, and annual reports for the past three years if they exist;
- A description of how the general requirements of PIEIA for holding client assets and client protection will be applied;
- The internal rules and internal bookkeeping rules in accordance with PIEIA, or proposals for them;
- Data on the information technology and other technological equipment and systems, security systems, and control mechanisms and systems that will be needed for provision of the planned services.
- A description of internal controls and measures to ensure compliance with anti-money laundering and terrorist financing obligations and obligations for information about the payer to be sent when transferring money;
- A description of the organizational structure of the applicant, covering where necessary the use of agents or branches or the procedures for transferring services, and its participation in domestic and international payment systems;
- A list of the shareholders of the applicant showing the name of each shareholder or member, their registry code or ID code, or date of birth if they have none, and details on the share or equity holdings of each shareholder and the voting weight given to them;
- The data listed in PIEIA on the major shareholders of the applicant;
- Information on the managers or the applicant, including their first and family names, personal ID codes or date of birth if they have no ID code, place of residence, description of education, full list of jobs and positions held, and for members of the management board a list of their areas of responsibility, together with any documentation that the applicant considers relevant for demonstrating their trustworthiness and compliance with the requirements;
- Data on any business that the applicant or its management holds more than 20% of, where those data include the size of its equity, a list of its areas of activity, and the size of the holding of the applicant and each manager;
- Information on the auditor and internal auditor of the applicant, giving their names, places of residence or locations of operations, and personal ID codes or dates of birth or registry code if there is no ID code;
- Documentation certifying the value of own funds for a business that is already operating, together with the auditor’s report;
- The technical, economic and legal principles approved by Eesti Pank (The Bank of Estonia) for the functioning of the payment system and the draft of the rules organizing the work of this system if the applicant intends to engage in managing payment systems.
If it is not possible to tell for certain from the documents and information submitted whether or not the applicant for an operating license is sufficiently capable of providing payment services or whether it meets the requirements, or if it is necessary to check other details concerning the applicant, EFSA may request further information and documents.
Providing payment services in a foreign state
A PI founded in Estonia and holding an activity license may provide the services in a foreign state by establishing branches or providing cross-border services, including through an agent or distributor. Upon provision of services in a foreign state, a PI shall comply with the legislation issued on the basis thereof and legislation of the foreign state.
A PI which wishes to found a branch in a third country shall apply for a respective authorization from the Financial Supervision Authority. In order to apply for an authorization for the foundation of a branch in a third country, a PI shall submit a written application and the following documents to the EFSA:
- the name of the third country in which the branch is to be founded;
- the address of the seat of the branch in the third country;
- a business plan for the activities of the branch in the third country;
- information concerning the managers of the branch.
The documents shall be submitted in Estonian. At the request of the EFSA, the documents shall be submitted together with a translation made by a sworn translator into the official language or one of the official languages of the third country where the PI wishes to found a branch.
Termination of the PI license:
The validity of an activity license terminates if:
- a decision to dissolve the PI is made;
- the activity license is revoked;
- PI-s are merged, in the case of an institution being acquired;
- a new PI is founded by merger, in the case of institutions that are merging;
- the PI is declared bankrupt.
The payment services a PI license holder is able to provide
- Payment accounts. Examples of a payment account include debit cards and payment cards. The user is able to place and withdraw cash on such accounts as well as use the account card to make payment transactions, using the card to buy goods and services. Users are also able to set up direct debits standing orders as well as transferring funds.
- Merchant services. Holders of the PI license are able to provide merchant services. This can include acting as a master merchant and offering merchants the ability to accept card payments.
- Money remittance. Money remittance or transfer is another service PI-s are able to offer. This service enables the payment service provider to enable users to make cross border payments, internationally.
- Payment initiation services. Under this model, an initiator I.e. as a payment service provider under the PI license, subject to the user’s consent, is able to initiate payment directly from the user’s bank account and transfer the amount directly to the merchant retailer’s bank account, removing the Visa and Mastercard networks from the payment process.
- Account information services. Under this permission, subject to the user’s consent, a payment service provider is able to provide access to a user’s accounts and enable them to view consolidated account information in one place.
Upon starting the licensing process it is important that the applicant has some preliminary business plan written down. We will help you to get it right, but the client needs to have a good understanding of what they want to do: The marketing plan, client segment, understanding of the competitive environment etc. It helps to have 2-3 pages written down, in a free form, to understand to what extent you need help with. We shall provide guidance and frameworks, but the client’s input is also extremely important.
Additionally, as you need to provide a detailed description of your IT systems – the money flow, asset and data protection etc, it’s necessary to have the technical knowledge in the team, or if you’re using third-party solutions, then they have to be able to provide you with the necessary documentation of the underlying systems.
Main requirements for the license holders in Estonia
The PI which has granted an activity license needs to have local operations here, including a board residing in Estonia.
A PI may operate only as a public limited company and that requires a supervisory board with at least 3 members.
Only persons who have the education, experience, and professional qualifications necessary to manage a PI and who have an impeccable business reputation may be appointed managers.
The capital requirement for PI in Europe is 125 000€.
Depends on how quickly the documents can be drafted and submitted. As each client has differences, we usually reserve around few months for document preparations, The whole process of obtaining the PI license shall take about 6 months, as the regulator will ask multiple rounds of additional questions about how the business is managed, how clients assets protected, AML procedures, etc. The decision to issue an operating license or to refuse is taken by EFSA within three months after all the necessary documentation and data have been received, and not later than six months after the application for the operating license has been received.
As the requirements and the licensing process is quite demanding, it’s important to work with the right partner. If you’re planning to set up a Fintech company, and you need help with getting licensed in Estonia, please get in touch with us through our contact page.