Small Payment Institutions Re-Registration
What has happened?
SPI re-registration deadline is 12th October 2018. Small Payment Institutions are required to assess and update their procedures to ensure they are in-line with new Payment Service Regulations 2017 (PSR17).
In order to become successfully re-registered, SPIs must amend their internal processes and documentation in line with the applicable regulatory changes under PSD2. SPIs are required to provide some of these documents and a description of the amended internal processes as part of the application.
- Complaints Processes – SPIs should amend their complaints policies and procedures to align with regulatory amendments under DISP in the FCA Handbook. These changes concern how complaints are handled, the timeframes in which they must be dealt with, and how complaints should be recorded.
- Sensitive Payment Data – SPIs must review their security arrangements to ensure there are sufficient processes in place to store, monitor and protect customers’ sensitive payment data (e.g. payment card details, personalised security credentials).
- IT Security – PSD2 increased requirements on firms to place implement strong security measures to protect access to the firm’s internal systems and infrastructure. The FCA requires new information on SPIs’ physical security measures, customer authentication processes and their assessment of IT security risks.
As of 19th June 2018, there are over 400 SPIs that have not received re-registration approval from the FCA. It is pivotal that SPIs prepare and submit their application as promptly as possible to avoid the possibility of missing the imposed deadline and having their payment services licence revoked. If SPIs do not submit their application by the 12th October deadline, they may be required to submit a new registration application and face the possibility of not being able to provide payment services after 12th January.
How can Thistle help you?
Thistle can assist SPIs in making their re-registration application to the FCA. We have formulated a step-by-step guidance document to support firms in completing their application and have created an IT Security Policy template designed to help firms demonstrate their relevant controls. For more information on our package, please click here.