Article 35a
Conditions for requesting participation in designated payment systems
1.
By way of safeguard for the stability and integrity of payment systems, payment institutions and electronic money institutions requesting participation and participating in systems designated under Directive 98/26/EC shall have in place the following:
(a)
a description of the measures taken for safeguarding payment service users’ funds;
(b)
a description of the governance arrangements and internal control mechanisms for the payment services or electronic money services it intends to provide, including administrative, risk management and accounting procedures, of the payment institution or electronic money institution and a description of the arrangements for the use of information and communication technology services of the payment institution or electronic money institution, related to Articles 6 and 7 of Regulation (EU) 2022/2554 of the European Parliament and of the Council ( 9 ); and
(c)
a winding-up plan in case of failure.
For the purposes of the first subparagraph, point (a), of this paragraph:
(a)
where the payment institution or electronic money institution safeguards payment service users’ funds by depositing funds in a separate account in a credit institution or by means of an investment in secure, liquid, low-risk assets as defined by the competent authorities of the home Member State, the description of the measures taken for such safeguarding shall contain, as applicable:
(i)
a description of the investment policy to ensure that the assets that are chosen are liquid, secure and low-risk;
(ii)
the number of persons that have access to the safeguarding account and their functions;
(iii)
a description of the administration and reconciliation process to ensure that payment service users’ funds are insulated in the interest of payment service users against the claims of other creditors of the payment institution or electronic money institution, in particular in the event of insolvency;
(iv)
a copy of the draft contract with the credit institution;
(v)
an explicit declaration by the payment institution or electronic money institution of compliance with Article 10 of this Directive;
(b)
where the payment institution or electronic money institution safeguards payment service users’ funds through an insurance policy or comparable guarantee from an insurance company or a credit institution, the description of the measures taken for such safeguarding shall contain the following:
(i)
a confirmation that the insurance policy or comparable guarantee from an insurance company or a credit institution is from an entity that is not part of the same group of firms as the payment institution or electronic money institution;
(ii)
details of the reconciliation process in place to ensure that the insurance policy or comparable guarantee is sufficient to meet the safeguarding obligations of the payment institution or electronic money institution at all times;
(iii)
the duration and the terms of renewal of the coverage;
(iv)
a copy of the insurance agreement or comparable guarantee, or drafts thereof.
For the purposes of the first subparagraph, point (b), the description shall demonstrate that the governance arrangements, internal control mechanisms and arrangements for the use of information and communication technology as referred to in that point are proportionate, appropriate, sound and adequate. In addition, governance arrangements and internal control mechanisms shall include:
(a)
a mapping of the risks identified by the payment institution or electronic money institution, including the type of risks and the procedures the payment institution or electronic money institution has in place or will put in place to assess and prevent such risks;
(b)
the different procedures to carry out periodical and permanent controls, including the frequency and the human resources allocated;
(c)
the accounting procedures by which the payment institution or electronic money institution records and reports its financial information;
(d)
the identity of the person or persons responsible for the internal control functions, including for periodic, permanent and compliance control, as well as an up-to-date curriculum vitae of that person or those persons;
(e)
the identity of any auditor that is not a statutory auditor as defined in Article 2, point 2, of Directive 2006/43/EC;
(f)
the composition of the management body and, if applicable, of any other oversight body or committee;
(g)
a description of the way outsourced functions are monitored and controlled so as to avoid impairment of the quality of the internal controls of the payment institution or electronic money institution;
(h)
a description of the way any agents and branches are monitored and controlled within the framework of the internal controls of the payment institution or electronic money institution;
(i)
where the payment institution or electronic money institution is the subsidiary of a regulated entity in another Member State, a description of the group governance.
For the purposes of the first subparagraph, point (c), the winding-up plan shall be adapted to the envisaged size and business model of the payment institution or electronic money institution and shall include a description of the mitigation measures to be adopted by the payment institution or electronic money institution in the event of the termination of its payment services, which would ensure the execution of pending payment transactions and the termination of existing contracts.
2.
Member States shall define the procedure by which compliance with paragraph 1 is assessed. That procedure may take the form of self-assessment, of a requirement for an explicit decision by the competent authority, or of any other procedure that aims to ensure that the payment institutions and electronic money institutions concerned comply with paragraph 1.
( 9 ) Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (OJ L 333, 27.12.2022, p. 1).