.svg)
Lithuania’s central bank has chastised payments and electronic money (e-money) institutions in the country, telling VIXIO that the rapid growth currently being experienced in the sector must go hand-in-hand with better compliance.
E-money and payment institutions need to “devote much more effort to the implementation of operational requirements”, the Bank of Lithuania has warned.
The regulator has become increasingly tough on payments and e-money firms.
For example, recent data published by the European Banking Authority and analysed by VIXIO shows a significant drop-off in the number of firms being authorised by the central bank in 2021, compared with the previous two years.
Earlier in February, the central bank also confirmed that it is investigating Railsr subsidiary PayrNet, stating that “there is reason to suspect that the institution is grossly and systematically violating” money laundering regulations.
It has also recently restricted the activities of electronic money institution Transactive Systems, again due to money laundering rules.
It is no secret among payments and fintech insiders that a few years ago, in wake of the UK’s decision to leave the EU, the regulator worked hard to promote the country as an alternative hub for firms to set up shop.
Sources have said that the central bank would often have stalls at conferences as a way to network with and entice institutions.
However, the central bank has admitted that it is keen to get tough on payments and e-money firms. Lukas Jakubonis, the regulator’s financial market development chief, told VIXIO last year that the central bank has gone from a focus on expansion to a new stage, focusing on quality and business culture.
“The payment sector in Lithuania is the one with probably the highest level of competition,” acknowledged Vaidas Cibas, director of the financial services and market supervision department at the Bank of Lithuania. “The services are offered by banks, electronic money (EMI) and payment (PI) institutions, as well as credit unions. That easily makes more than 200 service providers.”
Cibas told VIXIO this week that the sector continues to grow rapidly in the country. “Our duty is to ensure that this process is mature. We emphasise that business expansion must go alongside compliance and that there should not be a two-speed development.”
“Just like banks, these institutions must comply with capital, money laundering and other requirements,” said Cibas. “Surely, the details may vary, but the principle remains the same.”
Failing to meet standards
This latest intervention also comes after the central bank carried out analysis into how payment and e-money firms comply with risk management, internal control and internal audit requirements.
This included evaluating 80 institutions operating in the market (41 e-money institutions and 39 payments institutions), which is more than half of the sector.
None of the evaluated firms met the Bank of Lithuania’s highest possible score, with a majority either marginally meeting requirements or not meeting them at all.
Among the shortcomings uncovered were risk management maps, risk and incident registers and risk management improvement and communication plans being unprepared.
It is common that risks fail to be analysed or evaluated at all, the central bank complained.
The Bank of Lithuania also analysed how institutions implement the reliability requirements for their internal control and management systems, with results proving disappointing.
Issues found by the central bank include “unregulated functions” being carried out by managers and employees, a lack of accountability with no designated persons being responsible for control functions, unregulated management of systems and data processing, notably the transfer and storage.
The Bank of Lithuania said that it had “emphasised more than once” that firms must ensure a reliable and properly functioning internal control system.
“Heads of institutions must ensure that all necessary measures are taken to identify, assess, monitor, limit and control risks, even when the activities of institutions are carried out through intermediaries or part of the functions are entrusted to third parties,” the bank said.
Internal audit function deficiencies were identified, with analysis showing that 13 percent of firms did not have any internal audit function at all.
“Taking into account the fact that internal audit is one of the main factors in strengthening the governance of payments and e-money institutions and the effectiveness of internal control processes, the Bank of Lithuania plans to pay increased attention to this area this year,” the regulator confirmed.
In spite of the latest intervention, Cibas suggested that the relationship between the central bank and firms that it supervises remains amicable. “We are in a constructive dialogue with financial market participants and use various forms of cooperation and supervision.”
