|
Latvijas Banka
Regulation No.
270
Adopted 29 January 2024
|
Regulations for the Licensing of
Payment Institutions and Electronic Money Institutions, Issuance
of Authorisations for Registered Operation, and Provision of
Information
Issued pursuant to
Section 11, Paragraph four of the Law on Payment
Services and Electronic Money
I. General Provisions
1. The Regulation prescribes the procedures by which:
1.1. Latvijas Banka issues licences for the operation of a
payment institution and an electronic money institution
(hereinafter - the institution) and the documents to be
submitted;
1.2. Latvijas Banka registers a payment institution and an
electronic money institution which, in accordance with Sections 5
and 5.1 of the Law on Payment Services and Electronic
Money, do not require a licence for the commencement of operation
(hereinafter - the registered institution) and the documents to
be submitted;
1.3. the institution and the registered institution provide
information on changes in the documents which have been submitted
for the receipt of the operating authorisation.
2. If any amendments are made to the documents to be submitted
which are specified in this Regulation during the examination of
the application or other documents, the applicant shall
immediately submit the updated documents to Latvijas Banka.
II. Documents to be Submitted for
the Licensing or Registration of the Institution
3. A commercial company seeking to obtain a licence for the
operation of the institution shall provide the information
specified in the Law on Payment Services and Electronic Money as
follows:
3.1. by completing Annexes 1, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12,
13, 14, and 15 to this Regulation and attaching the documents
specified in those Annexes;
3.2. by completing Annex 1, Sections 5, 6 (if applicable), 7,
8, and 9, and also Annexes 2, 3, 4, and 5 to Latvijas Banka
Regulation No. 241 of 22 May 2023, Regulations for Acquiring or
Increasing a Qualifying Holding in a Financial Institution, and
attaching the documents specified to in those Annexes;
3.3. by attaching a description of the stockholder
(shareholder) structure of the commercial company and specifying
the percentage of the holding of each stockholder or shareholder
(capital, voting rights).
4. If a commercial company seeks to obtain a licence of the
institution, including with the right to provide a payment
initiation service or an account information service, it shall
additionally submit a copy of the professional indemnity
insurance policy or a document certifying a guarantee issued by a
credit institution that is equivalent to the professional
indemnity insurance policy.
5. A branch of a third-country electronic money institution
which seeks to obtain a licence for the operation of an
electronic money institution in the Republic of Latvia shall, in
addition to the documents referred to in Paragraph 3 of this
Regulation, provide the following information:
5.1. the name of the supervisory authority of the relevant
third-country electronic money institution and the date of
issuance, registration number and location of the licence for the
operation of the electronic money institution issued to the
third-country electronic money institution;
5.2. the authorisation of the relevant supervisory authority
of the third-country electronic money institution for opening a
branch of the electronic money institution in the Republic of
Latvia if the applicable legal acts of the relevant third country
require such authorisation, or a written confirmation of such
authority stating that such authorisation is not required.
6. A person who seeks to obtain a licence of the institution
with the right to provide only the account information service
shall submit to Latvijas Banka the completed Annexes 1, 3, 4, 5,
7, 8, 10, 11, 12, 14, and 15 to this Regulation and the documents
referred to in those Annexes.
7. A person who, in accordance with Sections 5 and
5.1 of the Law on Payment Services and Electronic
Money, does not need a licence of the institution shall submit
the information specified in that Law as follows:
7.1. by completing Annexes 2, 3, 4, 6, 10, 11, 13, 14, and 15
to this Regulation and attaching the documents referred to in
those Annexes;
7.2. by attaching the information and documents referred to in
Sub-paragraph 3.3 of this Regulation.
8. In order to re-register a licence when the type of payment
services specified in the issued licence is being changed, the
institution shall submit to Latvijas Banka a revised Annex 1 to
this Regulation and attach the following documents:
8.1. the documents that were submitted in accordance with
Sub-paragraph 3.1 of this Regulation when obtaining the licence
for the operation of the institution, but were amended in
relation to the provision of the new or changed service;
8.2. the calculation of the expenses necessary for the
introduction of the new payment service and information on the
sources of funds to cover these expenses.
9. In order to change the types of payment services provided
by a registered institution, the registered institution shall
submit to Latvijas Banka a revised Annex 2 to this Regulation and
attach the following documents:
9.1. the documents that were submitted in accordance with
Sub-paragraph 7.1 of this Regulation when obtaining the licence
for the operation of the registered institution, but were amended
in relation to the provision of the new or changed service;
9.2. the calculation of expenses for the introduction of the
new payment service and information on the sources of funds to
cover those expenses.
III. Procedures for the
Examination of Applications and Notifications
10. Latvijas Banka shall, within 15 working days from the date
of receipt of the documents referred to in Paragraphs 3, 4, 5, 6,
or 7 of this Regulation, assess whether all information and
documents have been submitted in accordance with the requirements
outlined in this Regulation.
11. If the submitted information or documents are incomplete,
Latvijas Banka shall notify the applicant in writing of the
identified deficiencies.
12. If the submitted information and documents are complete,
Latvijas Banka shall immediately notify the applicant of the
commencement of the substantive assessment process and the date
of receipt of the complete application or notification.
13. A person, commercial company, and a branch of a
third-country electronic money institution need not submit to
Latvijas Banka any documents that can be obtained from the public
registers of the Republic of Latvia.
14. If documents already possessed by Latvijas Banka whose
information has not changed need to be submitted in the cases
specified in this Regulation, the relevant documents shall not be
resubmitted, and the application addressed to Latvijas Banka
shall specify that the relevant documents have been submitted and
confirm that the information contained therein has not changed
from the moment of their submission.
15. If the name (firm name) of the institution or registered
institution is being changed, Latvijas Banka shall re-register
the licence (authorisation) or make changes in the register of
the registered institutions within 10 working days after receipt
of the relevant information.
IV. Closing Provision
16. Regulatory Provisions No. 138 of the Financial and Capital
Market Commission of 25 August 2020, Regulatory Provisions for
the Documents and Information to be Submitted for the Receipt of
an Authorisation for the Operation of a Payment Institution and
an Electronic Money Institution (Latvijas Vēstnesis, 2020,
No. 171), are repealed.
Governor of Latvijas Banka M. Kazāks
Annex 1
Latvijas Banka's
Regulation No. 270
29 January 2024
Latvijas Banka
Application for Obtaining the
Licence for the Operation of __________________
1. Information on the commercial
company (branch) which seeks to obtain the licence
| Name (firm name) |
|
| Trade name (if different from
the firm name) |
|
| Registration number |
|
| Registered office |
|
| Address where the commercial
company (branch) can be reached (if different from the
registered office) |
|
| Website (if any) |
|
2. Information on whether the
electronic money institution intends to provide payment services
unrelated to the issuance of electronic money in addition to the
issuance of electronic money (mark with an "x" as
appropriate)
The institution intends to provide payment
services
(NB! If it is marked that the electronic money institution
intends to provide payment services, Paragraph 3 of this
application must be completed.)
The institution does not intend to provide payment
services
3. Information on the types of
payment services to be provided (mark with an "x" as
appropriate)
Services enabling cash to be placed on a payment
account and also all the required operations carried out by the
payment service provider to provide a payment service user the
possibility to operate a payment account
Services enabling cash withdrawals from a payment
account and also all the required operations carried out by a
payment service provider to provide a payment service user the
possibility to operate a payment account
Execution of payments, also the transfer of money
to a payment account opened with the payment service provider of
a payment service user or with another payment service provider,
including:
execution of direct debits, including one-off
direct debits
execution of payments through a payment card or a
similar device
execution of credit transfers, including standing
orders
Execution of payments where a credit limit is
applied to the money available to the payment service user,
including:
execution of direct debits, including one-off
direct debits
execution of payments through a payment card or a
similar device
execution of credit transfers, including standing
orders
Issuing of payment instruments Acquiring of payments
Money remittance
Payment initiation services
Account information services
4. Information on the auditor of the
institution (if any)
| Name (firm name)/given name,
surname |
|
| Registration number/personal
identity number/identification number |
|
| Registered office/declared place
of residence |
|
5. Information on persons with
qualifying holding in the institution
| Name (firm name)/given name,
surname |
|
| Registration number/personal
identity number/identification number |
|
| Registered office/declared place
of residence |
|
| Size of holding (percentage of
the institution's share capital) |
|
6. Minimum initial capital that the
applicant must demonstrate when obtaining the
licence*:
EUR 20 000 if the applicant intends to provide
only money remittance services
EUR 50 000 if the applicant intends to provide
only payment initiation services
EUR 125 000 if the applicant intends to provide
any of the payment services referred to in Section 1, Clause 1,
Sub-clauses "a", "b", "c", "d", or "e" of the Law on Payment
Services and Electronic Money
EUR 350 000 if the applicant intends to obtain the
licence for the operation of an electronic money institution
| List of documents confirming the
existence of initial capital |
| |
or
7. I hereby confirm that (mark with
an "x"):
the institution intends to provide only account
information services
the institution does not intend to hold the funds
of customers
8. Information on persons with close
links to the institution
| Name (firm name)/given name,
surname |
|
| Registration number/personal
identity number/identification number |
|
| Registered office/declared place
of residence |
|
9. Contact person of the institution
for communication during the licensing process
| Given name, surname of the
contact person |
|
| E-mail |
|
| Contact telephone |
|
The following documents are appended
to the application (mark the appended documents with an "x"):
document certifying the payment of the fee for the
examination of the submitted documents
power of attorney or a certified copy thereof if
the application is signed by an authorised representative
copy of the professional indemnity insurance
policy or a document certifying the existence of an equivalent
guarantee (if applicable)
Information on the person who signs
the application
| Signature and full name
(person's given name, surname) |
|
| Personal identity
number/identification number |
|
| Position or other legal basis
for the representation of the institution |
|
| Date of signature |
|
* Need not be completed if the applicant intends to
provide only account information services.
Governor of Latvijas Banka M. Kazāks
Annex 2
Latvijas Banka's
Regulation No. 270
29 January 2024
Latvijas Banka
Notification of the Commencement
of the Operation of the Registered __________________
Institution
I declare that the person referred to in Paragraph 1 meets the
conditions specified in Section 5, Paragraph one or Section
5.1, Paragraph one of the Law on Payment Services and
Electronic Money to commence the provision of services without
obtaining the licence for the operation of a payment institution
or electronic money institution.
1. Information on the person who
seeks to commence the provision of services
| Name (firm name)/given name,
surname |
|
| Registration number/personal
identity number/identification number |
|
| Registered office/declared place
of residence |
|
| Address where the person can be
reached (if different from the registered office/declared
address) |
|
| Website (if any) |
|
2. Information on whether the
electronic money institution intends to provide payment services
in addition to the issuance of electronic money (mark with an "x"
as appropriate)*
The institution intends to provide payment
services
The institution does not intend to provide payment
services
3. Information on the types of
payment services to be provided (mark with an "x" as
appropriate)
Issuing of payment instruments
Money remittance
4. Information on persons with
qualifying holding in the institution
| Name (firm name)/given name,
surname |
|
| Registration number/personal
identity number/identification number |
|
| Registered office/declared place
of residence |
|
| Size of holding (percentage of
the institution's share capital) |
|
5. Contact person of the institution
for communication during the process of obtaining the
authorisation
| Given name, surname of the
contact person |
|
| E-mail |
|
| Contact telephone |
|
The following documents are appended
to the notification (mark the appended documents with an
"x"):
document certifying the payment of the fee for the
examination of the submitted documents
power of attorney or a certified copy thereof if
the authorisation to sign the notification on the commencement of
the operation of the institution on behalf of the institution
arises from the authorisation agreement
Information on the person who signs
the application
| Signature and full name
(person's given name, surname) |
|
| Personal identity
number/identification number |
|
| Position or other legal basis
for the representation of the institution |
|
| Date of signature |
|
* To be completed when obtaining the authorisation
for the operation of the electronic money institution.
Governor of Latvijas Banka M. Kazāks
Annex 3
Latvijas Banka's
Regulation No. 270
29 January 2024
Information on the Operational
Programme of the Institution or the Registered Institution
The applicant shall provide on its operations the information
specified in the table, attaching additional documents supporting
the information listed in the table where necessary.
| No. |
Information to be
submitted |
| 1. |
Description of the types of planned payment services,
including an explanation of the reasons why the applicant
considers the operations that will be carried out as falling
within any of the legal categories of payment services listed
in Section 1, Clause 1 of the Law on Payment Services and
Electronic Money |
| |
[description] |
| 2. |
Description of planned electronic money services if the
applicant intends to provide them, specifying whether those
will be issuance, redemption, or distribution services
Description of the types of planned payment services,
including an explanation of the reasons why the applicant
considers the operations that will be carried out as
falling within any of the legal categories of payment
services listed in in Section 1, Clause 1 of the Law on
Payment Services and Electronic Money, and indicating
whether those payment services will be provided in addition
to electronic money services and will involve the issuance
of electronic money
|
| |
[description] |
| 3. |
Will the applicant at any point own, hold, or possess
the funds of customers? |
| |
Yes
No
|
| 4. |
If applicable, a description of the execution of the
different payment services (including electronic money
services), detailing all parties involved and indicating
the following for each payment service (including
electronic money service) provided:
a) cash-flow diagram* (to be appended to this
document);
b) settlement procedures*;
c) draft contracts to be concluded between all parties
involved in the provision of payment services, including
those with payment card schemes (to be appended to this
document);
d) deadlines for the processing and execution of
payments
|
| |
[description] |
| 5. |
Copy of the draft framework contract within the meaning
of Section 1, Clause 8 of the Law on Payment Services and
Electronic Money |
| |
Appended |
| 6. |
Procedures for managing complaints (disputes) submitted
by payment service users and electronic money holders |
| |
Appended |
| 7. |
Is it planned to provide payment services (including
electronic money services) or carry out the activities
related to their provision from several physical locations?
If yes, please indicate their number and the planned type of
service |
| |
No
Yes
[description]
|
| 8. |
Is it planned to provide any ancillary services to the
payment services (including electronic money services)
referred to in Section 36, Paragraph one, Clauses 1 and 2 and
Section 36.1, Paragraph one, Clauses 1, 2, or 3 of
the Law on Payment Services and Electronic Money? If yes,
please describe all those ancillary services |
| |
No
Yes
[description]
|
| 9. |
Is it planned to grant a credit linked to payment
services within the meaning of Section 37 of the Law on
Payment Services and Electronic Money? If yes, please specify
the limits** |
| |
No
Yes
[description]
|
| 10. |
Is it planned to provide payment services (including
electronic money services) in other Member States or third
countries? If yes, please specify those countries |
| |
No
Yes
[description]
|
| 11. |
Is the applicant already engaged in or within the next
three years intends to engage in another type of commercial
activity specified in Section 36, Paragraph one, Clause 3 and
Section 36.1, Paragraph one, Clause 4 of the Law
on Payment Services and Electronic Money? If yes, please
describe the type of this activity and its expected size for
the next year |
| |
No
Yes
[description]
|
| 12. |
If payment initiation services or account information
services are intended to be provided, please describe the
steps for calculating the minimum liability limit of the
professional indemnity insurance in accordance with the
procedures for its calculation laid down in Section
35.1, Paragraph four of the Law on Payment
Services and Electronic Money |
| |
[description] |
* Need not be provided if the applicant intends to provide
only payment initiation services or account information
services.
** To be completed only if the applicant intends to provide
payment services in addition to electronic money services.
Governor of Latvijas Banka M. Kazāks
Annex 4
Latvijas Banka's
Regulation No. 270
29 January 2024
Description of the Information to
be Included in the Business Plan
| No. |
Information to be
included |
Section of the business plan
containing the information |
| 1. |
Operational strategy, marketing
plan including an analysis of the commercial company's
competitive position in the relevant market segment, and a
description of the applicant's service users (customers),
marketing materials, and distribution channels |
|
| 2. |
Audited* annual financial
statements for the previous three years, if available, or a
summary of the financial position if an annual statement has
not been prepared |
|
| 3. |
A forecast budget calculation for the first three financial
years which demonstrates that the applicant is able to
employ appropriate and proportionate systems, resources,
and procedures to operate soundly. Such calculation shall
include:
a) a profit or loss account and balance-sheet forecast,
including target scenarios (standard, optimistic, and
pessimistic scenarios), their basic assumptions, such
indicators as the number and value of transactions, number
of customers, pricing policy, average amount per
transaction, expected increase in the break-even point;
b) explanations of the main items of income and
expenses, the financial debts, and the fixed assets;
c) the estimated cash flow of income and expenses with a
detailed breakdown of items for the next three financial
years.
|
|
| 4. |
Information on own funds,
including the amount and detailed breakdown of the
composition of the initial capital in accordance with Section
1, Clause 39 of the Law on Payment Services and Electronic
Money** |
|
| 5. |
Information on and calculation
of the minimum own funds requirements in accordance with
Section 35 of the Law on Payment Services and Electronic
Money, including the forecast breakdown of the own funds for
the next three years** |
|
* If annual statements need not be audited in accordance with
the laws and regulations, unaudited statements shall be
submitted.
** Need not be submitted if the applicant intends to provide
only account information services or intends to obtain only the
authorisation of a registered institution.
Governor of Latvijas Banka M. Kazāks
Annex 5
Latvijas Banka's
Regulation No. 270
29 January 2024
Description of the Information on
the Organisational Structure
| No. |
Information to be
included |
Section of the description of
the organisational structure containing the information or
the submitted document |
| 1. |
Detailed description of the
organisational structure of the applicant, specifying the
given name and surname of the members of the supervisory
board (if established), members of the executive board, heads
of units, including the given name and surname of the person
responsible for internal control functions; the description
of the organisational structure of the applicant shall be
accompanied by the description of the functions,
responsibilities, and liability of each unit and committee
(if established) |
|
| 2. |
Overall forecast of the number
of employees for the next three years |
|
| 3. |
Description of the relevant outsourcing mechanisms
consisting of:
a) the geographical location of the outsourced service
provider;
b) the identity of the persons within the applicant's
institution that are responsible for each of the outsourced
activities;
c) a clear description of the outsourced activities and
their main characteristics, including copies of draft
outsourcing contracts
|
|
| 4. |
Description of the use of applicant's branches and agents,
if such are intended, including:
a) a plan of off-site and on-site checks which the
applicant intends to carry out at least annually in
branches and agents and their frequency;
b) the IT systems, the processes, and the infrastructure
used by the applicant's agents to perform activities on
behalf of the applicant;
c) the recruitment policy, monitoring procedures, and
training of agents and, where available, the draft
cooperation contract.
|
|
| 5. |
All natural or legal persons
with close links to the applicant, indicating their identity
and the nature of those links |
|
| 6. |
Information and description of
applicant's participation in a national or international
payment system |
|
Governor of Latvijas Banka M. Kazāks
Annex 6
Latvijas Banka's
Regulation No. 270
29 January 2024
Measures for Safeguarding the
Money of Payment Service Users and Electronic Money Holders
The applicant shall provide on its operations the information
specified in the table, attaching additional documents supporting
the information listed in the table where necessary.
| 1. Which
method does the applicant use to safeguard the money of
payment service users and electronic money holders? |
|
The money of payment service users and
electronic money holders is safeguarded through an
insurance policy, a suretyship insurance policy issued by a
credit institution, or another guarantee (please complete
Points 2, 3, 4, and 5 of this table)
The money of payment service users and
electronic money holders is safeguarded through depositing
money in a separate account (in a credit institution or a
central bank of a country) separately from other funds of
the commercial company or personal funds (for a natural
person), or through an investment in secure, low-risk
assets considered as such in accordance with the
regulations of Latvijas Banka (please complete Points 6, 7,
8, and 9 of this table)
|
| 2.
Confirmation that the insurance company or credit institution
which has issued the insurance policy, suretyship insurance
policy, or other guarantee is not part of the same group of
commercial companies as the applicant |
| [description] |
| 3.
Description of insurance terms which would ensure that the
insurance policy, suretyship insurance policy, or another
guarantee is sufficient to enable the applicant to always
fulfil the requirements towards payment service users,
electronic money holders, and other payment service
providers |
| [description] |
| 4. Term of
the coverage of the insurance policy, suretyship insurance
policy, or other guarantee and conditions for renewal |
| [description] |
| 5. Copy of
the (draft) insurance agreement, suretyship insurance
agreement, or other guarantee |
| Appended |
| 6.
Description of the policy for the investment of customer
funds to ensure the assets chosen are liquid, secure, and
low-risk (if applicable) |
| [description] |
| 7.
Identity of the persons who have access to the account where
the money of payment service users and electronic money
holders is held separately, and the functions, obligations,
responsibilities, and liability of those persons |
| [description] |
| 8.
Description of the management process to ensure the
compliance with the principles of Sections 38 and
38.1 of the Law on Payment Services and Electronic
Money for the safeguarding of the funds of payment service
users and electronic money holders. Procedure for the
safeguarding of the funds of payment service users and
electronic money holders (part of the internal control
system) |
|
[description]
The procedure is appended
|
| 9. Bank
statement or a copy of the (draft) contract concluded with
the bank for the payment account intended for customer
funds |
| Appended |
Governor of Latvijas Banka M. Kazāks
Annex 7
Latvijas Banka's
Regulation No. 270
29 January 2024
Information to be Included in the
Description of the Internal Control and Management System
| No. |
Information to be
included |
Section of the description
containing the information, name of the submitted
procedure |
| 1. |
A list and assessment of the
identified risks, including the weight and impact of risks on
the operation of the applicant, and also procedures which the
applicant will put in place to manage such risks |
|
| 2. |
Procedures (operational
procedures) for the provision and control of electronic money
services (issuance/distribution/redemption) and payment
services (including in relation to credit granting, if
applicable) which include at least the procedures for
authorising the maker of transaction and stipulating
restrictions to ensure that the transaction corresponds to
the institution's policy, laws, regulations, and standards,
and also the procedures for ensuring and controlling the
provided service |
|
| 3. |
Accounting policy and procedures
to be used by the applicant to record, control, and assess
their financial information and funds of customers and to
prepare statements |
|
| 4. |
Identity and up-to-date
curriculum vitae (CV) of the persons responsible for the
internal control functions (the management information
system, risk control system, and the operational compliance
control system), including for the regularity and consistency
of their implementation, and also the control of the
operational compliance of the applicant |
|
| 5. |
Identity and up-to-date
curriculum vitae (CV) of the persons responsible for the
internal audit function |
|
| 6. |
Policy and procedure for
monitoring and controlling the outsourced functions to avoid
an impairment in the quality of applicant's internal
control |
|
| 7. |
Policy and procedure for
monitoring and controlling the agents and branches within the
framework of the applicant's internal control system |
|
| 8. |
If the applicant is a subsidiary
of a regulated institution in another EU Member State, a
description of the group management |
|
Governor of Latvijas Banka M. Kazāks
Annex 8
Latvijas Banka's
Regulation No. 270
29 January 2024
Description of the Internal
Control and Management System for the Management of IT and
Security Incidents and Handling Complaints Related to the
Security of Services
The applicant shall submit a description of the introduced
procedure for the monitoring and handling of and following up on
IT and security incidents, including the reporting on major
incidents to Latvijas Banka, and the handling of complaints of
payment service users and electronic money holders which are
related to the security of information systems. The procedures
shall be developed, taking into account the requirements of
Latvijas Banka regulations in the field of information system
security. The procedures shall include at least the information
outlined below.
| No. |
Information to be
included |
Section of the procedure
containing the information or the submitted document |
| 1. |
Organisational measures and
tools for the prevention of fraud |
|
| 2. |
Details of the persons and units
responsible for assisting the payment service users and
electronic money holders in cases of fraud, technical issues,
or the handling of complaints |
|
| 3. |
Reporting procedures in cases of
fraud |
|
| 4. |
Name and e-mail of the customer
support service |
|
| 5. |
Procedures for the registration
and reporting of incidents, including the submission of those
reports to internal or external bodies, and also the
reporting on major incidents to Latvijas Banka |
|
Governor of Latvijas Banka M. Kazāks
Annex 9
Latvijas Banka's
Regulation No. 270
29 January 2024
Description of the Process for
Collecting Statistical Data on the Operational Efficiency,
Provided Services, and Fraud
The applicant shall submit a description of the principles and
definitions to be applied for the collection of the statistical
data on the operational efficiency, provided services, and fraud
by including at least the information specified below.
| No. |
Information to be
included |
Section of the description
containing the information |
| 1. |
The type of statistical data
which the applicant intends to collect on payment service
users and electronic money holders and the types of payment
services or electronic money services they use (e.g., the
service provision channel, the payment instrument used,
jurisdiction, or currencies used in transactions) |
|
| 2. |
The scope of data collection
(specifying whether the data on all types of provided
services will be collected; the units in which the data will
be collected; whether the data will also be collected from
branches, agents, and distributors) |
|
| 3. |
The form of data collection |
|
| 4. |
The purpose of data
collection |
|
| 5. |
The frequency of data
collection |
|
| 6. |
Additional documents, such as a
manual describing the operation of the data collection
system |
|
Governor of Latvijas Banka M. Kazāks
Annex 10
Latvijas
Banka's Regulation No. 270
29 January 2024
Description of Measures for
Ensuring the Continuity of Commercial Activity
The applicant shall submit a description of the institution's
measures for ensuring the continuity of commercial activity,
including at least the information specified below.
| No. |
Information to be
included |
Section of the description
containing the information |
| 1. |
Analysis of the impact of
commercial activity (functions and processes) and processes
of commercial activity which have an impact on the
applicant's overall business, and the recovery strategy,
recovery scenarios and priorities, including the recovery
time, recovery level, and protected assets |
|
| 2. |
Business continuity plan,
including for information systems, which has been developed
by taking into account the requirements of the regulations of
Latvijas Banka in the field of information system security
and including an explanation of the actions which the
applicant will take if significant business continuity
problems and disruptions arise, such as the failure of key
systems, the loss of key data, the inaccessibility of the
premises, and the unavailability of key persons |
|
| 3. |
Description of the applicant's
plan for creating and storing backup copies of information
system data |
|
| 4. |
Description of the frequency
with which the applicant intends to test the commercial
activity continuity and recovery plans and to assess their
operational efficiency, including how the testing results
will be documented and evaluated |
|
| 5. |
Description of the envisaged
risk mitigation measures in cases of the termination of the
provision of the applicant's payment services or electronic
money services,in order to ensure the execution of pending
operations (including payments) and the termination of
existing contracts, including in the case of prolonged
down-time |
|
Governor of Latvijas Banka M. Kazāks
Annex 11
Latvijas
Banka's Regulation No. 270
29 January 2024
Information to be Included in the
Description of the Management of Information System Security
The applicant shall submit a description of the management of
information system security which has been developed by taking
into account the requirements of the regulations of Latvijas
Banka in the field of information system security and includes at
least the information specified below.
| No. |
Information to be
included |
Section of the description
containing the information |
| 1. |
Detailed risk assessment of the
payment services and electronic money services the applicant
intends to provide which shall also include measures for the
control of fraud risks and security and risk mitigation taken
to adequately protect payment service users and electronic
money holders against the identified risks |
|
| 2. |
Description of IT systems, including the following
information:
2.1. the architecture of the systems and their network
elements (computer network and connection scheme);
2.2. the information systems supporting the commercial
activity conducted, such as the applicant's website,
e-wallets, the payment system, the risk and fraud
management system, and customer accounting system;
2.3. the IT support systems used for the organisation
and management of the applicant's operations, such as
accounting, human resources management, customer
relationship management information systems,
the e-mail system, and the internal file system;
2.4. the information on whether those information
systems are already used by the applicant or its group; the
planned date of their introduction (if applicable)
|
|
| 3. |
Type of authorised external
connections, e.g. for partners, service providers, entities
of the group, and employees working remotely, including the
justification of such connections, by specifying the
implemented security measures and control mechanisms |
|
| 4. |
Logical security measures and
mechanisms that govern the internal access to IT systems |
|
| 5. |
Physical security measures and
mechanisms of the workplaces and data centre of the
applicant, e.g. physical access control measures and the
administration of environmental security |
|
| 6. |
Security of the payment processes and electronic money
service processes, including the following information:
6.1. the customer authentication procedure used for both
consultative access and access for payment or payment
initiation purposes;
6.2. the safe transfer of authentication elements to the
legitimate payment service user or the electronic money
holder, ensuring the integrity both during their initial
implementation and renewal;
6.3. a description of the systems and procedures that
the applicant has in place for the analysis of payments and
the identification of suspicious or unusual payments
|
|
| 7. |
List of the main procedures in
relation to the applicant's information systems or, for
procedures that have not yet been formalised, the planned
date of their entry into effect |
|
Governor of Latvijas Banka M. Kazāks
Annex 12
Latvijas
Banka's Regulation No. 270
29 January 2024
Description of Processes
Introduced for the Registration, Monitoring, Tracking, and
Restriction of Access to Sensitive Payment Data
The applicant shall submit a description of the processes
introduced for the registration, monitoring, tracking, and
restriction of access to sensitive payment data which shall
include at least the information specified below.
| No. |
Information to be
included |
Section of the description
containing the information |
| 1. |
Data flow diagrams of sensitive payment data which are
accompanied by detailed descriptions specifying:
1.1. the manner and information systems in which and the
type of sensitive payment data which will be processed by
the applicant, including in cases where an outsourced
service provider or its cooperation partners (including
account information service providers or payment initiation
service providers) are used;
1.2. the procedures by which the customer securely
receives sensitive payment data
|
|
| 2. |
Description of the solutions for
monitoring and following up on transactions to prevent,
detect, and block fraudulent payment transactions.
Explanation of how breaches will be detected and the actions
to be taken in the event of breaches |
|
| 3. |
List of the persons and units
with access to the sensitive payment data |
|
| 4. |
The monitoring tools used and
the introduced follow-up measures and procedures for
mitigating the security risks |
|
| 5. |
Annual internal control plan for
the administration of information system security |
|
Governor of Latvijas Banka M. Kazāks
Annex 13
Latvijas
Banka's Regulation No. 270
29 January 2024
Information to be Included in
Documents on the Creation and Efficient Operation of Internal
Control Systems for the Prevention of Money Laundering and
Terrorism and Proliferation Financing and Sanction Risk
Management
The applicant shall submit procedures, assessments, policies,
descriptions of measures, and other documents on the creation and
efficient operation of an internal control system for the
prevention of money laundering and terrorism and proliferation
financing (hereinafter - MLTPF) and sanction risk management
which shall include at least the information specified below.
| No. |
Information to be
included |
Section of the submitted
document containing the information, name of the
document |
| 1. |
Assessment of the MLTPF risk and
the sanction risk inherent to the operation and customers of
the institution which has been conducted and documented by
the applicant and also takes into account the risks
associated with the applicant's customer base, the products
and services offered, the service and product distribution
channels used, and the geographical areas of operation and
customers, including a description of the risk assessment
methodology |
|
| 2. |
Internal control system measures
which the applicant has or will introduce in accordance with
Section 7 of Law on the Prevention of Money Laundering and
Terrorism and Proliferation Financing in order to mitigate
the risks and comply with the obligations specified in the
legal acts on the prevention of MLTPF |
|
| 3. |
Description of the measures and
the used information system solutions which the applicant has
or will introduce to ensure the creation and automated use of
a customer risk scoring system, and also its regular and
independent evaluation (auditing) |
|
| 4. |
Description of other information
system solutions which the applicant has or will introduce to
ensure the MLTPF risk and sanction risk management (such as
customer identification, sanctions screening system,
monitoring of transactions, etc.) |
|
| 5. |
Measures (requirements,
controls) for the MLTPF risk and sanction risk management
which the applicant has or will introduce to ensure that the
branches and agents comply with the applicable requirements
related to the prevention of MLTPF and sanction risk
management, including in cases where the agent or branch is
located in another Member State |
|
| 6. |
Mechanisms which the applicant
has or will introduce to ensure that its employees and agents
are appropriately trained in matters related to MLTPF risks
and sanction risks, the legal acts in the field of the
prevention of MLTPF and sanction risk management, and the
activities provided for in the internal control systems for
the prevention of MLTPF and sanction risk management and
their implementation, and they are also able to detect
indications of an unusual transaction and suspicious
transactions, including to identify the cases of violation
and circumvention of sanctions |
|
| 7. |
Information on persons responsible for ensuring compliance
with the requirements for the prevention of MLTPF within
the institution (including the responsible member of the
executive board) who are entitled to take decisions and are
directly accountable for adhering to the requirements of
the Law on the Prevention of Money Laundering and Terrorism
and Proliferation Financing, including:
7.1. a detailed curriculum vitae (CV) of the person,
education documents, certificates, certifications on
training in the field of the prevention of MLTPF and
sanction risk management (if any);
7.2. an assessment documented by the applicant which
certifies that the relevant employee, including a member of
the executive board, meets the requirements laid down in
the legal acts and the applicant's internal policies and
procedures for the prevention of MLTPF
|
|
| 8. |
Policy specifying the procedures
for assessing the employees (including the responsible member
of the executive board) responsible for compliance with the
requirements for the prevention of MLTPF |
|
| 9. |
Procedure specifying the
allocation of powers and responsibilities in the field of the
prevention of MLTPF to the employees (including member of the
executive board) responsible for compliance with the
requirements for the prevention of MLTPF, and also the
procedures by which the applicant will ensure the monitoring
of the performance of those persons |
|
| 10. |
Measures for the prevention of
MLTPF and sanction risks management which the applicant has
or will introduce to ensure the policies and procedures
developed thereby for the prevention of MLTPF and sanction
risks management remain up to date, effective, and suitable
for the type of commercial activity chosen by the
applicant |
|
| 11. |
Manual for the applicant's
employees on the prevention of MLTPF in accordance with the
procedures and policies specified in this Annex |
|
| 12. |
Policies and procedures for the
requirements set by the applicant for the compliance with the
requirements of the Law on International Sanctions and
National Sanctions of the Republic of Latvia and other laws
and regulations in the field of the sanction risk
management |
|
| 13. |
Procedures for ensuring the
assessment of the operational efficiency of the applicant's
internal control system in the field of the prevention of
MLTPF and sanction risk management |
|
| 14. |
Procedures by which the
applicant cooperates with third parties in ensuring the
prevention of MLTPF and sanction risk management, if
applicable |
|
Governor of Latvijas Banka M. Kazāks
Annex 14
Latvijas
Banka's Regulation No. 270
29 January 2024
Latvijas Banka
Notification of the Responsible
Persons of the Institution or Registered
Institution*
Name (firm name) of the institution (branch of a third-country
electronic money institution)
Reason for submitting the notification:
receipt of the licence for the operation of the
institution/registration of the institution
first appointment to the position
changes in the provided information
change of position
Given name, surname, personal identity number/identification
number of the person
Please indicate the relevant position(s) which the person to
be approved will hold within the institution:
chairperson of the executive board
member of the executive board
member (chairperson) of the executive board who is
responsible for the fulfilment of the requirements for the
prevention of money laundering and terrorism and proliferation
financing
chairperson of the supervisory board
member of the supervisory board
person who, upon taking material decisions on
behalf of the institution, causes civil liabilities to the
institution
person who is directly responsible for the
management of the operation of the payment services of the
institution or the issuance of electronic money
person responsible for the fulfilment of the
requirements for the prevention of money laundering and terrorism
and proliferation financing
head of the branch of a third-country electronic
money institution
procuration holder
other position (please indicate):
_______________
Date and place of birth
Declared address of the place of residence (including
telephone, e-mail address)
Citizenship
Planned start date and duration of the mandate
Brief description of the person's main duties and
responsibilities
Has another supervision authority assessed the reputation of
the person? (If yes, please specify the institution, assessment
date, and the decision taken by that institution)
Has another institution not related to the financial sector
assessed the reputation of the person? (If yes, please specify
the institution, assessment date, and the decision taken by that
institution)
Has the person been convicted of committing an intentional
criminal offence or a prosecutor's penal order has been imposed
thereon for committing an intentional criminal offence
(yes/no)?
Has the person been convicted of committing an intentional
criminal offence or a prosecutor's penal order has been imposed
thereon for committing an intentional criminal offence, even if
the person has been released from serving the punishment due to
the limitation period, clemency, or amnesty (yes/no)?
Have the criminal proceedings initiated against the person for
committing an intentional criminal offence been terminated due to
the limitation period or amnesty (yes/no)?
Have the criminal proceedings initiated against the person for
committing an intentional criminal offence been terminated by
releasing the person from criminal liability if the offence did
not cause harm that would merit criminal punishment or if a
settlement has been reached with the victim or the victim's
representative (yes/no)?
Have the criminal proceedings initiated against the person for
committing an intentional criminal offence been terminated
because the person has provided material assistance in uncovering
a serious or especially serious crime which is more serious or
dangerous than the criminal offence committed by the person
itself (yes/no)?
Have the criminal proceedings initiated against the person for
committing an intentional criminal offence been terminated by
conditionally releasing the person from criminal liability
(yes/no)?
| |
|
| Does the person has a
qualifying holding in commercial companies (yes/no)? |
|
|
|
|
|
| Name (firm name)
and address of the commercial company |
Amount of holding
in EUR |
Percentage in the
share capital |
| |
|
|
| |
|
|
(NB! Information on qualifying holding shall be provided only
by a licensed institution)
Suitability assessment of a candidate by the institution, the
branch of a third-country electronic money institution, or the
registered institution
The following documents are appended
to the notification:
the person's professional biography (CV - at least
for the last 10 years, including the positions held and functions
performed) and copies of education documents
a document issued by the competent national
authority certifying that the candidate to the position is not a
person subject to the conditions referred to in Section 21 of the
Law on Payment Services and Electronic Money
a copy of or extract from the meeting (session)
minutes of the competent administrative body, along with the
decision on nominating the person for the fulfilment of duties,
or a copy of the decision of the competent official on appointing
the person to the relevant position
|
|
|
|
|
|
|
(signature) |
|
(given
name, surname) |
|
(date) |
|
|
|
|
|
|
|
(signature) |
|
(given
name, surname) |
|
(date) |
The accuracy of the notification shall be confirmed with a
signature of the candidate and the authorised representative of
the stockholders (shareholders) or the head of the institution,
the branch of a third-party electronic money institution, or the
registered institution.
* To be completed by a member of the executive
board, a member of the supervisory board, a person who, upon
taking material decisions on behalf of the institution, causes
civil liabilities to the institution, or a person who is directly
responsible for the management of the operation of payment
services of the institution or the issuance of electronic money,
the head of the branch of a third-country electronic money
institution, a person responsible for the fulfilment of the
requirements for the prevention of money laundering and terrorism
and proliferation financing.
Governor of Latvijas Banka M. Kazāks
Annex 15
Latvijas
Banka's Regulation No. 270
29 January 2024
Acknowledgement of Having Become
Acquainted with the Procedures for Personal Data Processing
PURPOSE AND LEGAL BASIS OF PERSONAL
DATA PROCESSING
All personal data that must be submitted to Latvijas Banka are
necessary for Latvijas Banka to be able to fulfil the obligation
imposed on it by the legal acts and to evaluate the persons'
conformity to the provisions of the Law on Payment Services and
Electronic Money and the Law on the Prevention of Money
Laundering and Terrorism and Proliferation Financing within the
scope of its supervisory function.
TRANSFER OF PERSONAL DATA
All requested personal data are necessary to assess the
suitability of the persons nominated to assume responsibility for
the management or principal functions of the institution or
registered institution. If the data is not submitted, the
application shall be rejected on the grounds of incomplete
information.
RECIPIENTS OF PERSONAL DATA AND
DISCLOSURE OF PERSONAL DATA
Personal data provided within the process for the licensing of
the institution shall be disclosed to the employees and the
management of Latvijas Banka for the performance of their work
duties. Latvijas Banka has the right to disclose the submitted
personal data in the cases referred to in Section 52 of the Law
on Payment Services and Electronic Money and Section 7, Paragraph
one of the Law on Latvijas Banka, and also to law enforcement
authorities in accordance with their right to request such
information from Latvijas Banka provided for in the laws and
regulations governing their operation.
APPLICABLE RETENTION PERIOD
Latvijas Banka shall retain the submitted personal data for
five years after the relevant status of an official has been
lost.
APPLICABLE DATA PROTECTION
Latvijas Banka as the data controller within the meaning of
Article 4(7) of Regulation (EU) 2016/679 of the European
Parliament and of the Council of 27 April 2016 on the protection
of natural persons with regard to the processing of personal data
and on the free movement of such data, and repealing Directive
95/46/EC, is responsible for the processing of personal data in
accordance with the procedures laid down in this Regulation.
RIGHTS OF DATA SUBJECTS
A data subject whose personal data is processed by Latvijas
Banka has the right to contact Latvijas Banka to obtain
information about themselves and the processing of their
submitted data in accordance with the purpose of data processing,
to access the data, and to rectify any data pertaining to
them.
CONTACT DETAILS
In case of any questions and complaints, the data subject has
the right to contact Latvijas Banka (telephone: 67022300, e-mail:
datuaizsardziba@bank.lv). Furthermore, the data subject has the
right to seek assistance from the State Data Inspectorate
(contact details: www.dvi.gov.lv).
DECLARATION
I hereby confirm that I am informed of the processing of the
personal data pertaining to me as a natural person, including
sensitive personal data, which have been submitted to Latvijas
Banka to ensure the the process for the licensing, registration,
and monitoring of the institution. I am aware that my personal
data may be disclosed in the cases specified in this
declaration.
| Given name,
surname |
|
|
Signature |
|
| Place,
date |
|
(NB! This document shall be signed separately by each natural
person involved.)
Governor of Latvijas Banka M. Kazāks
Translation © 2025 Valsts valodas centrs (State
Language Centre)
