Consultation paper on Regulation of payment services and electronic money in the AIFC
1 Introduction and scope of policy paper
1.1 The Astana Financial Services Authority (the AFSA), as the independent regulator of the Astana International Financial Centre (AIFC) is seeking to develop a regulatory framework for payment services and electronic money in the AIFC (the Framework or the PSEM Framework).
1.2 This policy paper outlines our proposal for the Framework, including its aims, operation, and interaction with the current regulatory environment in the AIFC. The AFSA has made key policy decisions following its consideration of the preliminary proposals contained in this policy paper, and these decisions are outlined in the summary of policy issues provided by the AFSA on 30 October 2020 contained in Schedule 1 and Schedule 2.
1.3 At a high level, the AFSA has specified that the Framework should be developed with the aims of:
- (a)establishing an integrated and efficient payments market within the AIFC;
- (b)facilitating the development and emergence of new, innovative, and secure e-money and payment services;
- (c)providing companies and individuals with access to the e-money and payment services market, whilst also ensuring customers' protection; and
- (d)encouraging effective competition within the market of the AIFC.[1]
1.4 Our proposal for the Framework has been developed in accordance with the governing law of the AIFC, and is based on English law. We have also considered international best practice in regulating payment services and e-money, including the approaches taken in Singapore and Australia.
1.5 Our proposal for the Framework is also compatible with the AFSA's regulatory objectives, as set out in section 7 of the AIFC Financial Services Framework Regulations (FSFR).
1.6 In summary, we propose to introduce the provision of payment services and the issuance of e-money as new Regulated Activities (which will be set out in Schedule 1 of the AIFC General Rules (GEN)). The Framework will be implemented through new AIFC Rules known as the "Payment Services and Electronic Money Rules" or "PSEM".
1.7 The Framework will:
- (a)complement Chapter 1 of Part 3 of the FSFR (Licensing of Authorised Firms) to provide for the licensing and registration of institutions who wish to carry on the new Regulated Activities;
- (b)provide for specific conduct of business rules that will apply to those institutions, regulating the rights and obligations of all parties involved in the relevant market; and
- (c)complement the provisions in Part 8 of the FSFR (Supervision of Authorised Persons) and Chapter 6 of GEN (Supervision), to outline rules in relation to the supervision of both Relevant Authorised Firms and certain other specified entities providing payment services or issuing e-money.
1.8 It follows that the AFSA will be responsible for the regulation of institutions providing payment services or issuing e-money that are licensed under FSFR and GEN or registered under the Framework, and enforcement of the conduct of business rules.
1.9 We propose that the Framework sets out any specific conditions for licensing or registration, as well as the rights and obligations of parties to which the Framework applies. It will not seek to prescribe the specific approach that the AFSA will take in relation to supervision and enforcement under the Framework.
[1] Page 4, AFSA, Terms of Reference for Development of E-Money and Payment Services Framework in the Astana International Financial Centre
2 Financial regulation in the AIFC
2.1 The current regulation of financial services in the AIFC is provided for in a number of regulations and rules. The General Rules (GEN) and the FSFR are the most relevant to the Framework, however the Conduct of Business Rules (COB), Authorised Market Institution Rules, the Banking Prudential Guideline, the Banking Business Rules, the Anti-Money Laundering (AML) and Counter-terrorist financing (CTF) Rules, the Law of the Republic of Kazakhstan “On Counteracting Legalisation (Laundering) of Illegally Gained Income and Financing of Terrorism” No. 191-IV dated 28 August 2009, and the Constitutional Law of the Republic of Kazakhstan “On the Astana International Financial Centre” No. 438-V dated 7 December 2015 (the Constitutional Statute) are also relevant. We anticipate that a number of amendments will be required to the existing AIFC regulations and rules as a consequence of adopting the Framework (see section 5.1)
2.2 The existing financial services regulatory framework in the AIFC is similar to the UK's. Both jurisdictions share the legal concept of regulated activities, and a general prohibition on carrying out regulated activities without authorisation (in the UK) or a licence (in AIFC). However, we note the AIFC's concept of Market Activities[1] as distinct from the UK regulatory regime.
2.3 The AFSA regulates financial and non-financial services activities, and is the AIFC equivalent of a National Competent Authority for the purposes of EU law, as the Financial Conduct Authority is in the UK (FCA). The AFSA issues licences for AIFC Participants (Participants)[2] wishing to carry on Regulated Activities[3], Market Activities, or Ancillary Services[4], and is responsible for enforcing the AIFC rules and regulations.
2.4 However, the AIFC does not currently have a regulatory framework for payment services or e-money. Both of these are important in creating and supporting a transparent, fair, and modern digital ecosystem in the financial services industry.
2.5 The proposals in this policy paper are intended to be incorporated into the AIFC's existing financial services regulatory framework, and are consistent with the key concepts of having regulated activities, conduct of business rules, and licensing or registration by a supervisory body.
2.6 Regulation of Islamic Finance in the AIFC is provided for primarily in the Islamic Finance Rules and the Islamic Banking Business Prudential Rules. The AIFC provides a framework for Islamic Banking Businesses and specifies Regulated Activities relating to Islamic Finance. The proposals in this policy paper do not reference Islamic Finance directly, mirroring the UK's generally "religion-neutral" regulatory approach. At a high level, we do not consider that the proposals in this policy paper conflict with the general principles of Islamic Law.
[1] As defined in Section 18, FSFR
[2] As defined in Article 1(5) of the Constitutional Statute
[3] As defined in Section 17, FSFR
[4] As defined in Section 19, FSFR
3 Payment services
3.1 Scope and key concepts
3.1.1 Broadly speaking, there are two types of payment schemes: those made through four party schemes, and those made through three party schemes.
(a)Four party schemes involve two parties providing payment services. For example, one bank providing services to a payer, with another bank providing services to the payee. These banks may be linked by a payment scheme or a specific relationship.
(b)Three party schemes (or closed schemes) involve one party providing payment services to both the payer and the payee. The transaction travels across the books of this one provider, such as is the case for PayPal or AmEx.
3.1.2 At a high level, these are the processes that will be regulated under the Framework (although the distinction between three and four party schemes will not directly affect parties' obligations under the Framework).
3.1.3 Payment systems enable the transfer of funds, as set out at 3.1.1. We propose to regulate payment services, meaning the services offered to individuals, businesses, and other organisations. This reflects the technology neutral approach to regulation set out at Error! Reference source not found., and allows payment systems to evolve without needing to amend the regulatory framework.
3.1.4 We propose that payment services be separately regulated to Market Activities and instead included as a new Regulated Activity. This is slightly different to the UK's regulatory approach, which provides a separate regime for the regulation of payment services. Certain Authorised Persons[1] will also be permitted to provide payment services under the Framework without holding a specific payment services licence or registration. This reflects the fact that certain Authorised Persons are already supervised by the AFSA to a sufficiently high standard to allow them to participate in the payment services market.
3.1.5 The Framework will regulate Participants (being legal entities registered under the Acting Law of the AIFC and recognised by the AIFC) that provide payment services and will designate which Participants are permitted to provide payment services. Participants providing payment services as a regular occupation or business activity in the AIFC[2] will be regulated as "payment service providers" in the Framework.
3.1.6 Authorised Market Institutions[3] and Participants who hold a licence to carry out the regulated activities of Islamic Banking Business, Accepting Deposits, Providing Credit, and Providing Money Services (Relevant Authorised Firms) will be permitted to carry on payment services under the Framework. Many of these Participants will already provide payment services to some degree. It should be noted that the AIFC Framework for Mobile and Digital Banking Services (MDB Framework) policy paper[4] proposes to develop a standalone regulatory framework for digital-only banks and a phased approach to full authorisation for these banks (including a limited licence where a digital bank only provides limited Regulated Activities). Assuming the MDB Framework policy paper will be finalised before the Framework is finalised, it must be ensured that the Framework's provisions as to Relevant Authorised Firms (which could include digital-only banks) are consistent with the MDB Framework.
3.1.7 In addition, the Framework will introduce the categories of licensed Payment Institutions (PIs), registered small Payment Institutions (SPIs), licensed Electronic Money Institutions (EMIs), and registered small Electronic Money Institutions (SEMIs), (EMIs and SEMIs are discussed in full at 4) who will also be permitted to provide payment services.
3.1.8 We propose that PIs fall within the existing licensing regime under GEN, but that the Framework include a new registration regime for SPIs to ensure that they are regulated. This allows non-bank Participants to participate in the payments market, but with less onerous obligations than would be imposed on a Participant who wished to accept deposits, for example. This reflects the principle set out at Error! Reference source not found., and has the dual function of opening up the payments market to new entrants, whilst also ensuring the integrity of existing Participants. This proposed regime is set out in full at 3.2.
3.1.9 As a result, entities providing payment services must only do so in accordance with the general prohibition in the FSFR (the General Prohibition). The Framework will introduce an exemption to the General Prohibition for certain Participants providing payment services such as Relevant Authorised Firms and registered payment service providers.
3.1.10 This regime is supplemented by conduct of business rules, which are set out in full at 3.4, and which regulate:
(a)the information to be provided to payment service users before and after executing a payment transaction; and
(b)the rights and obligations of both payment service providers and payment service users in respect of a payment transaction.
3.1.11 Payment services under the Framework will encompass activities such as:
- (a)services which enable money to be paid into and out of bank accounts;
- (b)execution of transactions, such as payments made via payment instruments or devices, direct debits, credit transfers, and debit payments;
- (c)execution of transactions as above, but where funds are covered by a line of credit, such as an overdraft facility;
- (d)issuing of payment instruments and/or acquiring of payment transactions;
- (e)money remittance;
- (f)account information services (AIS); and
- (g)payment initiation services (PIS).
3.1.12 A light touch registration regime will apply to payment service providers which solely provide the payment service of AIS, and these entities will be known as registered AIS providers (RAISPs). This mirrors the UK approach, which allows for entities to solely provide AIS without having to go through the onerous full licensing process that forms part of the Regulated Activity regime. Any payment service providers seeking to provide only PIS, or AIS in addition to other payment services, would still need to become fully licensed within the existing AIFC Regulated Activity regime unless they meet the requirements to register as an SPI or SEMI.
3.1.13 Transactions which are executed wholly in cash (this does not include ATMs) or based on paper documents such as cheques will not be within the scope of the Framework, and nor will transactions relating to securities settlement systems, clearing houses, etc., or transactions relating to securities asset servicing, such as dividends, share sales, unit redemptions, etc.
3.1.14 The Framework will also introduce the concepts of, and provide for:
- (a)payment accounts, meaning accounts held in payment service users' names used for executing payment transactions;
- (b)payment orders, meaning instructions by a payer or payee to its payment service provider requesting the execution of a payment transaction;
- (c)payment instruments, meaning personalised devices or sets of procedures (or both), agreed between the payment service user and payment service provider, and used to initiate payment orders (such as debit cards, credit cards, credit transfers and direct debits); and
- (d)payment service users, meaning persons making use of a payment service as a payer, payee, or both.
3.1.15 We acknowledge the potential overlap between the above concepts and the existing definitions set out in GEN and the AIFC Glossary (GLO), and confirm that this overlap will be addressed in the drafting of the Framework.
3.1.16 There are certain requirements in the payment services aspects of the Framework that will apply to Participants that are not payment service providers, specifically:
- (a)Participants that rely on exclusions relating to limited networks, electronic communications, or ATM operations must notify the AFSA that they are doing so;
- (b)Participants providing currency conversion services will need to provide certain information to the AFSA; and
- (c)Participants that impose charges or reductions when using a given payment instrument will need to provide certain information to the AFSA.
3.2 Licensing and registration regime
3.2.1 The Framework will require Participants that provide payment services to be one of the following:
- (a)a Relevant Authorised Firm (see 3.1.6);
- (b)a PI[5];
- (c)an SPI;[6]
- (d)a RAISP;
- (e)an EMI; or
- (f)a SEMI.
3.2.2 The SPI categorisation assists smaller Participants, who have an actual or projected average turnover in payment transactions below a prescribed threshold, to enter the payments market. In the UK, the average of the preceding 12 months' total amount of payment transactions executed by the Participant must not exceed €3 million (or an equivalent amount) per month. The AFSA has confirmed that the equivalent threshold in the AIFC will be $3,500,000 USD.
3.2.3 To apply to become a PI or an SPI, a Participant will be required to submit an application to the AFSA and pay a fee. In the UK, these fees range from £250 for re-registration, to £5,000 for a new licence as a PI. The AFSA has confirmed that the equivalent fees in the AIFC will be $1,000 USD for SPIs and $3,500 USD for PIs. The information that must be provided by an applicant Participant will vary depending on the type of registration / licence sought, but may include:
- (a)a description of its business or business plan and of its product/s;
- (b)policies and procedures in relation to internal governance arrangements, security, safeguarding, business continuity, customer on-boarding, anti-money laundering, incident reporting, customer grievance redressal measures, managing sensitive payment data and audit; and
- (c)details of the organisational structure, senior managers and responsible persons and persons that control the Participant.
3.2.4 As discussed at 1.9, the Framework will not prescribe the AFSA's approach to assessing and determining these applications. In the interests of assisting Participants to seek licensing / registration, the AFSA may choose to publish guidance or information on its decision-making process and timing in a similar manner to its existing "Guidebook on Authorisation of AIFC Participants and Recognition of Non-AIFC Members".
3.3 Ongoing requirements
3.3.1 As well as requiring market participants providing payment services to be licensed or registered, the Framework will impose ongoing requirements on payment service providers, relating to:
- (a)capital requirements, including:
- (i)initial capital, meaning payment service providers must hold a prescribed amount at the stage of applying for licensing or registration, which can be made up of capital instruments, share premium accounts, retained earnings, or other comprehensive income or reserves; and
- (ii)ongoing capital, meaning payment service providers must carry at all times an amount that is the greater of their initial capital or their own funds amount, (which is calculated based on a firm's fixed overheads, average monthly payment volume, or previous year's income);
- (b)safeguarding requirements, where PIs and SPIs must safeguard sums received from a payment service user for executing transactions or received from another payment service provider for executing their payer's transaction. Safeguarding can take the form of segregating funds or insurance / comparable guarantee. One way to comply with the segregation of funds method is to invest in liquid, low-risk assets approved by the appropriate regulator. The payment service provider can also choose to deposit the relevant funds in a separate account held with a licensed bank;
- (c)reporting and notification requirements, which will apply to payment service providers on an ongoing basis (such as annual financial returns), as well as event-driven notifications (such reporting major security incidents);
- (d)outsourcing and use of agents requirements, where PIs, SPIs and other payment service providers must comply with obligations relating to registration, liability, and governance; and
- (e)accounting and statutory audit obligations to the AFSA. These obligations will not apply to all payment service providers. Only PIs that carry out activities other than the provision of payment services must comply with these accounting and statutory audit obligations, reflecting the UK's regulatory approach. Under the UK framework, these obligations would not, for example, apply to SPIs, or to payment service providers that do not carry out activities other than the provision of payment services.
3.3.2 The reason for the Framework containing the ongoing requirements (rather than by amendment to GEN) is because they will apply to certain non-licensed entities such as SPIs and RAISPs.
3.3.3 These ongoing requirements are in addition to the requirements on Authorised firms in GEN which will apply to PIs. It will be necessary to consider which (if any) of the rules in GEN ought not to apply to PIs. Where the AFSA wishes for some of requirements in GEN to apply to registered payment service providers (such as SPIs and RAISPs), it will need to make specific provision for this in the Framework or GEN.
3.3.4 We note that the MDB Framework policy paper proposes a standalone set of rules applying to digital-only banks – the AIFC Digital Bank Rules (DBR). The MDB Framework policy paper also provides that Authorised Digital Banks would be limited to providing some or all of the Regulated Activities in Schedule 1 (Regulated Activities) of GEN, including Providing Money Services. It will be important to ensure that the DBR do not include provisions that conflict with the Framework. Presumably, a digital-only bank that provides payment services would be subject to the DBR, but they would also be subject to the ongoing requirements and conduct of business obligations of the Framework (summarised in this section 3.3 and the following section 3.4). It will also be necessary to ensure that the payment services activities listed in the definition of Providing Money Services either do not overlap or are consistent with those we propose to include in the Framework (including those set out in section 3.1.11).
3.3.5 The MDB Framework policy paper also sets out suggestions concerning security standards (e.g. strong customer authentication), client on-boarding, cybersecurity, business recovery, outsourcing, client terms, authorised status and consumer protection. However, the MDB Framework policy paper leaves it to the AFSA to consider whether to take a prescriptive approach in such areas, or to merely set out certain areas where Relevant Authorised Firms need to provide policies and procedures to address these to the satisfaction of the AFSA. If the MDB Framework were to contain prescriptive measures concerning these areas, it would be necessary to ensure that they do not conflict with any of the ongoing requirements and conduct of business obligations in the Framework, which would be imposed on firms carrying out payment services.
3.4 Conduct of business rules
3.4.1 The conduct of business rules set out in the Framework will apply to payment services where they are provided from an establishment maintained by a payment service provider (or its agent) in the AIFC, and to transactions where one of the parties' payment service provider is in the AIFC. In certain instances, the rules will apply to a lesser extent. A "corporate opt-out" will also be available, to allow payment service providers to agree with non-retail customers to derogate from certain conduct of business rules.[7] The reason for the Framework containing the conduct of business rules (rather than by amendment to COB) is because they will apply to certain non-licensed entities such as SPIs, SEMIs and RAISPs.
3.4.2 The conduct of business rules under the Framework will be in addition to the rules in COB which will apply to PIs and EMIs. It will be necessary to consider which (if any) of the rules in COB ought not to apply to PIs and EMIs. Where the AFSA wishes for some of the rules in COB to apply to registered payment service providers (such as SPIs, RAISPs and SEMIs), it will need to make specific provision for this in the Framework or COB.
3.4.3 In relation to information requirements, the Framework will distinguish between, and apply different rules to:
- (a)an ongoing payment agreement, meaning a contract governing the future execution of individual and successive payment transactions, such as parts of a bank's current account terms and conditions; and
- (b)a one-off payment service, meaning a contract governing a single payment transaction not covered by an ongoing payment agreement.
3.4.4 The conduct of business rules will apply high level requirements to both forms of contract, with more granular requirements relating to each. For ongoing payment agreements, information requirements are generally engaged in relation to the formation of the contract, whilst for one-off payment services, the requirements apply to the transaction itself. The information requirements are qualitative (e.g. information to be provided in an easily accessible manner) and quantitative (e.g. details of charges, interest, and exchange rates).
3.4.5 In relation to parties' rights and obligations:
- (a)on executing payment transactions:
- (i)timeframes should be set out for execution, value dating, crediting funds, and displaying these as available to the payee;
- (ii)payment service providers should distinguish between authorised and unauthorised transactions, with mechanisms for customers to give consent to execute payment transactions;
- (iii)payment service providers should only debit payments upon receipt of a valid payment order; and
- (iv)payers should not be able to revoke a payment order after it has been received by their payment service provider, with limited exceptions (for example, relating to direct debits and future-dated payments);
- (b)on liability:
- (i)this is generally apportioned on the basis of who initiated the payment transaction (such as where the payer initiates a transaction, their payment service provider is liable to them for correct execution);
- (ii)for unauthorised payment transactions, the customer must notify its payment service provider of any unauthorised transactions, whilst the payment service provider bears the burden of proof for demonstrating that transactions are properly executed; and
- (iii)customers' liability is capped for losses in connection with loss, theft, etc., but not fraud or breach of their obligations, and customers are liable for providing incorrect information leading to loss (such as providing an incorrect unique identifier);
- (c)on payment instruments, these should not be misused by customers, whilst payment service providers must ensure their security; and
- (d)on charging, payment service providers should generally not be able to charge customers, and any charges must be agreed between the parties.
3.4.6 However, regulatory frameworks do not exist in a vacuum. For example, payment service providers in the UK must comply with various pieces of legislation. In addition to the key statutes relating to payment services and e-money, provisions of other laws impose obligations relating to:
- (a)general standards and principles of governance imposed by regulators;[8]
- (b)accountability of senior staff;[9]
- (c)consumer protection legislation[10], and in particular:
- (i)dispute resolution mechanisms;
- (ii)unfair contract terms; and
- (iii)broader consumer rights;
- (d)"distance marketing",[11] i.e. online sales;
- (e)advertising and e-commerce;[12]
- (f)interchange fees;[13]
- (g)data protection and cyber security;[14] and
- (h)AML and CTF.[15]
3.4.7 In relation to the UK, this is principally due to a combination of the law's incremental development and reform, and the influence of European legislation.
3.4.8 The AFSA already regulates many of the functions set out at 3.4.6 above. For example, mechanisms to ensure the accountability of senior management are provided for in parts 4 and 5 of the FSFR, and the AML and CTF framework in the AIFC closely resembles that of the UK. Where the AFSA wishes for some of these functions to apply to registered payment service providers (such as SPIs, RAISPs and SEMIs), it will need to make specific provision for this in the Framework or by amending the relevant rules. Where there are regulatory gaps, how the AFSA chooses to regulate these areas will be a matter of policy. Specifically, the AIFC's regulatory framework is less mature in relation to consumer protection and data protection. As the scope of the Framework does not include provisions relating to consumer or data protection, the AFSA may wish to seek separate advice on its existing consumer and data protection regulatory regime (potentially to bring it more in line with the UK / EU approach), appreciating that these regimes are likely to apply much more broadly than the remit of this Framework.
[1] As defined at Section 15, FSFR
[2] As defined in Section 6, FSFR
[3] As defined at Section 14, FSFR
[4] Received from AFSA on 13 July 2020
[5] Participants must apply to become a PI if they do not qualify as an SPI (i.e. their actual or projected average turnover in payment transactions is above the prescribed threshold).
[6] If a Participant has an average turnover in payment transactions not exceeding the prescribed threshold, it does not have to apply to be licensed and it can choose instead to be registered as an SPI. Registration would be cheaper and simpler than applying for a full licence.
[7] Payment service providers may agree with business customers (that is, payment service users who are not consumers, small charities or micro-enterprises) to vary the information they provide from that specified in the Framework, and, in certain cases, agree different terms in relation to rights and obligations.
[8] FCA Handbook, Principles for Business (PRIN) and other applicable provisions
[9] FCA Senior Managers & Certification Regime
[10] Consumer Credit Act 1974, Consumer Rights Act 2015, and various statutory instruments
[11] Distance Marketing Regulations 2004
[12] Electronic Commerce (EC Directive) Regulations 2002
[13] Interchange Fee Regulation (EU) 2015/751
[14] General Data Protection Regulation (EU) 2016/679
[15] The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017
4 E-money
4.1 Scope and key concepts
4.1.1 E-money is a digital alternative to cash. It allows users to make cashless payments with money stored on a card or phone, or over the internet.
4.1.2 It is broadly defined as electronically-stored monetary value, represented by a claim on the issuer, issued on receipt of funds for the purposes of making payment transactions, and accepted as a means of payment by a person other than the issuer.
4.1.3 Payment instruments such as debit cards are not e-money because the monetary value is not stored in the device. These payment instruments only contain the data necessary to identify the holder and link the holder to a bank account. Debit cards also enable the holder to make purchases and/or withdraw cash and have those transactions directly and immediately charged to their bank account, whether held with the card issuer or not. At the other end of the scale, e-money also does not include value stored on instruments that can only be used on the issuer's premises, or a limited network of providers providing a limited range of goods and services.
4.1.4 We propose to regulate e-money within the AFSA's existing Regulated Activities regime, as provided for by section 1.1.1 of GEN. Issuing e-money will therefore become a regulated activity as set out at schedule 1 of GEN.
4.1.5 We also propose that EMIs fall within the existing licensing regime under GEN, but that the Framework include a new registration regime for SEMIs to ensure they are regulated. This allows non-bank Participants issuing e-money, but who do not wish to undertake the full range of banking operations, to be able to operate within the e-money market. Similar to the licensing and registration regime in relation to payment services, this will also allow EMIs and SEMIs to be subject to less stringent prudential requirements than banks, reflecting the limited systemic risk they pose as compared to banks. This reflects the principle set out at 3.1.3(b), and has the dual function of opening up the e-money market to new entrants, whilst also ensuring the integrity of existing Participants.
4.1.6 As a result, entities issuing e-money must only do so in accordance with the General Prohibition. The Framework will introduce an exemption to the General Prohibition for SEMIs. As with payment services, Relevant Authorised Firms will be permitted to issue e-money without needing to be specifically licensed as an EMI or registered as a SEMI. This reflects the fact that they are already adequately regulated under FSFR. However, they will require a license which permits them to carry out the Regulated Activity of issuing e-money. As set out in 3.1.6, it should be noted that the MDB Framework policy paper proposes to develop a standalone regulatory and authorisation framework for digital-only banks. It will be important to ensure that the Framework's provisions as to Relevant Authorised Firms (which could include digital-only banks) are consistent with the MDB Framework.
4.1.7 This licensing and registration regime is supplemented by conduct of business rules. These rules are partly laid down specifically in relation to e-money, but are also provided for under the payment services framework. These conduct of business rules regulate:
- (a)the issue and redemption of e-money, as set out at 4.3 (these are specific to issuers); and
- (b)the payment services aspects of issuers' business, as set out at 3.4. These are the same standards that apply in respect of payment services.
4.1.8 In regulating e-money, specific concerns arise in relation to the trade-off between restricting e-money issuance to authorised institutions, and therefore protecting users, and opening up the e-money market to competition by reducing the barriers to entry where appropriate (e.g. for lower risk entities). We consider that including EMIs in the existing licensing regime but introducing a new registration regime for SEMIs in the Framework strikes a balance between these two concerns. In particular, the registration regime will provide a more proportionate approach for SEMIs which are not subject to the same requirements where their operations fall below a given threshold. For example, in relation to capital requirements, only SEMIs whose business activities generate (or are projected to generate) average outstanding e-money above a certain threshold (€500,000 in the UK) must hold an amount of initial capital at least equal to 2% of their average outstanding e-money.
4.1.9 Supervisory efforts should also consider the pool of money that EMIs and SEMIs will hold pending redemption of e-money, and how the use (i.e. investment) of this pool should be regulated, as well as safeguards against counterfeiting, money laundering, and terrorist financing.
4.2 Licensing and registration regime
4.2.1 Similar to the licensing and registration regime in relation to payment services set out at 3.2, to issue e-money, the Framework will require Participants to be one of the following:
4.2.2 Similar to the concept of a SPI in payment services, a SEMI's business must be projected to generate an average outstanding e-money below a prescribed threshold. In the UK, the total business activities of the applicant immediately before the time of registration as a SEMI must not generate average outstanding e-money that exceeds €5 million. In addition, if the Participant intends to also undertake payment services that are not connected with issuing e-money, its monthly average turnover in relation to these payment services must be less than a prescribed threshold (in the UK, €3 million). The AFSA has confirmed that the equivalent threshold in AIFC will be $5,500,000 USD.
4.2.3 To become a licensed EMI or registered SEMI, a Participant will be required to submit an application to the AFSA and pay a fee. In the UK, these fees range from £250 for re-registration, to £5,000 for a new licence as an EMI. The AFSA has confirmed that the equivalent fees in the AIFC will be $1,000 USD for a SEMI and $3,500 USD for an EMI. As with payment services, the information that must be provided by an applicant Participant will vary depending on whether it is seeking registration or licensing, but may include the information at 3.2.3.
4.2.4 As discussed at 3.2.4, the AFSA may choose to publish guidance or information to assist Participants in making an application for licensing or registration to issue e-money.
4.3 Ongoing requirements
4.3.1 In addition to the registration regime for SEMIs, the Framework will impose requirements on e-money issuers in respect of:
- (a)capital requirements, where:
- (i)EMIs and SEMIs must carry a prescribed amount of initial capital when applying for licensing or registration (see 3.3.1(a)(i)); and
- (ii)EMIs must hold a prescribed amount of ongoing capital, being the greater of the initial capital amount, or 2% of their average outstanding electronic money issued. EMIs will also have to meet the capital requirements in relation to any unrelated payment services aspects of its business;
- (b)safeguarding requirements, where all e-money issuers will need to safeguard funds received in exchange for the e-money they have issued, either by way of segregating funds or an insurance-based solution (for further detail on segregating funds see 3.3.1(b)). Where there is an insolvency event for an EMI, the claims of holders of e-money must also be paid from the asset pool of the EMI in priority to all other creditors;
- (c)allowed activities, where EMIs may – in addition to issuing e-money – carry on activities relating to:
- (i)providing payment services;
- (ii)providing operational and closely related ancillary services, such as executing payment transactions, foreign exchange services;
- (iii)operating payment systems; and
- (iv)business activities other than issuing electronic money;
- (d)reporting and notification requirements, which broadly mirror those set out at 3.3.1(c);
- (e)outsourcing and use of agents requirements, which broadly mirror those set out at 3.3.1(d), however with a distinction between distributing and redeeming e-money, which may be outsourced, and issuing e-money, which may not; and
- (f)accounting and statutory audit requirements, which broadly mirror those set out at 3.3.1(e).
4.3.2 The reason for the Framework containing the ongoing requirements (rather than by amendment to GEN) is because they will apply to certain non-licensed entities such as SEMIs.
4.3.3 The ongoing requirements in the Framework would apply in addition to any requirements in GEN which apply to EMIs. It will be necessary to consider which (if any) of the rules in GEN ought not to apply to EMIs. Where the AFSA wishes for some of the rules in GEN to apply to SEMIs, it will need to make specific provision for this in the Framework or GEN.
4.3.4 As explained at 3.3.2 above in relation to payment services, we note that the MDB Framework policy paper proposes that the standalone DBR apply to digital-only banks. It will be important to ensure that the DBR do not include provisions that conflict with the Framework in the context of e-money. Presumably, a digital-only bank that issues e-money would be subject to the DBR, but they would also be subject to these ongoing requirements and conduct of business obligations in the Framework (set out in this section 4.3 and below at 4.4).
4.3.5 The MDB Framework policy paper also sets out suggestions concerning security standards (e.g. strong customer authentication), client on-boarding, cybersecurity, business recovery, outsourcing, client terms, authorised status and consumer protection. As set out in relation to payment services at 3.3.5, if the MDB Framework were to contain prescriptive measures concerning these areas, it would be necessary to ensure that they do not conflict with any ongoing requirements or conduct of business obligations imposed on e-money issuers.
4.4 Conduct of business rules
4.4.1 The conduct of business rules set out at 3.4 above will apply to e-money issuers in relation to the payment services aspects of their business in the AIFC. In addition, the Framework will set out rules that apply to issuing and redeeming e-money (the e-money rules). The reason for the Framework containing the conduct of business rules (rather than by amendment to COB) is because they will apply to certain non-licensed entities such as SEMIs.
4.4.2 The conduct of business rules under the Framework will be in addition to the rules in COB which will apply to EMIs. It will be necessary to consider which (if any) of the rules in COB ought not to apply to EMIs. Where the AFSA wishes for some of the rules in COB to apply to SEMIs, it will need to make specific provision for this in the Framework or COB.
4.4.3 The e-money rules will apply to issuing and redeeming e-money, where this is carried out by a Participant in the AIFC.
4.4.4 On issuing e-money, issuers must do so at par value (i.e. for the same amount as the funds received) when they receive the funds. They must also do so without delay.
4.4.5 On redeeming e-money:
- (a)holders of e-money must have the right to redeem the monetary value at any time, and at par value;
- (b)the issuer must ensure the contract clearly states the conditions for redemption, including any fees;
- (c)any fees charged for redemption must be proportionate to the costs actually incurred by the issuer (for example, the costs of recording and safeguarding e-money would qualify);
- (d)the issuer cannot award interest in respect of holding e-money, or award any other benefits that are linked to the length of time that the e-money is held; and
- (e)the issuer must allow redemption for up to six years after the contract with the holder of the e-money ends.
4.4.6 In addition to complying with the Framework, the AFSA should consider the extent to which it will require issuers of e-money to comply with other aspects of regulation, such as those outlined in section 3.4.6 in relation to payment service providers. This will primarily be a matter of policy.
[1] If a Participant has average outstanding e-money that does not exceed the prescribed threshold, it does not have to apply to be licensed and it can choose instead to be registered as a SEMI. Registration would be cheaper and simpler than licensing.
[2] Participants must apply to become a licensed EMI if they do not qualify as a SEMI (i.e. their average outstanding e-money exceeds the prescribed threshold).
5 Implementation of the proposed framework
5 Implementation of the proposed framework
5.1 Amendments / effect on existing AIFC legislation
5.1.1 We anticipate that a number of amendments to existing AIFC legislation will be necessary in order to adopt the Framework. The precise scope of these amendments will become clear once the Framework has been drafted. At a high level, the following amendments are likely to be required:
- (a)amending the list of Regulated Activities in Schedule 1 of GEN to include "Providing Payment Services" and "Issuing Electronic Money";
- (b)amending the definition of "Providing Money Services" contained in Schedule 1 of GEN to ensure no inconsistencies with the newly Regulated Activities outlined in 6.1.1(a);
- (c)adding the definitions introduced by the Framework to GLO;
- (d)adding to the AIFC Fees Rules to reflect any fees that the AFSA may wish to impose upon Participants applying for a licence as a PI or EMI, or a registration as a SPI, SEMI or RAISP;
- (e)amending the AIFC Insolvency Rules to reflect the safeguarding requirements set out at 5.3.1(b);
- (f)amending the COB; and
- (g)amending the provisions relating to outsourcing at GEN 5.2 to reflect the outsourcing requirements at 4.3.1(d) and 5.3.1(e), subject to the precise wording of the Framework.
5.2 Consideration of Kazakh law
5.2.1 We understand that the Framework will be characterised as an AIFC Act[1] and will form part of the Acting Law[2] of the AIFC alongside the Acting Law of the Republic of Kazakhstan, which will apply to Participants to the extent the Constitutional Statute and the AIFC Acts do not apply to certain legal subject matter. The Framework will therefore need to be drafted bearing in mind this potential interaction with existing Kazakh law. For example, certain Kazakh regulations allow for money held in a bank account:
- (a)to be withdrawn without the client’s consent – for example, in accordance with a collection order issued by the state revenue authorities, or as expressly provided for by Kazakhstan legislative acts; or
- (b)to be arrested based on either a court decision or a resolution of an enforcement officer sanctioned by the prosecutor general.
5.2.2 We appreciate that the AFSA is likely to have previously considered the extent to which provisions of Kazakh law such as those described above should apply to entities operating within the AIFC. Understanding the AFSA's approach in this regard will assist when it comes to drafting the Framework.
[1] As defined in Article 1(4) of the Constitutional Statute
[2] Within the meaning of Article 4(1) of the Constitutional Statute
6 Glossary
Term | Meaning |
ACL | Australian Consumer Law |
AFSA | Astana Financial Services Authority |
ADI | Authorised deposit-taking institution |
AIFC | Astana International Financial Centre |
AIS | Account information services |
AISP | Account Information Service Provider |
AML | Anti-money laundering |
APRA | Australian Prudential Regulation Authority |
ASIC | Australian Securities and Investments Commission |
CA | The Corporations Act 2001 |
COB | Conduct of Business Rules |
Constitutional Statute | Constitutional Law of the Republic of Kazakhstan “On the Astana International Financial Centre” No. 438-V dated 7 December 2015 as amended |
CTF | Counter-terrorist financing |
DBR | AIFC Digital Bank Rules |
DPT | Digital payment tokens |
EMD2 | The second Electronic Money Directive (2009/110/EC) |
EMI | Licensed Electronic Money Institution |
E-money rules | Framework rules that will apply to issuing and redeeming e-money |
EMRs | Electronic Money Regulations 2011 |
FCA | Financial Conduct Authority |
Framework | Regulatory framework for payment services and electronic money in the AIFC |
FSFR | AIFC Financial Services Framework Regulations |
GDPR | General Data Protection Regulation (EU) 2016/679 |
GEN | General Rules |
GLO | Glossary |
MAS | Money Authority of Singapore |
MDB Framework | AIFC Framework for Mobile and Digital Banking Services |
Participant | An AIFC Participant, as defined in Article 1(5) of the Constitutional Statute. |
PDPA | Personal Data Protection Act 2012 |
PI | Licensed Payment Institution |
PIS | Payment initiation services |
Privacy Act | Privacy Act 1988 |
PSA | Payment Services Act 2019 |
PSD2 | The second Payment Services Directive ((EU) 2015/2366) |
PSRA | Payment Systems (Regulation) Act 1998 |
PSRs | Payment Services Regulations 2017 |
RAISP | Registered Account Information Service Provider |
RBA | Reserve Bank of Australia |
Relevant Authorised Firms | Participants who are authorised to carry out the regulated activities of Islamic Banking Business, Accepting Deposits, Providing Credit, and Providing Money Services |
SEMI | Registered Small Electronic Money Institution |
SPI | Registered Small Payment Institution |
The Code | ePayments Code |
Schedule 1 – Policy issues (major)
Policy issue identified by AFSA for consideration | AFSA's policy decision | |
1 | Would it be acceptable to regulate payment services separately from the AIFC's existing "Regulated Activity" regime? (section 4.1.4 of the policy paper) | ·Payment services will be included in the list of Regulated Activities in Schedule 1 of GEN. ·Separate AIFC Rules will be prepared which provide the details of the Framework. ·Activities that are included in existing the Regulated Activity of “Providing Money Services” will be defined and regulated under the separate AIFC Rules for the PSEM Framework. |
2 | What should be the turnover threshold for a Participant to be able to apply for registration as a SPI? (section 4.2.2 of policy paper) | ·The threshold will be 3,500,000 USD per month, meaning that if a Participant has an actual or projected average turnover in payment transactions below the threshold of 3,500,000 USD per month, it can apply to be registered as an SPI. |
3 | What should be the projected average outstanding e-money threshold for a Participant to be able to apply for registration as a SEMI? (section 5.2.2 of policy paper) | ·The threshold will be 5,500,000 USD, meaning that if a Participant's business activities (immediately before the time of its registration application) generate average outstanding e-money below the threshold of 5,500,000 USD, it can apply to be registered as an SEMI. |
Schedule 2 - Policy issues (non-major)
Schedule 1- Policy issues (non-major)
# | Policy issue identified by AFSA for consideration | AFSA's policy decision |
1 | What should be the application fees to become an authorised PI or a registered SPI? (section 4.2.3 of policy paper) | ·The application fees to become a registered SPI will be 1,000 USD and to become an authorised PI will be 3,500 USD. ·If an SPI no longer meets the requirements to qualify as a SPI, but intends to continue providing payment services, it will be required to apply for authorisation as a PI. There will not be any other more streamlined / shortened process for transitioning from a registered SPI to an authorised PI. |
2 | What should be the application fees to become an authorised EMI or registered SEMI? (section 5.2.3 of policy paper) | ·The application fees to become a registered SEMI will be 1,000 USD and to become an authorised EMI will be 3,500 USD. ·If an SEMI no longer meets the requirements to qualify as a SEMI, but intends to continue providing payment services, it will be required to apply for authorisation as an EMI. There will not be any other more streamlined / shortened process for transitioning from a registered SEMI to an authorised EMI. |
3 | What should be the prescribed amount of ongoing capital that electronic money issuers must hold? (section 5.3.1(a)(ii) of policy paper) | ·EMIs will be required to hold a prescribed amount of ongoing capital, being the greater of the initial capital amount, or 2% of their average outstanding e-money issued. The initial capital amount for EMIs will be expressed in USD, and be approximately equivalent to €350,000. ·SEMIs will be subject to an initial capital requirement of 2% average outstanding e-money issued, where their business activities generate (or are projected to generate) average outstanding e-money over a prescribed threshold. The prescribed threshold will be expressed in USD, and be approximately equivalent to €500,000.SEMIs that are subject to this initial capital requirement will also be required to continue to meet this requirement on an ongoing basis (unless their level of business falls below the prescribed threshold). |