CySEC clarifies rules for using PSPs to move customer funds

The Cyprus Securities and Exchange Commission (CySec) has issued a circular signed by Demetra Kalogirou, Chairman of the Cypriot regulatory authority, which is publicly available, clarifying the legislation surrounding maintaining merchant accounts with payment service providers for the clearing/settlement of payment transactions.

CySec has re-iterated that, in addition to ensuring that each Cyprus Investment Firm (CIF) is obligated to take every possible measure to protect its clients’ interests in the circumstance that it holds clients’ funds, a CIF must introduce adequate organizational arrangements to minimize the risk of the loss or diminution of clients’ assets, as a result of misuse, fraud, poor administration, inadequate record keeping or negligence.

Concerning firms which maintain a merchant account for the clearing/settlement of payment transactions, CySec asserts that it is apparent that CIFs maintain merchant accounts with payment service providers for the clearing/settlement of their clients’ payment transactions.

CIFs’ merchant accounts must not, under any circumstances, be used by their connected persons, or third persons, and/or the clients of those persons, for the clearing/settlement of their payment transactions as this does not comply with the aforementioned provisions of the legislation. Merchant accounts must be used only and exclusively by CIFs.

Where a merchant account of a CIF is used by persons other than its clients, or by the CIF itself for any other reason other than the clearing/settlement of clients’ payment transactions, the CIF’s clients funds do not seem to be protected nor the danger of loss or reduction of their funds is minimized as these are not separated from the other persons’ funds.

Furthermore, such practice does not, according to CySec, comply with the provisions of sections 60 and 61 of the Prevention and Suppression of Money Laundering Activities Law [L188 (I)/2007] and Commission Directive DI144-2007-08 of 2012, as the CIF does not apply the relevant identification procedures and adequate due diligence measures on all persons who use its merchant account.

Additionally, CySec states that with regard to paragraph 8(1) of the Commission Directive DI144-2007-02 of 2012, the practice is non-compliant as the CIF does not conclude an agreement for the provision of services with all the persons who use its merchant account.

Each CIF must ensure that clients’ funds are transferred to clients’ bank accounts held by the CIF on their behalf, immediately after the clearing/settlement of the payment transactions.

On the subject of the selection of payment service providers by companies in Cyprus, CySec confirms that each CIF must exercise all due skill, care and diligence in the selection, appointment and periodic review of the payment service providers with whom merchant accounts are maintained.

CIFs may be considered that they have taken every possible measures and introduced adequate organisational arrangements to protect their clients’ funds, only if they maintain a merchant account with payment service providers which are licensed/regulated by a competent authority of a Member State or of a third country, which it is considered that it imposes equivalent arrangements to those of the European Union and in particular, to those of the European Directives 2005/06/EC1 and 2007/64/EC2.

For the purposes of transparency and full information of investors, CIFs are requested to post on their websites a list with the names of the payment service providers they cooperate, as well as
the competent authority/country that supervise them.

Capital adequacy

When calculating the capital adequacy/own funds, including the capital adequacy ratio and large exposures, CIFs are obliged to apply fully the provisions of the Commission’s Directive regarding the capital adequacy and of the European Regulation 575/2013, in relation to the balances they have with the payments providers (e.g provisions for credit risk, large exposures).

It is noted that the payments providers do not fall under the definition of ‘institutions’, as it is defined in article 4(3) of the European Regulation 575/2013. Directive 2005/60/EC of the European Parliament and of the Council of 26 October 2005 on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing.

Directive 2007/64/EC of the European Parliament and of the Council of 13 November 2007 on payment services in the internal marketThe Commission considers the protection of clients’ funds to be of great importance and therefore requires from all CIFs to be in full compliance with the aforementioned provisions. In case CIFs are not acting as above, they are required to take corrective measures as soon as possible and no more than three months from the date of the circular from Cysec.

For the full announcement from CySec, click here.

Read Also: