Bank of Lithuania presented a Dear CEO letter to FinTech companies
The Bank of Lithuania addressed a Dear CEO letter to the managers of electronic money and payment institutions operating in Lithuania, presenting its expectations on the improvement of governance and internal control as well as strengthening of compliance culture.
“We are constantly and decisively seeking to achieve the sector’s maturity. We require quality not only in the provision of services, but also in compliance with the legal requirements, and will do so in the future. The rate of a company’s business expansion should correspond to its readiness to comply with operational requirements. Company managers are personally responsible for ensuring this compliance. In conducting financial market supervision, we will devote more attention to the assessment of the work and personal responsibility of the management,” said Jekaterina Govina, Director of the Financial Market Supervision Service of the Bank of Lithuania.
The Dear CEO letter (125.3 KB download icon) is one of the supervisory instruments planned for this year with the aim of increasing the FinTech sector’s maturity and enhancing its compliance culture, which is one of the strategic directions of the Bank of Lithuania for 2021-2024. The foundation of the domestic FinTech sector is currently comprised of 81 electronic money institutions and 52 payment institutions operating in Lithuania. It is planned to conduct inspections in 70 of them this year.
In the letter to representatives of the FinTech sector, the Bank of Lithuania emphasised the requirements related to money laundering and terrorist financing risk management, equity capital, internal control, protection of customer funds, investigation of customer complaints, information and communication technology and security risk management, notification of the changes of managers and shareholders, reporting, data reliability, timely submission of reports and outsourcing.
Jekaterina Govina noted that often electronic money and payment institutions start to develop their internal control mechanisms only when they receive a letter from the Bank of Lithuania or when an inspection is conducted. Frequently, the internal control procedure, policy and processes are not adapted to a specific institution. Institutions do not always meet their staff-related obligations assumed during the licensing process. In the opinion of the Bank of Lithuania, the best practice to be applied by the institutions starting their activities is to employ at least four staff members: a manager permanently residing in Lithuania, a compliance officer, an information security expert and an anti-money laundering and counter-terrorist financing expert. Later, the number of employees should grow in line with the company’s business expansion, risk assumed and other aspects.
Special attention is paid by the Bank of Lithuania to money laundering and terrorist financing risk management: institutions must ensure the inclusion of this matter in their internal control systems as well as development of appropriate procedures and their adequate implementation. Moreover, institutions must separate the functions of their staff members to avoid conflicts of interest and encourage their employees to follow strict ethical standards.
The central bank has noted some cases when institutions were late in submitting their reports and tended to verify and correct them after the end of set deadlines due to the provision of inaccurate data. The Bank of Lithuania prompted FinTech institutions to pay adequate attention to this matter, as the timely submission of accurate data is essential for the Bank of Lithuania in conducting financial market supervision as well as in the assessment and management of risks posed by market participants. At the same time, it is one of the conditions for ensuring the protection of payment service users in the case an institution experiences financial or other difficulties.
In addition, it was observed that the market does not sufficiently learn from its mistakes in relation to compliance with equity capital requirements. A substantial change in the approach to this matter is expected from the companies. The management should not strive to ensure just the minimum compliance with this requirement. Instead, equity capital should be increased by the amount that is sufficient to cover potential losses incurred in future periods, i.e. with a certain reserve in mind.
The Bank of Lithuania regularly updates the sections of its website at lb.lt covering frequently asked questions dedicated to market participants, training and recommendations to institutions, has drawn up and published the Overview of Business-Wide Assessments of Money Laundering and Terrorist Financing Risks Performed by Financial Market Participants.