Dear CEO Letter: advice to FinTech institutions on risk management and licensed activities
The Bank of Lithuania publishes its second Dear CEO Letter to heads of electronic money and payment institutions. It provides observations and recommendations related to the provision of licensing services, risk management, safeguarding client funds and other relevant issues.
“A Dear CEO Letter (114.6 KB download icon) is one of the forms of dialogue with the FinTech sector that has already proven to be effective. We assess the market situation and summarise it to share insights and advice in good faith with FinTech institutions, highlighting the most common mistakes or problems. This allows these institutions to check their internal mechanisms and take preventive action to avoid potential problems,” says Simonas Krėpšta, Member of the Board of the Bank of Lithuania.
The Dear CEO Letter (114.6 KB download icon) presents an overview of issues related to the implementation of business plans, provision of licensing services, change of business model, safeguarding of customer funds, internal audit and internal control, risk management (including money laundering and terrorist financing, information and communication technologies, and security) and reporting.
The Bank of Lithuania draws particular attention to cases where a financial market participant decides to change its business model. In such case, they should contact the Bank of Lithuania to inform of the planned changes in advance. It is of particular importance that operational risk management as well as know-your-customer and business relations monitoring tools, procedures and resources are strengthened in parallel to the increasing risks.
As financial services increasingly go online, the associated threats increase as well. For example, in 2021, there was an increase in the number of reports of possible frauds by customers of institutions (investment fraud, fake online stores, identity theft). It is therefore very important that the FinTech institution manages the risks properly and does not become a tool for scams to transfer funds.
Inspections often reveal weaknesses in the internal control system of institutions, such as inadequate separation of functions or conflicts of interest. These are serious deficiencies in the management of money laundering and terrorist financing risks, therefore institutions need to put appropriate internal policies and control procedures in place to prevent them. Institutions should also review their established procedures for implementing international financial sanctions and the technological solutions applied to make sure that they are operating properly and efficiently.
Cases of institutions failing to adequately safeguard customer funds are still observed. The Bank of Lithuania points out that institutions not only have to document the process of safeguarding these funds, as well as the accounting and internal control procedures, but also have to ensure that these procedures are constantly followed.
The Bank of Lithuania regularly updates the sections of its website dedicated to financial market participants covering frequently asked questions, training, recommendations to institutions, and publishes positions, recommendations and analyses on individual topics.
The Dear CEO Letter (114.6 KB download icon) is one of the supervisory instruments to increase the FinTech sector’s maturity and enhance its compliance culture, which is one of the strategic directions of the Bank of Lithuania for 2022-2025. The domestic FinTech sector is currently comprised of 88 electronic money institutions and 54 payment institutions operating in Lithuania.
The first Dear CEO Letter was published by the Bank of Lithuania in May 2021.