Crypto-Asset Service Provider (CASP)- E-Money Token/ Stablecoin
Broker-Dealer- Money Service Business
Standard Payment Institution (SPI)- Major Payment Institution (MPI)
- Capital Markets Services (CMS)
Small Payment Institution (SPI)- Authorised Payment Institution (API)
- Small Electronic Money Institution (SEMI)
- Electronic Money Institution (EMI)
- Crypto Asset Firm
- Consumer Credit
- Investment Firm (Retail)
- Investment Firm (Wholesale)
Authorised Payment Institution (API)
Authorised Payment Institutions (APIs) are licensed financial entities empowered to deliver a broad array of payment services, including international transfers, account management, and payment instrument issuance. Regulated by the Financial Conduct Authority (FCA) in the UK, APIs are held to high standards, ensuring compliance with the UK’s regulations to protect consumer funds and support secure, transparent transactions.
Overview
Services Provided
Money remittance
Account management
Payment Initiation Service (PIS)
Account Information Services (AIS)
Payment transfers
Issuing instruments
Capital Requirements
APIs must hold a minimum capital amount ranging from €20,000 to €125,000, depending on the scope of services provided and transaction volumes. This capital serves as a buffer to ensure operational resilience and cover liabilities.
Transaction Limitations
APIs do not have specific transaction caps, and therefore can process an unlimited number of transactions as long as they maintain the necessary capital to support the volume of payment services offered. Additionally, APIs must ensure they meet all financial and reporting obligations set by the FCA.
Safeguarding Requirements
APIs are required to safeguard customer funds in line with FCA regulations. This involves holding customer funds in a segregated account, separate from the institution’s operational funds, or using an insurance policy as a safeguard. The funds must be protected against the risk of insolvency and operational risks.
Jurisdictional Limitations
Since Brexit, APIs based in the UK cannot passport their services across the European Economic Area (EEA). Instead, UK firms must apply for separate licences to operate in each jurisdiction. Under the Temporary Permissions Regime (TPR), certain firms may continue operating in the UK while seeking full authorisation.
Legal & Regulatory Framework
Financial Services and Markets Act 2000;
The Payment Services Regulations 2017;
The Payment Accounts Regulations 2015;
The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 including amendments;
The Payments in Euro (Credit Transfers and Direct Debits) Regulations 2012;
The Data Protection Act 2018.
Key Restrictions
Must meet capital and safeguarding requirements and maintain robust AML policies.
Regulatory authorisation process
The Financial Conduct Authority (FCA) usually assesses a complete application within 6 months.
The Financial Conduct Authority (FCA) requires an application fee of £5,440.
Exemptions & exclusions
Exempt bodies
Credit unions
Municipal banks
Excluded activities
Payment transactions through commercial agents acting on behalf of either the payer or the payee;
Cash-to-cash currency exchange activities (for example, bureaux de change);
Payment transactions linked to securities asset servicing (for example, dividend payments, share sales or unit redemptions);
Services provided by technical service providers (which does not include account information services or payment initiation services);
Payment services based on instruments used within a limited network of service providers or for a very limited range of goods or services (‘limited network exclusion’);
Payment transactions for certain goods or services up to certain value limits, resulting from services provided by a provider of electronic communication networks or services (‘electronic communications exclusion’).
Regulatory Updates
Deep dive into Authorised Payment Institution (API)
Introduction
Unlock the potential of operating as an Authorised Payment Institution (API) in the UK, overseen by the Financial Conduct Authority (FCA). APIs provide a wider range of services, such as international transfers and account management, under strong regulatory oversight. This licence is ideal for businesses aiming to expand their operations and offer comprehensive payment solutions across borders, ensuring compliance with the UK's Payment Services Regulations.
Definition
An Authorised Payment Institution (API) is a robust entity, allowed to provide a broader range of payment services than Small Payment Institution (SPI). APIs must meet stricter regulatory requirements and are suitable for larger or more complex businesses.
Additional Information (Services)
Money Remittance: Providing international and domestic money transfer services.
Payment Account Management: Full management of accounts, allowing customers to maintain balances and conduct transactions.
Payment Transfers: Processing a wide range of payment transactions such as direct debits, credit transfers, standing orders.
Payment Initiation Services (PIS): Authorised initiation of payment transactions on behalf of customers, typically used in open banking.
Account Information Services (AIS): Aggregating and providing a consolidated view of customer accounts across different banks.
Issuing Payment Instruments: Creating and managing prepaid cards, debit cards, or other electronic payment methods.
Additional Information (Legal & Regulatory Framework)
Financial Services and Markets Act 2000 (FSMA): APIs are regulated under FSMA, which provides the overarching framework for financial services providers in the UK. It covers licensing, governance, and consumer protection, ensuring that APIs comply with regulatory standards and maintain financial integrity.
The Payment Services Regulations 2017 (PSRs): APIs must comply with PSRs, which establish the legal requirements for offering payment services in the UK. This includes safeguarding customer funds, operational guidelines, and transparency requirements.
The Payment Accounts Regulations 2015 (PARs): These regulations govern the provision of payment accounts, ensuring that APIs offer consumers easy access to basic banking services, such as opening payment accounts and facilitating direct debits and credit transfers.
The Money Laundering, Terrorist Financing and Transfer of FundsRegulations 2017: APIs must adhere to these regulations, which outline anti-money laundering (AML) and counter-terrorism financing (CTF) requirements. APIs are obligated to implement robust systems for customer due diligence, transaction monitoring, and reporting of suspicious activities.
The Payments in Euro (Credit Transfers and Direct Debits) Regulations 2012: These regulations apply to APIs that facilitate payments in euros, ensuring compliance with EU standards for credit transfers and direct debits.
The Data Protection Act 2018: APIs must comply with the Data Protection Act 2018, which governs the collection, storage, and use of personal data. APIs are required to implement strong data protection policies to safeguard customer information in compliance with GDPR standards.
Links
Financial Services and Markets Act 2000 - https://www.legislation.gov.uk/ukpga/2000/8/contents
The Payment Services Regulations 2017 - https://www.legislation.gov.uk/uksi/2017/752/contents
The Payment Accounts Regulations 2015 - https://www.legislation.gov.uk/uksi/2015/2038/contents
The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 - https://www.legislation.gov.uk/uksi/2017/692/contents/made
The Payments in Euro (Credit Transfers and Direct Debits) Regulations 2012 - https://www.legislation.gov.uk/uksi/2012/3122/contents
The Data Protection Act 2018 - https://www.legislation.gov.uk/ukpga/2018/12/contents
Additional Information (Key Restrictions)
Capital and Safeguarding Requirements: APIs must meet strict capital and safeguarding requirements based on the services they provide. Failure to comply can result in penalties or the loss of authorisation.
Regulatory Oversight: APIs are subject to regular audits and inspections by the FCA to ensure they are meeting their financial crime prevention obligations, including AML and CTF regulations.
Service Restrictions: APIs must adhere to the services they are authorised to provide and cannot expand into other financial services without further approval.
Financial Ombudsman Service: APIs are required to implement formal customer complaints handling procedures. Customers can escalate matters to the Financial Ombudsman Service (FOS). The FOS provides an independent and fair resolution service for disputes between consumers and financial firms. APIs must inform customers of their right to contact the FOS and provide this information to their users.
Exemptions & exclusions
Exempt bodies
Credit unions
Municipal banks
Excluded activities
Payment transactions through commercial agents acting on behalf of either the payer or the payee;
Cash-to-cash currency exchange activities (for example, bureaux de change);
Payment transactions linked to securities asset servicing (for example, dividend payments, share sales or unit redemptions);
Services provided by technical service providers (which does not include account information services or payment initiation services);
Payment services based on instruments used within a limited network of service providers or for a very limited range of goods or services (‘limited network exclusion’);
Payment transactions for certain goods or services up to certain value limits, resulting from services provided by a provider of electronic communication networks or services (‘electronic communications exclusion’).