EEA payment and e-money institutions after Brexit: CP21/3

Share this post

For the EEA payment service providers now in the FCA’s reach because of Brexit, the past few months have been a sharp learning curve as to expectations. CP21/3 provides a steer through the proposed changes to the Payment Services and Electronic Money Approach Document.


But first, some background

The Temporary Permissions Regime (TPR) enables EEA institutions to continue to provide services to customers in the UK as long as they notified the FCA prior to Brexit. Institutions now have a maximum of three years to continue to carry out business.


By the end of this year, all TPR institutions must provide the FCA with a notification of intention as to their plans for their UK business. For most, this will be that they intended to become authorised in the UK, which will necessitate the setting up of a UK HQ or, if an EMI, possibly a branch.


Communication of timeframes from the FCA

Although the FCA has not issued guidance on their website to institutions, many of our clients in the TPR have started to receive emails with information on next steps. The FCA is allocating firms a period of time, known as a ‘landing slot’ to submit their application and will be getting in touch with firms shortly to request an application form by a specified date. The timing of this is interesting as institutions may not have made a decision about their intention and may not be fully prepared to submit an application, given that the notification period ends at the end of the year.


We know from guidance issued to firms with a Part 4A permission (banking, investments, insurance etc) that an opening and closing date will be given to firms to submit their application.


If a firm’s authorisation/registration is rejected or its temporary authorisation cancelled, it will fall into one of two categories depending on how it is passported into the UK:

  • Supervised run-off (SRO) – EEA firms with UK branches or top-up permissions in the UK, and firms who entered the TPR but then did not secure UK authorisation, or
  • Contractual run-off (CRO) – for remaining cross-border services firms

This is known as the financial services contracts regime, and allows institutions to conduct an orderly exit from the UK market.


So what is changing?

The changes affect most chapters of the Approach Document. The key changes are summarised below.


  • Safeguarding
    You must safeguard relevant funds in accordance with the UK regulations and the FCA’s expectations. You can find our blogs and webinars on this topic. The FCA may request confirmation of the measures taken by institutions to ensure customer funds are protected in the event of the insolvency and, you will have to engage a suitably qualified independent consultant to complete an annual safeguarding audit.
  • Notifications
    You must notify the FCA of changes to ownership, directors and senior managers, and outsourcing arrangements. This is an interesting change as firms were not required to provide this information with the original passport notification, so the FCA would not be aware of the status quo and therefore have no details to compare the changes to. Other notifications include regulatory actions or adverse judgements taken in your home state.
  • Reporting requirements
    You will have to submit data to the FCA via the Gabriel/RegData system. This includes fraud and operational risk data. Anecdotally some firms under the regime have not received correspondence from the FCA on accessing Gabriel/RegData.
  • Financial crime
    You must comply with UK financial crime requirements. Our blogs and webinars are a good place to start. EEA institutions with a UK branch will already have an obligation to follow this requirement however cross border services firms, who previously followed the obligations of their home state requirements will need to understand how the UK differs and adapt it’s procedures. This includes SAR reporting to the UK FIU, the National Crime Agency.
  • Customer complaints
    Similarly, EEA cross border services institutions will need to understand and adapt their procedures to follow UK requirements including understanding the role of the Financial Ombudsman Service.


Challenges for firms that provide cross border services

As you can see, if you have a UK branch you will already understand many of the UK regulations and how this applies to you. If you are however acting on a cross border service basis from your home state, the TPR represents a material change to your business. This is because you will be required to understand and adhere to the UK regulation and guidance which in various cases diverge from that of other EEA states.

In both cases, firms wishing to operate in the UK after the conclusion of the TPR will be required to establish a physical presence and apply to the FCA for UK authorisation/registration.


Before you apply for authorisation/registration

If you are contemplating FCA authorisation/registration, there are several other considerations that should be considered when planning your set-up. These include, but are not limited to:



As an institution under the TPR, it’s important to understand your obligations as an FCA regulated business and adapt your systems and controls and policies and procedures accordingly.


If you wish to continue operating in the UK after the TPR period has ended, you must have a physical UK presence and be authorised/registered by the FCA. If not done so already, you should decide on your plans for your UK business and clients and have a road map and implementation plan to either continue to operate or exit the UK.


We have numerous resources available on our website to help you understand the UK obligations, such as our upcoming webinar ‘Safeguarding for EEA firms under the Temporary Permissions Regime (TPR)’.

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?