A proposed directive for payment companies regarding the safeguarding of customers’ funds was published for public comments
8 February 2024
Dear Clients and Friends,
We would like to bring to your attention that on 31 January, 2024, the Israeli Securities Authority (the “Authority“) published for public comments a proposed directive that regulates the required safeguarding model for the protection of funds of payments companies’ customers, pursuant to its authority under the Regulation of Payment Services and Payment Initiation Law, 2023 (the “Law“).
One of the cornerstones established in the Law pertains to the manner of safeguarding and protecting funds received from or on behalf of customers of a payment company, for the purpose of providing payment services (payment account management, issuance of payment instruments, or acquiring of a payment transaction).
Section 24 of the Law establishes the principle of segregating customers’ funds from company’s funds and sets out a normative framework that will apply to payment companies to ensure proper management and safeguarding of customers’ funds, while separating these funds from the funds of the payment company. As part of section 24 of the Law, the Authority had been authorized to determine provisions in various aspects, practical by nature, aimed at guaranteeing the fulfillment of the regulatory principles regarding the safeguarding of customers’ funds.
The proposed directive, in accordance with this authority, regulates, among other things, the following topics:
1.Deposit and Safeguarding of Customers’ Funds:
The proposed directive defines “customers’ funds” and regulates the procedures for depositing customers’ funds with a Custodian, as defined in the proposed directive, and for segregating the company’s funds and assets from customers’ funds.
2. Management and Reconciliation of Funds:
The proposed directive regulates the management of customers’ funds accounts, the required reconciliation process and its documentation, actions required in case of discrepancies, and reconciliation necessary when customer’s funds are held in a custodian’s account in a currency different from the currency of the customer’s payment account.
3. External Auditor Review Report:
According to the proposed directive, payment companies are required to obtain an annual audit report regarding the company’s compliance with legal requirements and directives related to safeguarding customers’ funds. The audit report should include, among other things, an examination of the reconciliation process for at least three business days during that year, chosen by the auditor at its discretion and without prior notice to the company.
4. Investment of Funds in a Designated Investment Account:
- Assets of high-liquidity and low-risk – According to the proposed directive, a payment company will be allowed to invest its customers’ funds in the following assets: local fixed-term deposits; units of a local money market fund; Israel government or Bank of Israel issued securities; and securities issued by a state or central bank of a country that at least two of the following international rating agencies have rated it at a rating not lower than: Fitch (A+); Moody’s (A1); S&P (A+).
It is also permitted to invest in assets with low risk level and high liquidity that are not listed above, subject to obtaining an authorization from the Authority as detailed in the proposed directive.
- Management of customer cash asset portfolio – The proposed directive regulates the aspects that a payment company must implement when determining the composition of the asset portfolio. In particular, the payment company must explicitly address the limitations on the amount and proportion of each type of customers’ funds to be maintained in each type of asset; the proportion of assets that can be liquified immediately; and the proportion of assets held by the payment company in each type of currency.
5. Measures and Controls:
- Implementation of procedures – According to the proposed directive, a payment company is required to implement procedures to ensure its compliance with the obligations set forth in section 24 of the Law, in order to prevent the possibility of damage to the customer due to fraud, failure, or negligence.
- Customers’ cash management policy – According to the proposed directive, when formulating and approving a customers’ cash management policy, the payment company must address various exposure and risk aspects, asset portfolio composition, etc., in a manner that enables it to ensure the value and availability of customers’ funds required for its customers’ payment transactions, while considering data regarding the amounts of money customers typically deposit and the dates and times when activities that may require higher liquidity are expected. Additionally, there is a limitation of up to 60 days on the total average lifespan of customers’ funds held in a designated account and customers’ funds invested in a designated investment account.
- Appointment of supervisor – According to the proposed directive, a payment company is required to appoint a senior position holder responsible for ensuring the company’s compliance with the obligations imposed on it by section 24 of the Law.
6. Custodian Arrangements:
Payment service companies are required, according to the proposed directive, to conduct due diligence and risk assessment concerning custodian arrangements before and during engagement with it, while considering factors such as financial stability, risk diversification, credit rating, and available information from its business operations.
7. Deposit and Safeguarding with a holder of a license to provide payment services of systemic significance:
According to the proposed directive, it is allowed to safeguard customers’ funds with a holder of a license to provide payment services of systemic significance (a “Stable Payment Services Provider”) if certain conditions are met, such as the separation of the payment service company’s assets from its customers’ funds as well as complying with a limitation that only up to 25% of the total amount of the payment company’s customers’ funds shall be retained by a Stable Payment Services Provider.
8. Insurance or Guarantee Alternative:
According to the proposed directive, a payment company shall be entitled to apply for an authorization from the Authority to hold customers’ funds in the form of insurance or a guarantee from a banking corporation, an insurer or an institutional body, subject to the conditions specified in the proposed directive. Among other things, the insurance or guarantee must cover the entire amount of customers’ funds that are not retained according to the alternatives proposed in sections 24(a) or 24(b) of the Law. The request should address various aspects of the insurance or guarantee contract, including the duration of the relevant contract period, the designation of the payment company’s customers as beneficiaries, as well as a limitation on the requirement for the payment company’s or another party’s self-participation. Furthermore, the customers’ cash management policy should explicitly address percentage and volume limitations of customers’ funds that can be retained in insurance or guarantees.
9. List of Foreign Countries in which it is allowed to safeguard customers’ funds:
In accordance with the provisions of section 24 of the Law, customers’ funds must be held by a “Managing Entity”. The proposed directive includes a list of foreign countries in relation to section (4) of the definition of “Managing Entity” – whoever is licensed in a foreign country included in the list of countries determined according to Section 24(h)(1) and is subject to statutory supervision by an entity authorized by law to supervise banking activities in that country, including with respect to AML/CTF, and would be required to have a banking license according to the Banking (Licensing) Law had it managed its business in Israel. The proposed list includes the following countries: European Union countries, Switzerland, the United Kingdom, the United States, Singapore, Hong Kong, and Australia. It should be noted that according to the proposed directive, a “Managing Entity” as defined above should be rated by at least one of the following international rating agencies with a rating not lower than:
Fitch (A+); Moody’s (A1); S&P (A+).
10. Payment of Interest:
The proposed directive establishes guidelines that a payment company must adhere to if it wishes to pay interest to its customers derived from the deposit or investment of customers’ funds. This includes the obligation for the payment company to develop a clear interest policy and internal and external controls to ensure the proper interest payment process, to provide adequate disclosure to customers, to maintain additional capital as specified by the Authority regarding equity capital, and more.
The draft is open for public comments until March 2, 2024.
To review the proposed directive >> click here (in Hebrew).
Our office has extensive expertise and years of experience in the field of financial services in all its aspects. We closely monitor all regulatory developments in this field, assisting and advising leading financial institutions in Israel and worldwide.
We are available to assist with any inquiries or clarifications regarding this publication, as well as to provide comments on it. Please do not hesitate to contact us for any assistance in these areas or any other questions.