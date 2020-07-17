LICENSING REQUIREMENTS FOR
DEDICATED ELECTRONIC MONEY ISSUERS
AND PAYMENT SERVICE PROVIDERS
Bank of Ghana
FinTech and Innovation
No. List of Requirements
-
Company Profile
-
-
Overview of the Company including its history, date it was founded, registered address (Including digital address), registration documents from the Registrar General's Department i, a synopsis of the service to be offered;
-
Details of External Auditors/ Accountants, and Bankers and all third party payment service providers ii
-
Governance iii
-
-
Profile of shareholders indicating respective percentage shareholding, nationality and submission of copies of share certificate of the company; iv
-
Attestation from a notary public confirming ultimate beneficial owner(s) with 10% or more of total share ownership and voting rights;
-
Number and profile of Board of Directors v as required by the Payment Systems and Services Act, 2019 (Act 987), and Key Management Personnel vi;
-
Organisational Structure;
-
Profile of promoters where applicable.
-
Business Plan
-
-
Covering business overview, market analysis, products and servicesto be offered including transactional limits, on-boarding process and Fees or Charges to be charged where applicable;
|
Dedicated Electronic Money Issuer
|
Payment Service Provider (Scheme)
|
Payment Service Provider (Enhanced)
|
Payment Service Provider (Medium)
|
Payment Service Provider (Standard)
|
√
|
√
|
√
|
√
|
√
|
√
|
√
|
√
|
√
|
√
|
√
|
√
|
√
|
√
|
√
|
√
|
√
|
√
|
√
|
√
|
√
|
√
|
√
|
√
|
√
|
√
|
√
|
√
|
√
|
NA
|
√
|
√
|
√
|
√
|
√
√ √ √ √ √
√ √ √ √ √
1
b) Five years financial projections for the proposed business. vii
4 Systems and Technology
|
a)
|
Information, Communication and Technology (ICT) Systems to be deployed;
|
√
|
√
|
√
|
√
|
√
|
b)
|
ICT Architecture diagram highlighting Security and Control;
|
√
|
√
|
√
|
√
|
√
|
c)
|
ICT Policy Framework; viii
|
√
|
√
|
√
|
√
|
√
|
d)
|
ICT Security and Control (including Transaction Monitoring Tool, Fraud Monitoring
|
√
|
√
|
√
|
√
|
√
|
|
and Detection Tool and at least two-factor Authentication);
|
|
|
|
|
|
|
e)
|
Business Continuity Programme (including Disaster Recovery Plan);
|
√
|
√
|
√
|
√
|
√
|
f)
|
Data Protection Certificate;
|
√
|
√
|
√
|
√
|
N/A
|
g)
|
ISO 27001-2013ix and PCI DSS x Certification and Certificate of Compliant where
|
√
|
√
|
√
|
N/A
|
N/A
|
|
applicable;
|
√
|
√
|
√
|
√
|
N/A
-
EV-SSLTool where Applicable; xi
5 Enterprise Risk Management
|
|
a)
|
Risk and Mitigation Measures covering Operational, Market, Liquidity, Money
|
√
|
√
|
√
|
√
|
√
|
|
|
Laundering, Fraud, Legal, Credit and Funding Risks where applicable;xii
|
√
|
√
|
√
|
N/A
|
N/A
|
|
b)
|
Business Impact Assessment (BIA);
|
|
√
|
√
|
√
|
√
|
√
|
|
c)
|
Anti-Money Laundering / Combating Financing of the Terrorism (AML/CFT) Policy.
|
|
|
|
|
|
|
6
|
Consumer Protection Policy
|
|
|
|
|
|
|
The Policy should be guided by the Consumer Recourse Mechanism Guidelines for
|
√
|
√
|
√
|
√
|
√
|
|
Financial Service Providers (2017) and the Payment Systems and Services Act, 2019 (Act
|
|
|
|
|
|
|
987)
|
|
|
|
|
|
-
Regulations of Incorporation:
-
-
Regulations of Incorporation for Dedicated Electronic Money Issuers (DEMIs) should include a provision that electronic money owed to the customers are held in trust and shall not be encumbered in case of insolvency or liquidation.
-
Business object in the Regulation of Incorporation should read "Payment Service Provider"
2
-
Submission of copies of Service Level Agreement (SLA) with all partnering institutions.
-
Shareholders, Directors and Key Management Personnel are required to complete Personal Questionnaire Forms (Available on Bank of
Ghana's website with the reference "BOG/FIO-001")
-
Eligibility Criteria for Shareholders and Directors of applicant companies:
-
-
A shareholder should not have been convicted of an offence involving a financial transaction by a court of competent jurisdiction within the past ten years;
-
A shareholder should not have filed for personal bankruptcy;
-
A shareholder should not have been disqualified from practising a profession by a professional body;
-
A shareholder should not have been involved in a past or present managerial function of a body corporate or other undertakings that have been a subject of insolvency or liquidation proceedings;
-
The information provided by a shareholder in support of an application should not be false or misleading;
-
A significant shareholder is required to provide evidence of the source of funds;
-
The directors of the company must meet the fit and proper persons requirements required under the Fit and Proper Directive, July 2018.
-
Minimum of three directors
-
Key Management Directors refers to:
-
-
Chief Executive Officer
-
Technology and Systems Manager
-
Compliance and Risk Manager
-
Finance Manager
-
In the case of existing business, up to three years audited financial statement and management accounts for the current year and immediate past year.
-
ICT Policies should include:
-
-
Data Protection Policy
-
ICT Acceptable Use Policy
3
-
-
ICT Monitoring Policy
-
ICT Information and Cyber Security Policy
-
Remote Working Policy
-
Data Collection and Sharing Policy
-
Data Security Incident Procedure
-
PSP Medium Licence applicants are required to be ISO 27001 compliant.
-
The PCI DSS applies to entities that store, process, and/or transmit cardholder data. PSP Medium applicants are required to be PCI DSS compliantwhere applicable.
-
PSP Standard Licence applicants require SSL where applicable.
-
Risk and Mitigation Measures should be specific to the operations of the company.
All enquiries should be directed to the FinTech and Innovation Office through any of the following channels:
Email Address: fintech@bog.gov.gh
Telephone : +233 302739650
4
Disclaimer
Bank of Ghana published this content on 17 July 2020 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 17 July 2020 13:45:05 UTC