Reporting requirements: payment service providers and e-money issuers

Payment service providers (PSPs), e-money issuers and other businesses are required under the Payment Services Regulations 2017 (PSRs) and Electronic Money Regulations 2011 (EMRs) to provide certain data and information to us on a regular basis. 

Chapter 13 of our Approach Document[1] gives more details on both regular reporting and the requirements for PSPs, e-money issuers and other businesses to provide notifications under certain circumstances.

Payment service providers (PSPs)

Payment Services and Electronic Money Complaints Report[2]

This should be submitted in accordance with the method and form specified in the Dispute resolution manual[3] (DISP 1.10B).

PSPs including electronic money institutions (EMIs) should report using RegData.

REP017 Payments Fraud Reporting[4]

All PSPs must send us statistical data on fraud affecting different types of payment. 

This information will help us understand whether you have appropriate systems and controls to adequately protect users against fraud and financial crime, and to understand the security risks faced by the industry.

This should be submitted in accordance with the method and form specified in the Supervision Manual[5] (SUP 16.13.5 to 16.13.8A).

In the case of an authorised payment institution[6], an authorised electronic money institution[7] or a credit institution[8]:

• the report set out in SUP 16 Annex 27ED[9] must be provided to us every 6 months[10]
• reports must cover the periods 1 January to 30 June and 1 July to 31 December
• reports must be submitted within 2 months[10] of the end of each reporting period

In the case of a small payment institution[11], a registered account information service provider[12] or a small electronic money institution[13]:

• 2 reports set out in SUP 16 Annex 27ED[9] must be provided to us every 12 months[11]
• each report must cover a 6-month[16] period; 1 must cover the period 1 January to 30 June and the other report must cover the period 1 July to 31 December
• both reports must be submitted within 2 months[17] of the end of the calendar year

PSPs including electronic money institutions (EMIs) should report using RegData. 

REP018 Operational Risk Reporting[8]

All PSPs are required to report to us at least once every calendar year on their operational and security risk assessment and their assessment of the adequacy of the resulting mitigation measures and control mechanisms.

We also use the information submitted in this report to assess whether PSPs relying on the technical standards on strong customer authentication and common and secure methods of communication (SCA-RTS) have processes and protocols that guarantee at least equivalent levels of security to those provided for by the PSRs (see SUP 16.13.18). More specifically, this can be found under Article 17 exemption (‘corporate payment exemption’) and Chapter 20 of our Approach Document[1].

This should be submitted in accordance with the method and form specified in the Supervision Manual[5] (SUP 16.13.9).

PSPs including electronic money institutions (EMIs) should report using RegData. 

REP020 Quarterly statistics on availability and performance of dedicated interfaces[9]

PSPs that are also account servicing payment service providers (ASPSPs), and that opt to provide a dedicated interface under SCA-RTS Article 31, must provide us with a quarterly return of the performance of each interface. This includes up-time and down-time statistics of the interface. 

The quarterly report is to be provided to us within 1 month of the end of the quarter to which these statistics relate.

The published and reported statistics should meet the requirements of our guidelines on the conditions to be met to benefit from an exemption from the contingency mechanism under SCA-RTS Article 33(6).

Refer to SUP 16.13.22 G to 16.13.24 G.

PSPs including electronic money institutions should report using RegData.

Payment institutions (PIs) and registered account information service providers (RAISPs)

RAISPs, authorised and small PIs must provide us with financial returns annually, so that we can supervise their business. Hybrid firms need to submit accounts for the part of their business that involves payment services. 

As well as supervising your business, we use the data to calculate periodic fees that you need to pay us. This should be submitted in accordance with the method and form specified in the Supervision Manual[21] (SUP 16.13).

Reporting process

You must submit annual reports to us using RegData[9], our online regulatory reporting system.

The system monitors when your reports are due and will send you a reminder a month before.

If you miss the reporting deadline, we will send you another reminder and you will incur a £250 charge.

Authorised payment institutions

FSA056 Authorised Payment Institution Capital Adequacy Return[10]

You must submit an authorised payment institution capital adequacy return each year within 30 days of your accounting reference date.

REP001 Annual Close Links Report[11]

If an authorised PI has close links, we must be satisfied those links are not likely to prevent our effective supervision of the institution. The annual close links report asks for information on your close links and whether there have been any material changes to your close links since the submission of the last report.

Authorised PIs must submit this annually within 4 months of their accounting reference date.

REP002 Annual Controllers Report[12]

We expect authorised PIs to understand who owns their business and, in accordance with regulation 37 of the PSRs, notify us of any change in circumstance.

The controllers report asks for information on the current control structure and will allow us to verify that authorised PIs (and persons that control them) are providing us with the appropriate information in accordance with their obligations.

Authorised PIs must submit this annually within 4 months of their accounting reference date.

Small PIs

FSA057 Payment Services Directive Transactions Report[13]

You must submit a payment services directive transactions report before the end of each January to cover the previous year’s payment transactions.

This is used to give us an overview of the size of your payment services business and to check you are not exceeding the €3 million threshold for average monthly payment transactions for small payment institutions.

PIs that undertake non-regulated business

Authorised and small PIs that are hybrid firms and carry out activities other than payment services must give us a separate set of accounts that cover the payment services business.

This must be in paper form, so RegData will not send you a reminder.

RAISPs

FSA056 Authorised Payment Institution Capital Adequacy Return[25]

You must submit an authorised payment institution capital adequacy return each year within 30 days of your accounting reference date. 

You will only be expected to answer the questions that are relevant to the activity you are carrying out, for example the value and volume of AIS activity.

Electronic money institutions (EMIs)

In addition to the regular reporting for all PSPs, EMIs must provide us with certain information to help us comply with our supervisory responsibilities under the EMRs.

Reporting process

The EMI returns FIN060 and FSA065 are listed below and must be completed using RegData.

Authorised EMIs

FIN060a (annual return)[14]

You must submit this annually within 30 business days of your accounting reference date.

REP001 Annual Close Links Report[15]

If an authorised EMI has close links, we must be satisfied those links are not likely to prevent our effective supervision of the institution.

The annual close links report asks for information on your close links and whether there have been any material changes to your close links since the submission of the last report.

You submit this annually within 4 months of your accounting reference date using RegData. 

REP002 Annual Controllers Report[16]

We expect authorised EMIs to understand who owns their business and, in accordance with regulation 37 of the EMRs, notify us of any change in circumstance.

The controllers report asks for information on the current control structure and will allow us to verify that authorised EMIs (and persons that control them) are providing us with the appropriate information in accordance with their obligations.

You must submit this annually within 4 months of your accounting reference date.

Small EMIs

FIN060b (annual return)[17]

You must submit this annually within 30 business days of your accounting reference date.

FSA065 (total outstanding e-money at 31 December)[18]

You must submit this by the end of each January.

Separate accounting information for hybrid businesses

Authorised and small EMIs that undertake other, non-regulated business must provide a separate set of accounts covering the e-money and payment services element of their business.

If your accounts are audited and lodged at Companies House, we expect them to be submitted to us at the same time.

Credit institutions that issue e-money

Credit institutions that issue e-money should continue to report the amount of e-money issued in the reporting return PRA001 on a:

• quarterly-basis for an unconsolidated UK bank or building society, or
• half-yearly if they are a UK consolidation group

Credit institutions do not need to complete the FIN060 and FSA065 returns.