Appendix I. Licensing Practices for Mobile Network Operators by Region

1. MNO Licensing

Source: World Bank (2018) Payment Systems Worldwide: A Snapshot, September.

2. MNO Admissible Activities

Source: World Bank (2018) Payment Systems Worldwide: A Snapshot, September.

3. MNO Licensing Requirements

Source: World Bank (2018) Payment Systems Worldwide: A Snapshot, September.

4. Authorities Legally Empowered to Supervise MNOs

Source: World Bank (2018) Payment Systems Worldwide: A Snapshot, September.

5. MNO Licensing/Registration Requirements to Provide Remittance Services

Source: World Bank (2018) Payment Systems Worldwide: A Snapshot, September.

Terry Goh was formerly with the Monetary Authority of Singapore. We thank Wouter Bossu, Jess Cheng, Simon Gray, Dong He, Kathleen Kao, Aditya Narain, Harish Natarajan, Kristel Poh, Alexandre Stervinou, Jan Vermeulen for helpful comments and suggestions. An earlier version was presented at the Joint European Central Bank—National Bank of Belgium Retail Payments Conference in Brussels on November 27, 2019. Karen Lee helped with research and Wifianni Wirsatyo provided editorial assistance.


The Bali Fintech Agenda proposed a framework that focused on 12 relevant elements, including financial sector resilience, risks, and international cooperation (IMF/World Bank, 2018). Payments and settlement systems, and central bank digital currency were among the key issues identified as meriting further attention (IMF/World Bank, 2019).


For illustration, this has included the European Union and Singapore. Canada has also initiated reforms to the oversight framework for retail payments (Department of Finance Canada, 2019).


International principles and guidance of relevance have focused on systemically important payment systems (CPSS, 2001), oversight of payment and settlement systems (CPSS, 2005), national payment system development (CPSS, 2006), international remittance services (CPSS/World Bank, 2007), financial market infrastructures (CPMI/IOSCO, 2012), and payment aspects of financial inclusion (CPMI/World Bank, 2016).


Nearly half of the regulatory agencies surveyed by the Basel Committee on Banking Supervision have considered new regulations or guidance related to Fintech (BCBS, 2018).


This list is not exhaustive and could differ by jurisdiction. Some jurisdictions have introduced regulatory sandboxes, which is not in the scope of this paper. For illustration, see IMF (2019). Other new forms of payment services have included third party initiation, tokenization, payment gateways, payment aggregators, and white label ATM/POS providers, which are not in the scope of this paper. Digital payment token services are included based on recent market and regulatory developments.


The EU PSD2 (Annex 1) groups payment services as: (i) services enabling cash to be placed on a payment account as well as all the operations required for operating a payment account; (ii) services enabling cash withdrawals from a payment account as well as all the operations required for operating a payment account; (iii) execution of payment transactions, including transfers of funds on a payment account with the user’s PSP or with another PSP; (iv) execution of payment transactions where the funds are covered by a credit line for a payment service user; (v) issuing of payment instruments and/or acquiring of payment transactions; (vi) money remittance; (vii) payment initiation services; and (viii) account information services.


This includes: (i) account issuance service; (ii) domestic money transfer service; (iii) cross-border money transfer service; (iv) merchant acquisition service; (v) electronic money issuance service; (vi) digital payment token service; and (vii) money-changing service.


The identification or exclusion of certain payment services may vary across jurisdictions and does not imply that other relevant legislation or regulation are not applicable. For illustration, the penetration and use of mobile money may be more significant in some countries than others.


See Groupe Speciale Mobile Association (GSMA) Global Mobile Money program and dataset.


This includes: (i) air-time top-ups funded from customer accounts (excluding purchases of airtime funded by OTC payments); (ii) bill payments using mobile money; (iii) bulk disbursement (such as salary payments, government or nongovernment organization transfers, regardless of whether they terminated in an account or OTC); (iv) cash-in to customer accounts (excluding OTC P2P payments, bill payment or airtime top-ups); (v) cash-out from customer accounts (excluding OTC collection of bulk payments or P2P payments); (vi) international remittance made between customer accounts; (vii) merchant payment, involving movements of value from a customer to a merchant to pay for goods or services at the point of sale using a mobile money account; and (viii) person-to-person transfers, including domestic transfers made between two customer accounts including OTC transactions, off-net/cross-net transfers, bank account-to-mobile account transfers, and mobile money-to-bank account transfers.


United States House of Representatives Committee on Financial Services Hearing on “Examining Facebook’s Proposed Cryptocurrency and Its Impact on Consumers, Investors, and the American Financial System”, July 17, 2019.


Singapore’s PS Act (Part 2, Section 13) exempts specific PSPs from licensing, including licensed banks, merchant banks, finance companies, person licensed to issue credit cards or change cards, and any person or class of persons that may be prescribed.


This classification partly draws on the EU PSD2.


The ECB issued the Guide to Assessments of License Applications (second revised edition) in January 2019, which includes applications from fintech companies with an interest to becoming a credit institution. The Bank of England and Financial Conduct Authority established the New Bank Start-up Unit to consider applications from any firm seeking to be a bank. The Reserve Bank of India issued restricted payments bank licenses in 2015, which are subject to a minimum paid-up equity capital equivalent to USD 15 million. Account holders are restricted to a maximum balance of USD 1,500 and are issued with ATM and debit cards (with no credit cards).


Payment infrastructures identified as critical infrastructures could also be required to meet information security requirements and subject to regulation by the national cyber security agency.


For illustration, the Monetary Authority of Singapore has a category for system-wide important payment systems. The Bank of Canada identifies non-SIPS as prominent payment systems. The ECB has categorized non-SIPs as (i) non-systemically important large-value payment systems; (ii) ‘prominently important retail payment systems (PIRPS); and (iii) other retail payment systems (ORPS).


For illustration, the Universal Postal Union has established for member countries multilateral and licensing agreements, regulations, and service standards for its worldwide electronic postal payment network.


Funds in transit do not include those arising from payment and settlement processes such as in a check clearing system, which should be addressed by the payment system design.


The EU PSD2 (Article 10) includes safeguarding requirements.


For illustration, the MAS has assessed that value stored on e-wallets with these characteristics carry low money laundering and terrorist financing risks and are limited in consumer reach, and therefore exempted from regulations based on the following: (i) it is used for payment or part payment of the purchase of goods from the issuer or use of services of the issuer, or both (such as a single entity shop issuing its own vouchers e.g. spas, restaurants, bookshops); (ii) it is used only within a limited network of franchisees or related companies; or (iii) all the monetary value stored in the e-wallet is issued by a public authority, or a public authority has undertaken to be fully liable for or provided a guarantee in respect of all the monetary value stored in the e-wallet, in the event of default by the issuer.


For illustration, 7-Eleven Japan was reported to suspend its mobile payment application services after hackers compromised USD 500,000 from its customer accounts (July 2019). This prompted the company to compensate its customers and the Ministry of Economy, Trade, and Ministry to require the firm to strengthen its security.


For illustration, Belgian authorities require compliance by PIs and ELMIs of the following: (i) protection of sensitive payment data; (ii) strong customer authentication, common and secure communication standards; (iii) IT security policy; (iv) reporting of operational and security incidents; (v) collection of statistics on transactions, fraud and performance; (vi) business continuity arrangements; (vii) compliance with rule on card-based payment instruments; and (viii) compliance with payment account management rules (National Bank of Belgium, 2019).


For illustrative purposes, the eligibility criteria are drawn from recent experiences in UK (Bank of England, 2019; 2017). The first nonbank PSP joined a UK payment system on April 18, 2018. See press release.


Common eligibility criteria include: participant status, settlement arrangements, legal documents, legal opinion, member/shareholder, costs, and compliance.


Supervisory assessments include assess compliance with existing regulatory requirements for nonbank PSPs and focus on governance arrangements, safeguarding of customer funds, and financial crime. Nonbank PSPs that hold a settlement account at the central bank are also subject to ongoing supervisory oversight to ensure their compliance with regulatory requirements, including requirements to periodically commission independent audits covering key risk areas.


The legal framework could be established by legislation or other statutory instruments, common law, administrative law, contracts (including system rules), or international treaties and regulations. The illustrations are not intended as a check list and depends on the institutional context in each jurisdiction.


Swinehart (2018) suggests that payments regulation is largely technology-neutral and activity-based and is adaptable to financial change in the context of the U.S.


For illustration, global electronic commerce and electronic payment activities have benefited from model laws developed by the United Nations Commission on International Trade Law (UNCITRAL), including: UNCITRAL Model Law on International Credit Transfers; UNCITRAL Model Law on Electronic Commerce (addressing issues of authorization, signature and evidence in electronic commercial transactions); UNCITRAL Model Law on Electronic Signatures; and UNCITRAL Model Law on Electronic Transferable Records (allowing the use of transferable documents and instruments in electronic form). The EU Directive 98/26/EC on settlement finality in payment and securities settlement systems has also served as a useful benchmark.


For illustration, Facebook’s Libra initiative has such service offerings. Other broader public policy issues include competition, consumer/investor protection, tax compliance, which are beyond the scope of this paper.


See Bank of England Warns Facebook Libra Faces Tough Scrutiny Before Launch, Financial Times, October 9, 2019.


For illustration, the Swiss Financial Market Supervisory Authority has issued stable coin guidelines to clarify that such service offerings would require a payment system license and would be subject to FMI regulation and anti-money laundering laws. Additional requirements will also apply for bank-like risks in the payment system following the maxim of “same risks, same rules”. Such requirements would relate to capital allocation (for credit, market and operational risks), risk concentration, and liquidity.


For illustration, the Nepal Rastra Bank was reported to have licensed a Chinese card company as a payment system operator to provide electronic card network and card clearing services (see article), and banned two Chinese payment institutions that were not registered but offering payment services to Chinese tourist visiting Nepal (see article).


For illustration, the Monetary Authority of Singapore has monitored the digital token markets to analyze their material risks to financial stability (MAS, 2018). This includes the use of trading activity and net inflows in a fiat to digital token pair to proxy activity by a jurisdiction’s participants.


For illustration, the Monetary Authority of Singapore has conducted impact studies on the payments, deposit, and lending businesses of banks (MAS, 2017). For bank payment businesses, the studies used fee income from payment transaction volumes and fees data.


Studies have found that mobile money enabled effective monetary policy, transferring currency and assets into the formal financial system, enhancing their depth, and linked with a higher money multiplier (GSMA, 2019). Money supply was responsive to changes in the monetary base and improved the implementation of monetary targeting and the impact on the velocity of money and inflation were also unfounded in these studies.

Fintech and Payments Regulation: Analytical Framework
Author: Mr. Tanai Khiaonarong and Terry Goh