Regulation 5(1)

SCHEDULE 1U.K.Information to be included in or with an application for authorisation

1.  A programme of operations, setting out, in particular, the type of electronic money issuance and payment services which are envisaged.U.K.

2.  A business plan including a forecast budget calculation for the first three financial years which demonstrates that the applicant is able to employ appropriate and proportionate systems, resources and procedures to operate soundly.U.K.

3.  Evidence that the applicant holds initial capital for the purposes of regulation 6(3).U.K.

4.  A description of the measures taken for safeguarding the electronic money holders' and payment service users' funds in accordance with regulation 20.U.K.

5.  A description of the applicant's governance arrangements and internal control mechanisms including administrative risk management and accounting procedures, which demonstrates that such arrangements, mechanisms and procedures are proportionate, appropriate, sound and adequate.U.K.

[F15A.  A description of the applicant's procedure for monitoring, handling and following up security incidents and security-related customer complaints, including where appropriate an incidents reporting mechanism which takes account of the notification obligations under regulation 99 of the Payment Services Regulations 2017.]U.K.

[F15B.  A description of the applicant's process for filing, monitoring, tracking and restricting access to sensitive payment data.]U.K.

[F15C.  A description of the applicant's business continuity arrangements, including a clear identification of the critical operations, effective contingency plans, and a procedure for regular testing and reviewing of the adequacy and efficiency of such plans.]U.K.

[F15D.  A description of the principles and definitions used by the applicant in collecting statistical data on performance, transactions and fraud.]U.K.

[F15E.  A statement of the applicant's security policy, including—U.K.

(a)a detailed risk assessment in relation to the payment services to be provided, including risks of fraud and illegal use of sensitive and personal data, and

(b)a description of—

(i)the applicant's security control and mitigation measures to provide adequate protection to users against the risks identified,

(ii)how such measures ensure a high level of technical security and data protection, including such security and protection for the software and IT systems used by the applicant and any undertakings to which the applicant outsources any part of its operations, and

(iii)where appropriate, the applicant's measures to comply with regulation 98(1) of the Payment Services Regulations 2017, F2...]

6.  A description of the internal control mechanisms which the applicant has established in order to comply with [F3the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017] and [F4Regulation 2015/847/EU of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds] M1.U.K.

7.  A description of the applicant's structural organisation, including, where applicable, a description of the intended use of agents and branches and [F5the off-site and on-site checks that the applicant undertakes to perform on them at least annually,] a description of outsourcing arrangements, and of its participation in a national and international payment system.U.K.

8.  In relation to each person holding, directly or indirectly, a qualifying holding in the applicant—U.K.

(a)the size and nature of their qualifying holding; and

(b)evidence of their suitability taking into account the need to ensure the sound and prudent management of an electronic money institution.

9.—(1) The identity of directors and persons who are or will be responsible for the management of the applicant and, where relevant, persons who are or will be responsible for the management of the electronic money issuance and payment services activities of the applicant.U.K.

(2) Evidence that the persons described in sub-paragraph (1) are of good repute and that they possess appropriate knowledge and experience to issue electronic money and perform payment services.

10.  The identity of the auditors of the applicant, if any.U.K.

11.—(1) The legal status of the applicant and, where the applicant is a limited company, its articles.U.K.

(2) In this paragraph “articles” has the meaning given in section 18 of the Companies Act 2006 (articles of association).

12.  The address of the head office of the applicant.U.K.

13.  For the purposes of paragraphs 4, 5 [F6, 5A] and 7, a description of—U.K.

(a)the audit arrangements of the applicant; and

(b)the organisational arrangements that the applicant has set up,

with a view to the applicant taking all reasonable steps to protect the interests of its electronic money holders and payment service users and to ensuring continuity and reliability in the performance of the issuance of electronic money and payment services activities.

[F714.  In the case of an applicant which proposes to provide payment initiation services or account information services, the professional indemnity insurance or comparable guarantee which it holds in relation to such services.]U.K.