Banks in the digital space, the thin regulatory line

0

While great care is taken to cater for the various ways new legislation may interact with existing regulatory regimes, new laws may occasionally introduce unintended regulatory uncertainty or duality that may require clarification from the regulator and/or legislation to resolve.

The new Payment Systems & Services Act, 2019 (Act 987) may potentially have introduced a dual regulatory regime for Banks and Specialized Deposit-Taking Institutions who wish to, or currently engage in the provision of payment systems and services, and/or the issuance of electronic money.

Banks and Specialized Deposit-Taking Institutions are primarily regulated by the Banks and Specialized Deposit-Taking Institutions Act, 2016 (Act 930) which prescribes their permissible activities to include acceptance of deposits, lending, financial leasing, investment in financial securities, money transmission services, issuing and administering of means of payment, guarantees and commitments, etc.



Prior to the enactment of Act 987, Banks that wanted to roll out payment systems and services simply needed approval from Bank of Ghana. Payment services were activities broadly linked to Bank accounts and consequently considered to be, by default, a Banking activity. Banks were thus performing payment activities within their Banking license, and the Bank of Ghana would approve or check upon such activities within their supervisory powers. With the advent of Act 987, Banks have been placed under a new regulatory umbrella.

While emoney issuers and payment service providers require a payment service provider (PSP) license from the Bank of Ghana (BOG) to operate under Act 987, Banks and Specialized Deposit-Taking Institutions do not. For clarity, the payment service provider (PSP) licenses under Act 987 are reserved for FinTechs including e-money issuers.

However, Banks and Specialized Deposit-Taking Institutions already licensed by the Bank of Ghana under Act 930 require, according to the new Act, express authorization to perform payment services or to issue e-money from the Bank of Ghana.Act 987 provides in section 10 that bodies regulated under the Banks and Specialized Deposit-Taking Institutions Act, 2016 (Act 930) shall not engage in payment service business unless authorized by Bank of Ghana to do so. Further to this, according to section 22 of Act 987 which covers authorization of e-money issuers, a body corporate regulated under Act 930 shall only engage in the electronic money business with authorization from Bank of Ghana.  

The e-money issuer authorization process requires Banks and Specialized Deposit-Taking Institutions to create subsidiaries for the performance of the permitted activities under Act 987 and to complete an application process almost as involving as that of FinTechs.

To wit, any Bank, Deposit-Taking Microfinance, Savings & Loans, or other specialized Deposit-Taking institution seeking to issue electronic money must establish a subsidiary for the purpose of their e-money business and apply for an authorization from the Bank of Ghana to engage in those activities using this subsidiary.

The effect of these provisions for payment service and e-money issuer authorizations in Act 987 is that, Banks and Specialized Deposit-taking institutions are being regulated twice by the same regulator under two arms of the Bank of Ghana, being the Payments Systems Department and the FinTech and Innovation Unit of the Bank of Ghana respectively.

It is going to be interesting to see how the Bank of Ghana draws a fine line between services that fall under the new Act 987 and services that are considered banking activities by default. What happens to previously granted approvals for existing services when this line is drawn?

One issue the Bank of Ghana would have to grapple with is how to properly regulate these entities separately under both Acts without overwhelming the entities and the Banks in the process.

It could be argued that it is superfluous to go to a regulator for authorization to run services that were previously approved by the same regulator. On the other hand, Act 987 is clear when it mandates Banks and Specialized Deposit-Taking institutions to obtain authorization before running services captured in the act. The Act even goes as far as imposing sanctions on corporate bodies that do not comply. The legal maxim “generalia specialibus non derogant”, meaning the “general does not detract from the specific”, captures this argument succinctly. Thus, before the law addressing the specific permissible activities (Act 987) was passed, Banks were governed by the general rule that in rolling out new products, regardless of where they fell within their permissible activities, they needed approval from BOG. However, with the passing of the specialized Act 987, the applicability of the general principle is uncertain. The uncertainty lies in the fact that the same regulator, though in different capacities, regulates Banks under both laws, that is,giving approval to Banks to roll out products and services which may include payment service provision under Act 930 and giving authorization to Banks to perform payment service provision under Act 987.

The real question here is, is approval under Act 930 enough to cover services that are regulated under 987?  While this will be a question for the courts to answer, these issues bring to question the relevance of a separate regulation to oversee payment services conducted by Banks and Specialized Deposit-taking institutions. The relevance of this separation may lie in the sensitive nature of the financial services space. The regulator may want to keep a tight rein on supervision to efficiently identify and manage new systemic risks which may be introduced through increasing innovation and digitization in the provision of payment systems and services. This is particularly pertinent given the recent Banking sector crisis and clean-up. Pursuant to this, there may very well be a justifiable need to regulate the payment services aspects of Banking separately.

Need established, the execution of this regulation is extremely crucial. The key to proper execution lies in the availability of information and clear processes and guidelines for compliance which is seemingly lacking as the law stands today. Do Banks and Specialized Deposit-taking institutions need to seek authorization to continue the previously approved activities?Should they go to the Fintech and Innovation Office or Payment Systems Department within the BOG? The right answers to these questions are uncertain.

It can be argued that Act 987 notwithstanding, prior approvals provided by the Bank of Ghana to Banks and Specialized Deposit-taking institutions are not invalidated by the new Act as neither the Bank of Ghana nor Act 987 have expressly or consequently revoked those approvals. It gets trickier when we consider what the new authorization requirement means formaintenance or extensions on the existing approved products.

For existing approved products, the pathway to regulatory compliance is not a straight one. There are two possible detoursin that respect; a demand of a strict compliance with the Act or a more permissive approach which would allow Banks and Specialized Deposit-taking institutions to conduct payment services using the prior approvals without regularization.

A strict interpretation of the Act would require that these entities regularize the prior approvals obtained, within a window given by the Bank of Ghana, whether the products previously approved are altered, being maintained, improved or not. This would mean that Banks and Specialized Deposit-taking institutions that perform the previously approved payment services without the authorization of the Bank of Ghana under the new Act would be engaged in illegal activity.

A more permissive approach would mean that these Banks and Specialized Deposit-taking institutions (that is in respect of prior approved products) may maintain, operate, and use these products relying on the approvals given by the Bank of Ghana. However, this position would shift if the Banks and Specialized Deposit-taking institutions decide to include extensions or upgrade the existing product; effectively making them a new product. Then, an authorization would be certainly required for such improvements under Act 987.

While the Act is very clear on the need for Banks and Specialized Deposit-taking institutions to be authorized under the new Act, the implementation of this requirement is quite cloudy and questions how realistic this implementation can be.

That said, for regulatory advisors, it is always better to err on the side of caution, especially considering the penalties for Banks and Specialized Deposit-taking institutions carrying out payment services without the regulatory authorization.

Failure of Banks and Specialized Deposit-taking institutions to obtain authorization to issue e-money is an offence under Act 987 and could result in fines between GHS 48,000.00 and GHS 84,000.00. The penalty for carrying on payment services without authorization from the Bank of Ghana is an administrative penalty of GHS60,000.00

As always, it is better to be safe than GHS 84,000.00 sorry.

ABOUT THE ATHOURS

Jessie is a tech lawyer with The EightGeeks @Law, a tech law firm in Ghana, with extensive experience in legal research, intellectual property, corporate and commercial matters, technology transactions and currently works with tech firms and startups

Yinsongti is a tech lawyer at The EightGeeks @Law. Her practice covers corporate governance, corporate transactions, technology transactions and internet transactions. Yinsongti is currently a technology and entrepreneurial  LLM candidate at at Cornell Law School.

Leave a Reply