Overview of the New Instructions of the Central Bank of Kuwait Regarding E-Payment of Funds
Kuwait / Banking & Finance
Law Update: Issue 361 - Education
Yomna ElShibawyAssociate,Corporate Commercial
In keeping up with the Kuwait Development Plan 2035 to launch the State of Kuwait (“Kuwait”) as a financial and commercial hub in the region, the Central Bank of Kuwait (“CBK”) has become more focused on developing the financial system in Kuwait upon adopting new strategies that offer advanced Fintech solutions that foster the integrity and stability of the banking and financial system in Kuwait and fulfil the economic needs of the local market.
In line with the above, the CBK has recently issued the Resolution No. 45/471/2023 (“Resolution”), which sets-out an updated version of the instructions (“Instructions”) issued by virtue of the previous Resolution No. 44/430 of 2018 regarding the regulation of e-payment of funds.
In this article, we will shed some light on the fundamental registration and licensing requirements outlined in the Instructions, which service providers who are involved in the activity of e-payment services are required to pursue.
In principle, the Instructions shall apply to (i) service providers who are engaged in the activities of (a) e-payment; (b) e-money; (c) operating e-payment system (collectively, the “Activity” or “Activities”)); (ii) limited purpose e-money service providers (“LPEP”); and (iv) local banks.
The Instructions spell-out certain regulatory requirements and controls that any existing or/and emerging institution which is engaged in e-payment, e-money businesses or operating e-payment systems must adhere to. These regulatory requirements and controls capture various aspects of operation. These include governance, risk management, combating money laundering and terrorist financing, cyber security, business continuity, and customer protection, which shall ultimately safeguard the interest of stakeholders and reinforce the stability and the safety of e-payment systems in Kuwait.
As a rule, the Instructions prohibit any service provider to furnish any services related to the Activity in Kuwait unless such institution has submitted certain mandatory information to the CBK and has been duly registered at a special register at the CBK (“CBK Registry”). Noting that the CBK shall not be responsible for any information or data that prove to be wrong or inaccurate. It is worth noting that the Instructions has explicitly exempted the local banks from such registration requirement.
Failure to comply with such registration requirement shall authorize the CBK to cease the activity of the violating institution and oblige the relevant entity to incur all financial and non-financial obligations.
The Instructions categorize the Activity into five types, as follows:
1. E-payment service providers who are classified into:
small e-payment service provider
large e-payment service provider
2. E-money service providers who are classified into:
small e-money service provider
large e-money service provider
3. E- payment service operators
Each licenses requires the fulfilment of certain operational conditions that vary depending on the size and the nature of the applicant’s activity. These conditions include certain requirements/limitations relating to:
the legal form of the company (i.e., limited liability or shareholding company);
the minimum required capital;
the authorized Activity Services (as defined below); and
the obligation to adhere to certain limits and ceilings regarding the volume of the transactions (e.g., average monthly e-payment transactions).
The Instructions explicitly consider the following Services (“Services”) within the scope of the Activity:
Payment Acquisition (i.e., receiving, accepting and processing transactions of payment by the Activity service provider to the payee based on a contract between both parties;
Direct Debit (i.e., debiting the payer’s account based on its approval in favour of the payee to process a payment transaction through the payer’s service provider or that of the payee;
Issuing or providing e-payment instruments;
Issuing, storing or transferring e-money;
Providing Buy Now Pay Later service (BNPL);
Limited purpose e-money; and
Any other activity that the CBK considers to be within the scope of Services, and for which a decision is issued by the CBK Governor.
Nevertheless, the Instructions have excluded the following services from the scope of the Activity:
Payment transactions made between the payer and the payee through a commercial intermediary authorized by virtue of commercial agreements on behalf of either the payer or the payee to complete the sale, purchase or collection of the amounts related to goods or services such as restaurant delivery platforms and rent collection platforms;
Cash payments or transactions executed between the payer and the payee without the intervention of any intermediary;
Payment transactions processed electronically by the payer to the payee through a monetary value stored via an electronic payment instrument, issued by a single issuer and used only to obtain goods or services from the issuer or group of subsidiaries of the parent company/commercial name;
Payment transactions processed in a securities settlement system, central clearing centres, clearing chambers, or central banks;
Any type of cheque-based payment transactions;
Payment transactions and the related services between the parent company and its subsidiaries, or between the subsidiaries of the parent company, without intervention of another E-Payment service provider; and
Carrying out the activity of transporting banknotes and coins, including collection, processing and delivery procedures.
Pursuant to the Instructions, LPEP are not allowed to carry-out any operations in Kuwait unless after obtaining a no objection certificate issued by the CBK. The Instructions, further, obliges each Activity service provider to ensure that any relevant LPEP has obtained a no objection certificate from the CBK prior to providing them with any e-payment instrument.
Additionally, the Instructions impose a ceiling on the total value of e-money of a LPEP, which shall not at any time exceed the amount of KWD 400,000. In the event that such ceiling will be exceeded, the service provider must notify the CBK of such change in writing.
Furthermore, it is worth noting that the CBK shall have the right to (i) reduce the ceiling referred to above; (ii) increase it against an unconditional letter of guarantee to be issued in favour of the CBK (this is to be determined in accordance with the CBK’s assessment of the nature of the service and the risks associated therewith; or (iii) require the LPEP to be registered at the CBK Registry as a small e-money service provider or a large e-money service provider.
In accordance with the Instructions, each LPEP must comply with the following:
to obtain the CBK written approval before providing the services. If the service already exists, an approval shall be requested within 180 days from the issuance of these instructions upon providing the required information and documentation.
to submit the audited financial statements along with an auditor’s certificate confirming that the ceiling set forth by the CBK (i.e., KWD 400,000) has not been exceeded. These documents should be submitted annually within 3 months from the end of the fiscal year.
to implement the segregation of funds and comply with the requirements set-forth in the Instructions in relation to the combating of money laundering and terrorist financing and customers’ protection.
to implement international regulations and standards in relation to the protection of the customers’ confidentiality and privacy of their personal and financial data.
to submit any reports or statistical data as required by the CBK.
to abide by the instructions issued by the CBK regarding the limited purpose e-money.
In all events, the CBK may reject the application if the applicant fails to submit the requested information.
Any registration application shall be submitted to the CBK’s review along with the following documents:
the company’s memorandum and articles of association.
the company’s commercial register provided that its issuance date does not exceed 3 months from the date of submitting the application.
the company’s equity structure setting out the major shareholders who hold more than 5% and the percentage of ownership of each of them.
a list of the names and copies of the IDs of the executive management and the board of directors.
the annual financial statements audited by a certified audit office. In the event the applicant has been operating for less than 3 fiscal years, the financial statements must be submitted for the operation period as of the date of commencing operations.
a 5-year company’s strategy in respect of large e-payment service providers, large e-money service providers and e-payment service operators and a 3-year strategy for small e-payment service providers and small e-money service providers.
a statement of the company’s business procedures including the procedures for operating each Service, policies, procedures and controls related to the payment, settlement, protection and custody of funds.
a statement of the company’s IT infrastructure and information security, which includes IT infrastructure diagram covering applications, systems, data centres, servers, networks, operations and their integrations, security measures taken to protect customers’ funds and their banking, financial and personal data and outsourcing agreements for any third party/cloud service provider.
the risk management framework that should include the policies, procedures, systems and controls necessary to manage the risks associated with the Services, setting out how to identify, monitor and address the potential risks, and the related reports. This shall include all activity related risks, business continuity, crisis management and disaster recovery plans.
a customer protection plan that should describe the measures designed for customer protection, including dispute resolution mechanism, necessary measures to protect customers’ funds, privacy policy and data protections and fees and commissions for each Service.
an exit strategy plan that should be followed in case the applicant encounters difficulties in achieving the desired goals, including the company's exit from the financial sector in an orderly manner that preserves customers’ and shareholders’ rights.
It is important to note that the above list is a non- exhaustive. Hence, the CBK may request additional information or data at any time during the application review process and the applicant must provide the CBK with the requested information within 30 days from the date such document/data has been requested unless the CBK approves a longer period. In all events, the CBK may reject the application if the applicant fails to submit the requested information.
The CBK shall review the application and the provided documents. If approved, the CBK will issue its preliminary written approval. This approval shall be valid for 6 months. During such period, the applicant shall complete the following registration requirements:
commercial license.
the minimum capital requirement.
financial guarantee, if required.
obtaining approvals on the candidates for the leadership positions in accordance with the appointment requirements prescribed by the CBK regulations.
identifying all governance arrangements according to the business models and the level of risks associated with the activity, provided it includes the organization structure including all departments, sections or functions, details of the tasks of each position, responsibilities and the names of responsible officers, roles and persons in the senior management, and each person of supervisory position upon considering the segregation of duties and authority matrix.
providing an undertaking from whereby the applicant confirms that s/he will abide by the Instructions and any other relevant laws or instructions.
Upon completing the registration requirements, the CBK shall review the submitted application and its supporting documents to decide whether to issue the final approval or reject the registration application subject to its discretion.
Although the Instructions are yet to be tested, we are excited to have such updated regulations that govern the e-payment in Kuwait. The issuance of the Instructions profoundly echoes the vision and the strategy of the regulatory authorities to have developed and advanced regulations that cope with the global rapid evolution of the Fintech industry and reinforces the integrity and stability of the banking and financial system in Kuwait.
For further information,please contact Yomna ElShibawy.
Published in September 2023
I draw and color every free moment. It’s my passion and it gives me comfort.
I am happy and I enjoy going to Mawaheb. I enjoy field trips. Mawaheb is a happy and exciting place with nice friends. Painting on canvas makes me feel happy.
