Reporting requirements: Payment Service Providers & E-Money Issuers

Payment Service Providers (PSPs), e-money issuers and other businesses are required under the PSRs 2017 and Electronic Money Regulations 2011 (EMRs) to provide certain data and information to us on a regular basis. A number of further reporting requirements will come into effect on 14 September 2019.

For more information about the additional reporting requirements that come into effect on 14 September 2019, see PS18/24.

Chapter 13 of the Approach Document provides more detail on both regular reporting and requirements on PSPs, e-money issuers and other businesses to provide notifications under certain circumstances.

All Payment Service Providers (PSPs)

Payment Services and Electronic Money Complaints Report

This should be in accordance with the method and form specified in the Dispute resolution manual (DISP 1.10B).

PSPs except electronic money institutions (EMIs) should report using Gabriel.

Electronic Money Institutions (EMIs) should download the form and complete it electronically. The completed form should be sent to [email protected].

All PSPs must send us statistical data on fraud affecting different types of payment. We must provide this information in an aggregated form to the European Banking Authority (EBA) and European Central Bank (ECB).

This information will help us understand whether PSPs have appropriate systems and controls to adequately protect users against fraud and financial crime and to understand the security risks faced by the industry as a whole.

This should be in accordance with the method and form specified in the Supervision Manual (SUP 16.13.5).

For the period 1 January 2018 to 31 December 2018, PSPs should report using the fraud report finalised in PS17/19. See SUP 16.13.7D and SUP TP 1.2 13C for relevant transitional provisions.

PSPs except electronic money institutions (EMIs) should report using Gabriel. 

EMIs should download the form and complete it electronically. The completed form should be sent to [email protected].

REP018 – Operational Risk Reporting

All PSPs are required to report to us at least once every calendar year on their operational and security risk assessment and their assessment of the adequacy of the resulting mitigation measures and control mechanisms.

We also use the information submitted in this report to assess whether PSPs relying on the SCA-RTS Article 17 exemption (“corporate payment exemption”) from strong customer authentication have in place processes and protocols that guarantee at least equivalent levels of security to those provided for by PSD2 (see SUP 16.13.18).

This should be in accordance with the method and form specified in the Supervision Manual (SUP 16.13.9).

PSPs except electronic money institutions (EMIs) should report using Gabriel. 

EMIs should download the form and complete it electronically. The completed form should be sent to [email protected].

Payment Institutions (PIs) and Registered Account Information Service Providers (RAISPs)

RAISPs, Authorised and Small PIs must provide us with financial returns annually so that we can supervise their business. Hybrid firms need to submit accounts for the part of their business that involves payment services. 

As well as supervising your business, we use the data to calculate periodic fees that you need to pay us.

This should be in accordance with the method and form specified in the Supervision Manual (SUP 16.13).

Reporting Process

You must submit annual reports to us using Gabriel, our online regulatory reporting system.

The system monitors when your reports are due and will send you a reminder a month before.

If you miss the reporting deadline, we will send you another reminder and you will incur a £250 charge.

Authorised Payment Institutions

FSA056 Authorised Payment Institution Capital Adequacy Return

You must submit an authorised payment institution capital adequacy return each year within 30 days of your accounting reference date.

REP001 Annual Close Links Report

If an authorised PI has close links, we must be satisfied those links are not likely to prevent our effective supervision of the institution. The annual close links report asks for information on your close links and whether there have been any material changes to your close links since the submission of the last report.

Authorised PIs must submit this annually within 4 months of their accounting reference date.

REP002 Annual Controllers Report

We expect authorised PIs to understand who owns their business and, in accordance with regulation 37 of the PSRs 2017, notify us of any change in circumstance. The controllers report asks for information on the current control structure and will allow us to verify that authorised PIs (and persons that control them) are providing us with the appropriate information in accordance with their obligations.

Authorised PIs must submit this annually within 4 months of their accounting reference date.

Small PIs

FSA057 Payment Services Directive Transactions Report

You must submit a payment services directive transactions report before the end of each January to cover the previous year’s payment transactions.

This is used to give us an overview of the size of your payment services business and to check you are not exceeding the €3 million threshold for average monthly payment transactions for small payment institutions.

PIs that undertake non-regulated business

Authorised and small PIs that are hybrid firms and carry out activities other than payment services must give us a separate set of accounts that cover the payment services business.

This must be in paper form, so Gabriel will not send you a reminder.

Registered Account Information Service Providers (RAISPs)

FSA056 Authorised Payment Institution Capital Adequacy Return

You must submit an authorised payment institution capital adequacy return each year within 30 days of your accounting reference date. You will only be expected to answer the questions that are relevant to the activity you are carrying out, for example the value and volume of AIS activity.

Electronic Money Institutions (EMIs)

In addition to the regular reporting for all PSPs, EMIs must provide us with certain information to help us comply with our supervisory responsibilities under the Electronic Money Regulations (EMRs).

Reporting process

The EMI returns are listed below and can be downloaded. You must:

  • complete them electronically in Excel, and
  • send them to us by email to [email protected]

Please do not send us scanned in copies of the return.

Or, send the EMI returns in encrypted form by secure email. Request this option by emailing [email protected].

All EMIs must send the regulatory data to us by the reporting deadlines. If you miss the reporting deadline, you will incur a £250 charge.

Authorised EMIs

FIN060 (annual return)

You must submit this annually within 30 business days of your accounting reference date.

REP001 Annual Close Links Report

If an authorised EMI has close links, we must be satisfied those links are not likely to prevent our effective supervision of the institution. The annual close links report asks for information on your close links and whether there have been any material changes to your close links since the submission of the last report.

You submit this annually within 4 months of your accounting reference date.

REP002 Annual Controllers Report

We expect authorised EMIs to understand who owns their business and, in accordance with regulation 37 of the EMRs, notify us of any change in circumstance. The controllers report asks for information on the current control structure and will allow us to verify that authorised EMIs (and persons that control them) are providing us with the appropriate information in accordance with their obligations.

You must submit this annually within 4 months of your accounting reference date.

Small EMIs

FIN060 (annual return)

You must submit this annually within 30 business days of your accounting reference date.

FSA065 (total outstanding e-money at 31 December)

You must submit this by the end of each January.

Separate accounting information for hybrid businesses

Authorised and small EMIs that undertake other, non-regulated business must provide a separate set of accounts covering the e-money and payment services element of their business.

If your accounts are audited and lodged at Companies House, we expect them to be submitted to us at the same time.

Credit institutions that issue e-money

Credit institutions that issue e-money should continue to report the amount of e-money issued in the reporting return PRA001 on a:

  • quarterly-basis for an unconsolidated UK bank or building society, or
  • half-yearly if they are a UK consolidation group

Credit institutions do not need to complete the FIN060 and FSA065 returns.