Decree No. 1 / 2022 Coll.
Ordinance on applications and notifications to carry out activities under the Law on Payment
Valid
Effective from 01.07.2022
Zobrazeno prvních 200 z celkem 518 ustanovení tohoto předpisu.
Zobrazit celý předpis →
Pro stažení celého znění použijte tlačítko Stáhnout výše.
1
DECLARATION
of 22 December 2021
on applications and notifications for activity under the Payment Act
The Czech National Bank, pursuant to § 263 of Act No. 370 / 2017 Coll., on Payment, (hereinafter "the Act '), provides for the implementation of § 10 (4), § 11 (2), § 18 (6), § 27 (4), § 28 (3), § 29 (4), § 33 (5), § 34 (2), § 38 (2), § 43 (3), § 44 (2), § 51 (4), § 52 (2), § 55 (4), § 93 (2), § 101 (3), § 102 (2), § 76 (6), § 86 (4) § 87 (3), § 88 (4) § 92 (5), § 93 (2), § 92 (2), § 101 (3), § 102 (2), § 254e) and § 254e (4).
Subject matter
(1) This decree implements the relevant European UnionRegulation (1) and regulates the details of the
(a) applications for authorisation to operate
1. payment institutions,
2. the payment account information manager,
3. small-scale payment service providers;
4. electronic money institutions;
5. small-scale electronic money issuer,
6. dynamic currency exchange service provider,
(b) an application to extend the authorisation referred to in points (a) (1) and (3) to (6);
(c) requests from a payment institution, an electronic money institution or an administrator of payment account information to consent to the provision of payment services in the host Member State through a branch or an authorised representative;
(d) notification
1. amendments to the information contained in the application referred to in points (a) to (c);
2. the intention to acquire, increase, lose or reduce qualified participation in, control or cease control of, or the electronic money institution;
3. authorised representative of the payment institution or electronic money institution;
4. changes to the information contained in the notification by the authorised representative of the payment institution or electronic money institution;
5. the intention to entrust the performance of certain operational activities to another person,
6. the intention of a payment institution, an electronic money institution or a payment account information administrator to carry out activities in the host Member State other than through a branch or an authorised representative.
(2) In addition, the Order shall lay down the application and notification formats referred to in paragraph 1.
Definition of terms
For the purposes of this decree:
(a) proof of integrity issued by a foreign State, a document similar to the extract from the Register of Penalties which may not be more than 3 months old, issued by a foreign State;
1. where the natural person concerned by the document is a citizen and is a foreign State in which the natural person has remained continuously for more than 6 months during the last 3 years; or
2. in which the natural person who is a citizen of the Czech Republic has remained continuously in the last 3 years for more than 6 months, unless the information required to assess integrity is contained in the Annex to the extract from the Register of Penalties; or
3. in which the legal person to whom the document relates has its registered office and the foreign State in which the legal person has, or has, a business establishment or branch in the last 3 years, or has carried on his or her business or has his or her property, provided that the law of those States regulates the criminal liability of legal persons;
(b) information to assess the credibility of the birth number, surname and surname, date and place of birth, nationality, proof of integrity issued by a foreign State, and details and documents of the person's current activities over the last 10 years, in particular:
1. the imposition of administrative penalties in connection with the performance of employment, function or business activities;
2. a decision to default or reject an insolvency application for a lack of assets;
3. suspension or withdrawal of authorisations for business or other activities; This does not apply if it has occurred at the request of the person holding the permit and this application has not been made at the time when the suspension or withdrawal of the business permit has already taken place,
4. Refusal of the consent of a court or administrative authority to choose, appoint or other profession for the post or acquisition of a qualifying holding, by increasing the qualifying participation or by controlling a person, where such consent has been required;
5. the imposition of disciplinary penalties or exclusion from the professional chamber, association or association of persons working in the financial market or the imposition of disciplinary penalties by such associations;
6. the dissolution by the employer of a work or similar relationship, removal from office or removal from a post connected with the management of property or a similar position; and
7. an assessment of the credibility already carried out by another authority, if any, and an indication of that authority, the date of the assessment and the evidence of the outcome of the assessment;
(c) financial statements
1. annual reports and financial statements or annual reports and financial statements verified by the auditor, where required by the Accounting Act, for the last 3 financial years, or for the period during which the applicant or notifier carries out business activities if that period is shorter than 3 financial years, or a summary of the applicant's financial situation, unless the applicant has compiled any financial statements,
2. evidence of income for the last 3 years, assets and debts, in the case of a natural person; and
3. consolidated annual reports and accounts or consolidated annual reports and financial statements verified by the auditor, where required by the Accounting Act, for the period referred to in point 1, where the applicant or notifier is part of the consolidation whole;
(d) identification data
1. in the case of a legal person, and in the case of an operating natural person, the name, registered office and identification number of the person, if any; and
2. in the case of a natural person who is not an entrepreneur, the name and the birth number, or, failing that, the date of birth and residence,
(e) information on sensitive payment data a description of, and management of access to, the registration, recording and monitoring of sensitive payment data pursuant to Article 2 (3) (n) of the Act
1. a description of the sensitive payment data flows within the applicant's business model;
2. a description of the instruments for monitoring access to sensitive payment data;
3. a description of the procedures for managing access to sensitive payment data;
4. access rights policy with a detailed description of access to relevant infrastructure, systems and applications components, including databases and backup infrastructure;
5. a description of the way in which data are recorded and stored if the applicant does not intend to provide only an indirect payment order service,
6. the expected internal or external use of the collected data, including counterparties, if the applicant does not intend to provide only an indirect payment order service,
7. a description of the security measures taken in information systems and communication technologies, including encryption or tokenization;
8. Information on divisions, departments or other similar departments (hereinafter referred to as "departments"), persons, bodies and committees with access to sensitive payment data,
9. a description of how distortions of the protection of sensitive payment data will be identified and addressed; and
10. a description and timetable of the annual internal arrangements for the security check of information and communication technology systems;
(f) information on the organisation of the applicant's organisation a description of the organisation and associated documents containing:
1. a detailed organisational chart showing each unit of the applicant and a description of the scope of each unit;
2. the estimated number of employees in the first 3 accounting periods of the provision of services by law,
3. an indication of the operational activities which the applicant intends to entrust to another person and, for each of those activities, a description of the arrangements for carrying out such activities by another person containing the identification data of the persons to whom the applicant intends to entrust the performance of the operational activities and, instead of carrying out its activities, an indication of the personnel directly responsible for the management and control of the operational activities entrusted to another person and their inclusion in the organisation structure of the applicant and a description of the operational activities and their scope,
4. contracts or drafts of contracts with other persons to whom the applicant intends to entrust the performance of a significant operational activity;
5. a description of the use of branches and authorised representatives, including a description of the information and communication technology systems and infrastructures used by authorised agents for the performance of payment services or the issuance of electronic money, a description of the policy of staff selection of authorised representatives and of the criteria chosen for assessing their credibility and competence, procedures and training and storage of data on authorised representatives; and
6. information on payment systems to which the applicant is to or intends to have access, indicating that fact or which it operates,
(g) information on the collection of statistical data, a description of the statistical data collection system and a description of the principles and definitions used for the collection of statistical data on performance, payment transactions and fraudulent payment transactions containing:
1. the type of data collected concerning payment service users or electronic money holders, the type of payment service, electronic money issuance, distribution channels, payment instruments, countries and currencies;
2. the scope of data collection with regard to the relevant activities and persons, branches and authorised representatives;
3. the method of collecting statistical data,
4. the purpose of collecting statistical data;
5. the frequency of collection of statistical data; and
6. the process of data evaluation and reporting of evaluation results within the corporate governance structure,
(h) a description of the security procedures, a description of the procedures for monitoring safety, addressing security and operational incidents in the field of payment and for taking related measures, including:
1. organisational measures and instruments to prevent fraudulent conduct;
2. details of the services which are within the scope of providing assistance to electronic money holders or payment service users in the event of security, operational incidents, fraud or technical problems, and identification of the managers of such services;
3. internal and external means of notification of fraudulent acts;
4. procedures for the notification and assessment of safety and operational incidents with regard to their severity, including those referred to in Article 13 and Chapter III of Regulation (EU) 2022 / 2554 of the European Parliament and of the Council;
5. safety monitoring tools and measures in place to reduce safety and operational risks, including procedures for identifying, recording, analysing, detecting the causes and introducing follow-up measures to remedy the technical problems and instruments that support those procedures;
(i) a description of the measures to maintain operation, a description of the measures to ensure the smooth performance of the activities and the continued functioning of the applicant, including the identification of critical operations, policies and plans to maintain the operation of information and communication technologies, response and recovery plans in the field of information and communication technologies, a description of the procedures for regular testing and review of those plans pursuant to Regulation (EU) 2022 / 2554 of the European Parliament and of the Council;
(j) a description of the measures against the legalisation of the proceeds of crime and terrorist financing, the internal control mechanisms put in place or implemented by the applicant to fulfil its obligations in this field, and related analyses and measures, including:
1. an assessment of the risks to combating the legalisation of the proceeds of crime and terrorist financing associated with the applicant's business, including risks related to the applicant's client base, trade relations, products and services provided, distribution channels and geographical areas of activity used by the applicant,
2. measures put in place or implemented by the applicant to mitigate risks and to fulfil the relevant obligations in the field of combating the legalisation of proceeds from crime and terrorist financing, including the process of assessing the effectiveness of such measures by the applicant, the strategies and procedures to meet client control requirements and the policies and procedures to detect and report suspicious transactions;
3. the systems and controls which the applicant has put in place or put in place to ensure that the applicant's branches and authorised representatives comply with the obligations to combat the proceeds of crime and terrorist financing, including where the authorised representative or branch is located in another State;
4. measures put in place or implemented by the applicant to ensure that workers and authorised representatives are appropriately trained to combat the legalisation of proceeds from crime and terrorist financing;
5. the identity of the delegate in the field of combating the legalisation of proceeds from crime and terrorist financing and evidence demonstrating that his expertise in combating the legalisation of proceeds from crime and terrorist financing is sufficient to carry out his duties effectively in this field;
6. the systems and controls put in place or put in place by the applicant to ensure the current, effective and appropriate measures to combat the legalisation of proceeds from crime and terrorist financing; and
7. Systems and controls put in place or implemented by the applicant to ensure that authorised representatives do not expose it to high risks in the field of legalisation of the proceeds of crime and terrorist financing;
(k) a worker is a natural person who is in a basic employment relationship or similar relationship with another person, or a natural person who is the head of a legal person;
(l) by a regulated institution, the person whose business is a similar activity to that of the financial market in the Czech Republic and subject to the authorisation of the Czech National Bank, if that person is established in another Member State and supervised in the State of his seat,
(m) data on persons with close links
1. identification of each person with close links; where the person with a close link is a person with a head office in another State, also an indication of whether he is a person who is to be authorised by another State supervisory authority to act as a regulated institution, or whether he is a controlling person of that person, and if the person with a close link is a person with a registered office in a Member State, as well as proof that the legislation of that State and the manner in which it is implemented, including its enforceability, does not prevent the effective exercise of supervision of the applicant;
2. a description of the structure of the group and the way in which it is linked with the graphic representation of the relationships between each closely connected person, indicating the subject matter of their activities; and
3. if the person with a close link is a legal person, the identification of the 10 largest members according to their share of the voting rights or all members, if the legal person has fewer than 10 of them, and the amount of their share of the voting rights expressed as a percentage,
(n) data relating to professional practice shall contain a set of data for each activity carried out as a separate business, activity in an employment relationship or activity of a similar nature.
1. information on the type of professional experience;
2. an indication of the person to whom the professional practice is or has been carried out;
3. a description of the employment classification and, where relevant, the importance of the practice for financial market activity, a description of the activity carried out and the extent of the powers and responsibilities associated with that activity, indicating the number of persons managed;
4. the definition of the duration of the activity referred to in point 3; and
5. consent to the performance of a work assignment required by other legislation, where necessary;
(o) data on education
1. the name and type or type of educational institution, the study programme, the focus of the study programme, the standard period of study of the study programme, the method and date of completion of the study, and, where appropriate, the academic degrees obtained; and
2. an overview of professional examinations and courses, traineeships and study visits relevant to financial market activities, indicating the year of completion and focus.
Application for authorisation to operate a payment institution
(Paragraph 10 (4) of the Law)
The details of the application details are:
(a) the identification details of the applicant; and
1. where the applicant is a legal entity that has not yet been established, the founding act;
2. the address of the applicant's actual registered office, if different from the registered office;
3. the address of the applicant's e-mail and website, if available; and
4. an indication of whether the applicant is a regulated institution;
(b) an activity plan containing the information referred to in Annex 1 to this Decree;
(c) a business plan containing the information referred to in Annex 2 to this Order;
(d) information on the organisation of the applicant;
(e) the documents supporting the initial own funds, including by the credit institution, issued extracts from the accounts established under the accounting plan with the current balances of the items constituting the initial own funds or other similar records showing the amount of the initial own funds of the applicant; where the applicant is a legal person who has not yet been established, he shall submit an extract of the account proving the existence of funds for initial capital;
(f) if the applicant is to be entrusted with funds to carry out a payment transaction pursuant to Article 22 (1) of the Act, a contract or a draft account contract pursuant to Article 22 (1) (b) of the Act or any other document proving the intention of the parties to conclude such a contract and a description of the measures to protect funds, including:
1. a description of the provision of separate records within the meaning of § 22 (1) (a) of the Act;
2. an indication of the form of protection of funds under Section 22 (1) (b) of the Act;
3. depending on the chosen form of protection of funds under point 2, the identification of persons, their function and the classification within the organisational structure of the applicant who have access to the accounts under § 22 (1) (b) of the Act, or a description of the investment policy to ensure the liquidity, security and low risk of the selected assets; and
4. a description of the process of management and recovery to ensure that the funds of payment service users are protected from the claims of other creditors;
(g) if the entrusted funds of users are to be protected by the conclusion of an insurance contract or by the provision of comparable collateral pursuant to Article 22 (2) of the Act, the contract or the draft insurance contract pursuant to Article 22 (3) of the Act or any other document proving the intention of the parties to conclude such a contract or the proposal of comparable collateral pursuant to Article 22 (4) of the Act and a description of the measures to protect funds containing:
1. confirmation that the insurance contract or comparable reinsurance is not agreed with a person in the same group as the applicant; and
2. a description of the process to ensure that the right of payment service users to the performance of an insurance contract or comparable collateral corresponds to the right to issue the funds entrusted to the execution of a payment transaction;
(h) a description of the security procedures;
(i) information on sensitive payment data;
(j) a description of the maintenance measures;
(k) information on the collection of statistical data;
(l) a description of the measures against the legalisation of the proceeds of crime and terrorist financing and a manual on measures against the legalisation of the proceeds of crime and terrorist financing for the workers of the applicant;
(m) data on persons with close links;
(n) information on persons having qualified participation in the applicant and persons who, acting in agreement with another person, obtain a qualified participation in the applicant and the controlling person referred to in Annex 3 to this Order;
(o) details of the managers as provided for in Annex 4 to this Decree;
(p) a description of the internal governance and internal control mechanisms referred to in Annex 5 to this Regulation;
(q) a description of the risks and management measures involving:
1. a detailed assessment of the risks related to payment services provided or intended to be provided by the applicant, taking into account the planned technical security of the provision of such payment services, including the risk of fraudulent conduct, and the security and control measures and procedures to mitigate identified risks and to protect electronic money holders or payment service users from such risks;
2. a description of the applicant's risk management system pursuant to Chapter II of Regulation (EU) 2022 / 2554 of the European Parliament and of the Council, including where the applicant intends to entrust the performance of an operational activity to another person; and
3. the internal regulation or regulations by which the applicant will ensure that the safety and control measures and risk mitigation procedures referred to in point 1 are implemented and that the requirements of Chapter II of Regulation (EU) 2022 / 2554 of the European Parliament and of the Council are clearly met,
(r) the auditor's identification details which are carried out by the applicant in accordance with the Auditor Act;
(s) where the applicant intends to carry out the activities referred to in Article 17 of the Act, the insurance contract, the draft contract or the document proving the undertaking's willingness to conclude such a contract, at the latest at the time of the commencement of the activity of the payment institution, or a document similar to that of the guarantee provided for in Article 9 (1) (d) and Article 17 (1) (2) of the Act and the entry date, and the method of calculating the minimum limit of the insurance premiums on professional liability insurance or the minimum level of comparable reinsurance, including the value of the risk profile indicator, the activity type indicator and the indicator of the activity under the Decree governing certain conditions for the performance of persons authorised under the law, if the applicant intends to perform an indirect payment order or payment account service; and
(t) the name of the associations of persons providing payment services or other similar associations of which the applicant is a member or who will soon become a member.
Notification of a change to the information contained in the application for authorisation to operate a payment institution
(Paragraph 11 (2) of the Act)
The notification of a change to the information specified in the application for authorisation to operate a payment institution shall contain an indication of the change, supplemented by the updated information referred to in Article 3, which is affected by the change, depending on the nature of the change.
Application for extension of payment services by a payment institution
(K § 10 (4) and § 11 (2) in conjunction with § 14 of the Act)
The payment institution's application to extend the scope of payment services shall include an indication of the activity for which an extension is requested, supplemented by updated information pursuant to Section 3.
Application for authorisation to operate a payment account information administrator
(Paragraph 43 (3) of the Act)
The details of the application details are:
(a) the identification details of the applicant; and
1. If the applicant is a legal person which has not yet been established, a founding act,
2. if the applicant is a natural person, a CV containing educational and professional experience data,
3. the address of the actual registered office, if different from the registered office;
4. e-mail address and website of the applicant, if available,
5. an indication of whether the applicant is a regulated institution; and
6. the information necessary to provide for an extract from the criminal record and, where applicable, proof of integrity issued by a foreign State or an extract from the criminal record (2),
(b) an activity plan containing the information referred to in Annex 1 to this Decree;
(c) a business plan containing the information referred to in Annex 2 to this Order;
(d) information on the organisation of the applicant;
(e) a description of the security procedures;
(f) if the applicant intends to handle sensitive payment data, information on sensitive payment data;
(g) information on statistical data collection;
(h) a description of the maintenance measures;
(i) the data on the heads of directors referred to in Annex 4 to this Decree;
(j) a description of the internal governance and internal control mechanisms referred to in Annex 5 to this Regulation;
(k) a description of the risks and management measures involving:
1. a detailed assessment of the risks related to payment services provided or intended to be provided by the applicant, taking into account the planned technical security of the provision of such payment services, including the risk of fraudulent conduct, and the security and control measures and procedures to mitigate identified risks and to protect electronic money holders or payment service users from such risks;
2. a description of the applicant's risk management system pursuant to Chapter II of Regulation (EU) 2022 / 2554 of the European Parliament and of the Council, including where the applicant intends to entrust the performance of an operational activity to another person; and
3. the internal regulation or regulations by which the applicant will ensure that the safety and control measures and risk mitigation procedures referred to in point 1 are implemented and that the requirements of Chapter II of Regulation (EU) 2022 / 2554 of the European Parliament and of the Council are clearly met,
(l) an insurance contract, a draft contract or a document proving the insurance undertaking's willingness to conclude such a contract, at the latest at the time of the commencement of the business of the manager of the information on the payment account, or a document of a similar nature to the provision of a guarantee in accordance with Articles 42 (1) (c) and 46 (2) of the Act and the entry dates and method of calculating the minimum limit of the insurance premiums for professional indemnity insurance or the minimum level of comparable reinsurance, including the value of the risk profile indicator, the activity-type indicator and the activity-scale indicator, pursuant to the Decree governing certain conditions for the performance of persons authorised under the law; and
(m) the name of the associations of persons providing payment services or other similar associations of which the applicant is a member or who will soon become a member.
Notification of a change to the data contained in the application for authorisation to operate the payment account information administrator
(Paragraph 44 (2) of the Law)
The notification of a change to the information specified in the application for authorisation to operate the payment account information administrator shall contain an indication of the change, supplemented by updated information pursuant to Article 6, which is affected by the change, depending on the nature of the change.
Application for authorisation to operate a small-scale payment service provider
(Paragraph 60 (3) of the Law)
The details of the application details are:
(a) the identification details of the applicant; and
1. where the applicant is a legal entity that has not yet been established, the founding act;
2. the address of the actual registered office, if different from the registered office, and if the applicant has its registered office and its registered office in another Member State, also the address of the branch in the Czech Republic, an extract from the register similar to the commercial register, which may not be more than 3 months old, and the opening legal proceedings;
3. the address of the applicant's e-mail and website, if available; and
4. an indication of whether the applicant is a regulated institution;
(b) an activity plan containing the information referred to in Annex 1 to this Decree;
(c) a business plan containing the information referred to in Annex 2 to this Order;
(d) where the applicant is to be entrusted with funds to conduct a payment transaction under Article 22 (1) of the Act, documents and information referred to in Article 3 (f);
(e) if the entrusted funds of users are to be protected by the conclusion of an insurance contract or by the provision of comparable collateral pursuant to Article 22 (2) of the Act, documents and information referred to in Article 3 (g);
(f) information on the organisation of the applicant;
(g) a description of the security procedures;
(h) information on sensitive payment data;
(i) information on the collection of statistical data on safety and operational risks;
(j) a description of the maintenance measures;
(k) information to assess the applicant's credibility;
(l) information on the managers referred to in Annex 4 to this Decree;
Sign in for notes, favorites and notifications
Regulation Information
| Citation | Decree No. 1 / 2022 Coll., on applications and notifications to carry out activities under the Law on Payment |
|---|---|
| Regulation Type | - |
| Author | - |
| Collection | Code of Laws |
| Date of Promulgation | 06.01.2022 |
|---|---|
| Effective from | 01.07.2022 |
| Effective until | - |
| Status | Valid |
Public Contracts 5
O dílo - Bazén Evžena Rošického - rekonstrukce bazénových van v objektu
Statutární město Jihlava
Metrostav DIZ s.r.o.
88 209 005 CZK
09.07.2025
Notifications
Smlouva o poskytování servisu - Objekt Vojenského historického ústavu v Praze – zajištění servisních...
Armádní Servisní, příspěvková organizace
AC EURO a.s.
4 924 281 CZK
21.11.2023
Smlouva o dílo - komplexní provádění revizí plynových zařízení, odborné a periodické prohlídky kotel...
Vyšší odborná škola, Obchodní akademie a Střední o...
Ing. Josef Polanský
34 100 CZK
13.12.2022
Smlouva o smlouvě budoucí o zřízení služebnosti k pozemkům p.č. 4/2, 436, ... k.ú. Žabovřesky; částk...
Statutární město Brno
GasNet, s.r.o.
774 CZK
10.10.2022
Smlouva o smlouvě budoucí o zřízení služebnosti k pozemkům p.č. 6044/1, 8145/1, ... k.ú. Židenice
Statutární město Brno
CETIN a.s.
920 CZK
26.04.2022
Source:
Hlídač státu
(CC BY 3.0 CZ)
The regulation text is for informational purposes only.
Comments 0