The Central Bank of Ireland (the Central Bank) has fined BlueSnap Payment Services Ireland Limited (BlueSnap) €324,240 for breaching requirements of the European Union (Payment Services) Regulations 2018 (the PSR 2018) between January 2021 and December 2022.

BlueSnap was authorised by the Central Bank as a payment institution under the PSR 2018 on 23 December 2020 to provide payment services. BlueSnap provides “merchant acquiring services” enabling its customers, which are businesses that sell products and services online, to accept payments for products and services sold. When an online sale is made by one of BlueSnap’s customers, BlueSnap should collect the money, hold it securely in a segregated bank account and then pay it onwards to the customer’s bank account.

The PSR 2018 contains specific safeguarding requirements for payment institutions that provide payment services, such as BlueSnap.  Safeguarding of funds is a key regulatory protection for customers who use the services of Payment and E-Money institutions. The objective of safeguarding is to protect customers’ funds pending a payment being made and to ensure that if a firm becomes insolvent, funds are available to be returned fully and promptly to its customers. Safeguarding is particularly important as there is no compensation or deposit protection scheme applicable to the Payment and E-Money sector.

The business model of a payment institution is focused on enabling customers to make and receive payments. From a safeguarding perspective, this means that a payment institution must hold customers’ money securely for the duration of those transactions in a segregated bank account established for the sole purpose of holding customer funds, or have an insurance policy or comparable guarantee in place for an amount equal to the value of customer funds held.

When customer funds are held in a segregated bank account, such funds must not be mixed with the firm’s own funds or funds of other group entities and their customers. Customer funds must always be identified, managed and protected in this manner. This includes the clear segregation, designation and reconciliation of any customer funds held. The Central Bank views the protection of customers’ money as a core part of the role that payment and e-money institutions play in society.  For this reason, the Central Bank has repeatedly communicated to the sector that it has no tolerance for weaknesses in safeguarding arrangements.   

When a firm applies to the Central Bank for authorisation, the information it provides in its application is fundamental to whether the Central Bank deems it appropriate to authorise the firm to provide financial services.  The integrity and accuracy of information provided to the Central Bank underpins the Central Bank’s decision to authorise a firm. The Central Bank expects firms to be able to demonstrate on an ongoing basis that they meet the assurances and commitments they have given at authorisation.

BlueSnap breached the requirements of the PSR 2018 because it:

  • Did not deposit its customers’ funds in BlueSnap’s designated safeguarding account.
  • Mixed its customers’ funds with other funds.
  • Delayed informing the Central Bank once it became aware that it was not following the safeguarding procedures that BlueSnap had set out to the Central Bank in its application for authorisation.

These failings arose due to deficiencies in regulatory awareness and understanding of reporting requirements, in addition to inadequate oversight and monitoring by BlueSnap of safeguarding operations which were provided by the BlueSnap group. BlueSnap has confirmed to the Central Bank that it has remediated the safeguarding failures which are the subject of the prescribed contraventions.

Today’s announcement follows the settlement reached between the Central Bank and BlueSnap on 19 November 2024.

BlueSnap has admitted the prescribed contraventions and has agreed to the undisputed facts set out in the Settlement Notice (PDF 235.67KB). As part of the settlement agreement reached between the Central Bank and BlueSnap, the Central Bank has determined that sanctions comprising a reprimand and monetary penalty in the amount of €463,200 are warranted.  The application of a 30% settlement scheme discount brings the amount to €324,240.  The sanctions have been accepted by BlueSnap.  The sanctions are subject to confirmation by the High Court and will not take effect unless they are confirmed.

Seána Cunningham, Director of Enforcement and Anti-Money Laundering, of the Central Bank, said:

“Payment and E-Money firms are authorised to hold and transfer money on behalf of customers, and at the core of this is a requirement for them to safeguard this money. Safeguarding customer funds is a fundamental requirement for any Payment or E-Money institution and the Central Bank has made its supervisory expectations in this regard clear. 

When firms apply for authorisation, they need to demonstrate to the Central Bank how they will meet their regulatory obligations. It follows that they must then adhere to the commitments they have made at authorisation when they provide services as an authorised financial services provider. If information provided at authorisation is no longer accurate, firms must inform the Central Bank of this promptly and take any necessary remedial action. 

In this case, BlueSnap failed to comply with its safeguarding obligations, which exposed its customers to significant risk, and failed to inform the Central Bank promptly of changes to the accuracy of the information it provided in its application for authorisation. 

The safeguarding of customer funds has been, and will continue to be, a key area of supervisory focus for the Central Bank.”