May 23, 2024
by Soham Jethani, Pankhuri Malhotra, and Subha Chugh
in Case StudiesIntroduction
A fully licensed and regulated bank based in the United Arab Emirates (the “Bank”) sought to enhance its digital payment offerings by exploring innovative solutions for issuing and managing prepaid cards through partnerships with fintech companies and third-party service providers. However, the Bank recognised the need to navigate the regulatory landscape governed by the Central Bank of the UAE (CBUAE) to ensure compliance and mitigate risks associated with such partnerships.
A BIN (Bank Identification Number) Sponsorship Agreement is a framework that enables financial institutions to partner with non-bank entities, such as fintech companies or payment service providers, to offer payment card products and services. In this arrangement, the financial institution acts as the “BIN Sponsor,” providing the necessary licences and regulatory approvals to issue payment cards under their BIN. Simultaneously, the partner entity handles various aspects of card management, distribution, and customer-facing operations.
Client Challenge
The Bank identified three potential models for establishing BIN Sponsorship Agreements with various partners, including Channel Partners, Card Processors, and Programme Managers. The primary challenge was to evaluate each model’s regulatory implications under the CBUAE’s Retail Payment Services and Card Schemes Regulations (RPSCS) and Outsourcing Regulations.
Specifically, the Bank sought to determine whether certain partnerships would trigger the requirement for partners to be classified as “Agents” under the RPSCS, necessitating additional reporting and compliance obligations. Furthermore, it aimed to assess whether these partnerships would constitute “Material Outsourcing” under the Outsourcing Regulations, which would mandate obtaining prior approval from the CBUAE and adhering to stringent governance, risk management, and data protection requirements.
Strategies, Tactics, and Solutions
We conducted a comprehensive analysis of the RPSCS and Outsourcing Regulations, evaluating the implications of each proposed partnership model. We provided the Bank with a detailed memorandum of advice outlining the regulatory classifications and compliance requirements for each potential partner under the three models.
For Model 1, involving a direct partnership between the Bank and a Channel Partner, the recommendation was a simple outsourcing agreement that complied with the Outsourcing Regulations, as this arrangement was unlikely to constitute Material Outsourcing.
In Model 2, which involved a third-party Card Processor, the advice was to pursue Option 2, a tripartite agreement involving the Bank, the Channel Partner, and the Card Processor. This approach would ensure proper oversight and compliance with the Agent requirements under the RPSCS and Material Outsourcing requirements under the Outsourcing Regulations.
For Model 3, which introduced a Programme Manager as an intermediary, the recommendation was a variation of Option 2, an agreement between the Bank, the Programme Manager, and the third-party Card Processor. This structure would enable the Bank to oversee the Card Processor while leveraging the Programme Manager’s expertise in organising and managing the various partners.
Throughout the analysis, we provided the Bank with a comprehensive overview of the regulatory requirements, including data protection compliance, outsourcing agreement structuring, outsourcing outside the UAE, internal audit and compliance obligations, and the need for CBUAE approval for Material Outsourcing arrangements.
Outcomes
The strategic analysis and recommendations allowed the Bank to navigate regulatory requirements while exploring innovative partnerships to enhance its digital payment offerings. By providing a detailed evaluation of the three proposed models, the Bank clearly understood the regulatory implications and compliance requirements associated with each partnership structure.
With this legal advice, the Bank could confidently pursue its strategic objectives while mitigating regulatory risks and ensuring adherence to the CBUAE’s guidelines. The tailored recommendations for each model would eeenable the Bank to establish robust partnerships, leverage the expertise of fintech companies and third-party service providers, and deliver cutting-edge digital payment solutions to its customers while maintaining a strong compliance framework.
© 2024 TLP Advisors