Why has Lithuania become a key destination for licensing in Europe?
The banking licence Revolut received in Lithuania in December 2018 came as good news. From now on, the London-based firm would be allowed to offer new products, including consumer and business loans, in the whole European Union thanks to the passporting rights. This was also a positive outcome for the Lithuanian authorities, which saw one of the fintech giants picking Lithuania as a key destination to launch its activities on the continent.
But things quickly turned sour. A couple of months later, Revolut found itself at the centre of controversy when it appeared that its chief executive, Nikolay Storonsky, was the son of the director of a division of Gazprom – a Kremlin-controlled company. The news could have gone unnoticed, but this was without reckoning the stormy history between the Baltic country and its neighbour, Russia.
The news sparked even more interest that, a few weeks before, details emerged over some illegal transactions that may have passed through the digital giant after an automated system used to flag suspicious deals was disabled.
These were challenging times for Revolut. But this was equally difficult for the Lithuanian authorities. Many observers in Europe eventually wander what prompted the Lithuanian authorities – and, ultimately the ECB – to give their green light for the delivery of a European banking licence to Revolut.
On its side, the digital bank denies any wrongdoings. Revolut claimed on multiple occasions that it approached its application for the banking licence in Lithuania in complete transparency.
‘Special’ or ‘light’ banking licence
Revolut was granted what the Lithuanian authorities call a ‘special’ or ‘light’ banking licence.
In an interview with FinTech Futures earlier this year, Vilius Šapoka, the finance minister in office since December 2016, explained that this banking licence was introduced by a European directive. “I think this was a substantial step forward as it allows smaller companies to provide basic banking services,” he said, before stressing: “And our regulatory standards are not dissimilar from the EU regulatory framework.”
The directive Vilius Šapoka is referring to is the fourth Capital Requirement Directive (CRD IV), which was voted by the European Parliament in April 2013 and was approved by the European Council in June the same year.
Thus, Article 8.1 of the directive gives any firm wishing to carry out basic banking activities the option to apply for a credit institution licence.
“Firms willing to provide payment services, take deposits and do lending, for instance, can apply for this specialised bank licence,” says Jekaterina Govina, advisor to the board of the Bank of Lithuania and coordinator of its fintech strategy. “But specialised banks cannot operate in more complex activities such as investment or fund management services.”
Moreover, under article 12.4 of the directive, EU member states can decide whether or not certain types of institutions can start operating with an initial capital requirement lower than the €5 million traditionally required for banking institutions.
“EU banking law provides a discretion for member states to specify that certain types of institutions can be authorised with an initial capital requirement which is less than €5 million under certain conditions: the first one being that it cannot be any less than €1 million,” explains Elisabeth Noble, senior policy expert at the European Banking Authority (EBA) in Paris.
If a member state decides to exercise this option, it will have to notify both the European Commission and the EBA of its reasons.
Lithuania, for instance, introduced this option three years ago at the time when the Baltic country launched a vast reform of the credit union market.
But, eventually, when the fintech scene started to emerge, it became clear that this regime could also apply to digital banking companies.
A couple of things must be borne in mind, though. First, the capital requirements may be subject to change over time. As Govina says, there is an ongoing supervision of credit institutions in Europe and since the capital requirements are always commanded by the risk, regulators may well decide to require more capital as the business evolves.
“The one million euro is the amount of initial capital requirement set for specialised bank,” she says. “But if a company expands its business model and presents a different risk profile because it has taken on new customers or is willing to offer new products, for instance, capital requirements will go upward.”
Second, even though some member states apply the discretion around the initial capital requirements, the competent authorities can apply an additional individual risk-based buffer. This is because the initial capital requirements must be maintained over the credit institution’s lifetime and cannot be used to absorb any potential losses.
Related: Europe’s dance of fintech hubs
“When we review an application, we must be aware of the national law of the country where the firm applies,” explains Mauritia de Vries Robles-Kroon, principal supervisor in the Directorate General Microprudential Supervision III – the directorate general which is responsible for the oversight of the supervision of ‘less significant’ banks within the ECB. “Therefore, if a member state exercises the lower capital requirements option, we need to take this into consideration. But, depending on the application, we also have the right to ask for an additional capital buffer if we deem it necessary.”
And to make sure competent authorities have all the flexibility they need, the CRD IV directive leaves a lot of room for interpretation.
“Article 8.1 for instance, sets the basic conditions to be met by any firm looking to carry out banking services,” explains Noble. “But EU law leaves flexibility in the application of the conditions allowing for proportionality when considering individual applications against those conditions. This is important in light of the range of business models that can be observed.”
In short, when authorities receive an application, they will determine whether or not the structural organisation of the firm, the risk management processes and the capital in hand is adequate and whether or not the firm can operate as a credit institution.
The specific case of fintech firms
But, in the case of fintech firms, some aspects may require more scrutiny. In a report entitled “Regulatory perimeter, regulatory status and authorisation approaches in relation to fintech activities” published in July this year, the EBA notes that: “there tends to be greater uncertainty regarding fintech credit institutions’ business projections and the resulting capital requirements”.
The remarks, based on the feedback provided by the ECB, highlights some of the difficulties encountered by authorities when it comes to reviewing their application.
“Compared with traditional banks,” the report says, “it is often less clear how the business will develop, since it is more difficult to forecast the number of customers, level of sales, etc. It is also harder to predict the future level of external funding. In addition, the innovative nature of a fintech credit institution may pose unknown risks to the business plan.”
Read more: Lithuania seeks to attract more fintech firms
To that extent, the ECB recommends fintech firms to prepare an exit plan to identify how they can cease business operations on their own initiative, in “an orderly and solvent manner without harming consumers, causing disruption to the financial system or requiring regulatory intervention.”
Moreover, the Frankfurt-based institution scrutinises both the technical and financial skills of the members of the management body. “A fintech firm may know the ins and outs of artificial intelligence, deep learning or any other technologies and IT tools it relies upon, but members of the management board may not have the necessary financial skills,” argues Robles-Kroon. “And since the management body is ultimately responsible for the day-to-day operations and needs to understand the risks of its business model, we expect them to have both sets of knowledge.”
The ECB also places great focus on data management and data protection “given the potential links of fintech firms with reputational risk in cases of breach and on IT system as well as outsourcing risks due to their use of outsourcing and cloud services”.
Overall, the reviewing process for all type of firms can take up to a year.
“Applying for a banking licence is a fairly long and burdensome process,” concedes Govina at the Bank of Lithuania. “But our role as regulators is to ensure from the very beginning that businesses entering the financial market are viable and sustainable.”
Unlevel playing field
So far, the Baltic country has issued up to three banking licences under the lower capital requirements discretion. Five more applications are currently under review.
This places the country in the top EU destinations for licence applications, and not only for banking licences. And with Brexit looming in the background, the number of UK-based firms looking to step into the Lithuanian market grew significantly in 2018.
“We receive applications from companies located in various parts of the world but it’s true that with Brexit, quite a few fintech firms showed an interest in Lithuania as they wanted to secure a licence in the EU after the UK leaves,” says Govina.
But why does Lithuania attract so many applications compared to other member states?
The answer probably lies in the nature of the European Union and the fragmentation of its internal market. At the moment, only 11 member states apply the discretion around the capital requirements – namely Cyprus, Czech Republic, Spain, Croatia, Hungry, Ireland, Lithuania, Poland, Sweden and the UK – according to the Supervisory disclosure on the options and national discretions published and regularly updated by the EBA.
Related: Explained: The ECB’s role in the banking licence process & UK’s licensing procedures
On the contrary, some countries are not willing to make a move in that direction. When the French Authorité de Contrôle Prudentiel et de Résolution (ACPR) was contacted by FinTech Futures, the authority confirmed that France has not introduced this regime and is not planning to do so in the foreseeable future. The ACPR did not provide any more information.
A spokesperson for the German Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) gave a hint as to why Germany is not willing to exercise this option. In a written email, the spokesperson referred to an annual press conference back in 2016. During that press conference, BaFin’s president, Felix Hufeld, made clear that the regulator would follow the ‘same business, same risk, same rules’ approach.
“As a financial supervisory authority,” Hufeld said at the time, “BaFin can neither put up barriers to protect established companies, nor give newcomers special treatment.”
Still, all those national discretions inevitably create an unlevel playing field in Europe and, potentially, lead the member states that have not exercised the option to disadvantage.
One head of a London-based fintech firm concedes that if his company was in a similar situation of applying for a banking licence, they would “probably” opt for a country where the capital requirements are slightly lower. “The difference between €1 million and €5 million may not seem like a lot but for a fintech company in its expansion phase, it still makes a difference,” he says.
But there could be another reason Lithuania is catching so much attention from firms looking to secure a banking licence. And this may have to do with the way the Bank of Lithuania functions.
“When our board approved the strategy on accelerating innovations in financial markets, we launched a bunch of initiatives, one of which consisted in reviewing our licensing process to make it more efficient,” says Govina. “We decided that we, as a country, needed to have some sort of a competitive edge.”
She notes that being part of the EU means Lithuania “does not want to compete on regulation, as it favours harmonised regulation on EU level.” Instead, the Baltic country focused on the “effectiveness” of its assessment process and looked at the added-value the regulator could bring to fintech firms.
Suggested reading: Licence lust lets Lithuania’s fintech sector soar
As part of its newly devised strategy, Lithuania put several tools in place. This included a newcomer programme, which allows start-ups to have an initial consultation with the Bank of Lithuania before they even apply for a licence, as well as a regulatory sandbox. And this applies to all applicants, not only those looking at securing a banking licence.
“I must say that the accessibility to the Lithuanian regulators was really easy,” says Stephanie Brennan, founder and CEO of Evarvest, a brokerage company which is currently applying for a brokerage licence in Lithuania as part of its international expansion plans. “We have been able to meet with them to understand what they expect from us, but also to gain some insight into their supervision and oversight. Coming from Australia, it’s really important we understand the different regulations, as Europe is a completely new and vastly different market for us, but also to understand how EU regulation is implemented in different countries, like Lithuania.”
This was a key factor for Evarvest when choosing its licensing destination. But there was more. “The other reason why we decided to apply for a licence in Lithuania is due to the application timeframe,” Stephanie Brennan adds. “Lithuania has the fastest licensing process in Europe.”
According to sources familiar with the matter, it would take up to six months to apply for a brokerage licence in Lithuania, whereas a full year would be necessary in Germany.
And to allow for this faster assessment process, the regulator hired additional staff and launched an e-licencing tool, which allows firms to apply electronically via the central bank website and in English. In total, the central bank increased the supervisory workforce that deals specifically with fintech companies by 20%.
Today, several divisions within the Bank of Lithuania work jointly on the application process but the applicant only liaises with one officer.
The question at this stage is whether the Bank of Lithuania will have the resources in place to sustain the flow of applications in the coming months.
“If we look at Brexit and the uncertainties around it, more UK-based companies may want to secure a licence in Lithuania, which will undeniably put pressure on the central bank,” says one founder of a local fintech. “This might delay the application process, in which case Lithuania may well run the risk of losing its attractiveness among firms.”
But Govina casually brushes aside these comments and seeks to reassure future applicants and other regulators in Europe. “We are constantly re-evaluating whether we have enough resources to tackle the risks in the financial market,” she says. “We don’t do it in one go. We do it progressively, so we can address new challenges that come with the increasing number of supervised companies.”
By Cécile Sourbes, freelance writer and editorial contributor to FinTech Futures