A small payment institution means a legal person established in the Republic of Croatia, which has been issued a decision by the Croatian National Bank on the entry of a small payment institution in the register of payment service providers and electronic money issuers and which may provide one or several payment services referred to in Article 4, items (3) to (6) of the Payment System Act.
A small payment institution may provide payment services exclusively in the territory of the Republic of Croatia.
Submission of the application for entry in the register
A legal person established in the Republic of Croatia intending to provide payment services as a small payment institution (hereinafter referred to as 'applicant') submits to the Croatian National Bank an application for entry in the register in accordance with Article 123 of the Payment System Act. All the required documentation and information prescribed in accordance with Article 123, paragraph (3) of the mentioned Act should be enclosed with the application.
The application for entry in the register of payment service providers and electronic money issuers should also be accompanied by a report on the total value of all payment transactions executed in the last 12 months. The average total monthly value of payment transactions executed by the applicant in the last 12 months, including the payment transactions executed through its agents, may not exceed EUR 995,000.00. If the applicant has not yet commenced operations or has operated for less than 12 months, a projection of the total amount of payment transactions for the subsequent 12 months should be enclosed with the business plan, from which it is evident that the average total monthly value of executed payment transactions, including payment transactions executed through its agents, does not exceed EUR 995,000.00.
The prescribed documentation and information to be submitted to the Croatian National Bank for the purpose of entry in the register of payment service providers and electronic money issuers are specified in the Guidelines on the information to be provided for the authorisation of payment institutions and e-money institutions and for the registration of account information service providers under Article 5(5) of Directive (EU) 2015/2366.
Specific requirements concerning certain documentation and information, submitted by the applicant pursuant to Article 123, paragraph (3) of the Payment System Act, referring to the application of Article 85 of that Act, are governed in more detail in the following regulations:
- with regard to the requirement referred to in Article 85, paragraph (2), item (7) of the Payment System Act for the submission of a description of measures intended to be taken to safeguard payment service users' funds in accordance with Article 100 of that Act, the scope of and methodology for the calculation of safeguarded funds and the characteristics of the types of assets and the characteristics of the insurance policy or comparable guarantee as a form of safeguarding are prescribed in more detail in the Decision on safeguarding the payment service users and electronic money holders' funds;
- with regard to the requirement referred to in Article 85, paragraph (2), item (8) of the Payment System Act for the submission of a description of the rules for the use of the services of information and communication technology (ICT) are prescribed in more detail in Regulation (EU) 2022/2554 on digital operational resilience for the financial sector (DORA);
- with regard to the requirement referred to in Article 85, paragraph (2), item (9) of the Payment System Act concerning the incident reporting mechanism, incident reporting obligations, prescribed in more detail in Chapter III of Regulation (EU) 2022/2554 on digital operational resilience for the financial sector (DORA) should be taken into account;
- with regard to the requirement referred to in Article 85, paragraph (2), item (11) of the Payment System Act for the submission of a description of business continuity arrangements, including a clear identification of the critical operations, effective ICT business continuity policy and plans, ICT response and recovery plans and a procedure to regularly test and review the adequacy and efficiency of such plans, are prescribed in more detail in Regulation (EU) 2022/2554 on digital operational resilience for the financial sector (DORA);
- with regard to the requirement referred to in Article 85, paragraph (2), item (13) of the Payment System Act for the submission of a description of security control and risk mitigation measures taken to ensure a high level of digital operational resilience are prescribed in more detail in Chapter II of Regulation (EU) 2022/2554 on digital operational resilience for the financial sector (DORA) and Guidelines EBA/2019/04 on ICT and security risk management should also be taken into account in addition to their latest amendment (Guidelines amending Guidelines EBA/2019/04 on ICT and security risk management);
- with regard to the requirement referred to in Article 85, paragraph (2), item (15) of the Payment System Act for the submission of a description of the organisational structure, the applicant intending to outsource certain operational activities of payment services is required to ensure that the intended outsourcing complies with Article 107 of the Payment System Act and the Guidelines on outsourcing arrangements.
In addition to the application and the prescribed documentation, the applicant should also submit a completed and signed Form for the collection and processing of personal data.
Decision of the Croatian National Bank
Based on the submitted application for entry in the register of payment service providers and electronic money issuers and the submitted documentation, the Croatian National Bank decides on the application in an administrative procedure and adopts a decision on entry in the register if all the conditions prescribed in Article 122 of the Payment System Act have been met. Legal persons may provide payment services only after these payment services have been entered as business activities in the register of companies.