Establishing a bank — our way
The future belongs to the tandem of banking systems’ operational experience and opportunities brought by the advanced blockchain technologies. That is why we’ve decided to open a progressive bank in England, at the junction of these two areas.
In this article we share our vision and experience on the process of establishment of modern bank.
Electronic Money Institution License
The first priority is to obtain an EMI license that allows us to issue our own electronic currency that’ll be used in customers’ payments for goods and services. We will be able to issue payment cards, provide lendings and launch online banking.
It will take eight months to prepare documents and structure for obtaining a license. Along with the notarised personal documents, we will provide a description of the following methods and processes:
- methods of protecting funds and implementing payment services;
- implementation of management and control system;
- methods of technical support;
- method of calculating capital adequacy.
Financial and business plans are prescribed for three years ahead. The bank will confirm the availability of funds for launching the project, providing statements of accounts and receipts for tax payments. Verification usually takes from three (at best) to twelve months.
The right to establish a bank
In order to function as a bank, we need FCA (UK Financial Conduct Authority) and PRA (Prudential Regulation Authority of the Bank of England) permissions.
After paying the membership fee, we inform the regulator about the details of the company, including the organisational structure. The business plan of the bank undergoes strict FCA evaluation, it requires confirmation of compliance with the legislation against money laundering and compliance with the monitoring program.
According to the FCA rules, there should be a physical office in England, and the director of the company must be a resident of the country. His/her personality is checked, including a diploma, qualification and work experience. Based on the data obtained, the supervisory authority determines the degree of reliability. The serious checks are coming — it is no accident that the British financial industry is considered one of the most honest and transparent in the world.
Obtaining a license takes from eight months to one year, but the work does not stop there. The company will be under strict supervision: regular checks and audits are waiting for us — we will be obliged to send monthly reports and to provide details on each completed deal.
Proper people are the main value of the company
In order to obtain FCA license, minimum staff requirements must be met: there must be director and compliance officer, responsible for interaction with the regulator.
The minimum-list is small, but in practice it is much bigger. In order to ensure effective operation of such financial structure we must hire technical and financial directors, blockchain developers, back-end and front-end developers, designers, lawyers, project managers, PR managers, online marketers, consultants and many more. Our partnership with the well-known N2Growth company will allow us not only to select candidates that meet the FCA/PRA and the Bank of England requirements, but also to obtain real experts, whose efforts and competences will lead our firm to success.
Certifications and audits
To conduct payments, we will receive a physical certificate of compliance with the requirements of the Payment Card Industry Data Security Standard. PCI DSS Level 1 guarantees the highest security of network infrastructure and card data when processing payments.
In order to confirm compliance with the standard, we will pass an external audit by a QSA-company certified by the PCI SSC Board. We are waiting for a comprehensive verification: experts will study the level of network security and future card owners’ data protection, access control, authentication scheme, physical and antivirus protection, information infrastructure features, event- and action- logging, etc. Our team already consists of technical specialists who have experience in development of secure infrastructures and passing the PCI DSS Level 1 and QSA audits.
QSA-auditor with confirmed status is necessary for the last stage of certification and Deiteriy company is very suitable for this role. Employees of this firm will collect the audit evidence, document their observations and prepare the compliance report. As a result, a Certificate of Conformity and a Certificate of Compliance will be issued, which will then go to Visa and MasterCard IPS.
Registration of the financial structure documents will be conducted by Deloitte employees. Such an important task can only be entrusted to a company with a worldwide reputation and a 150-year history, a company that’s already implementing blockchain and other cutting-edge technologies in its daily work.
The next milestone is the acquisition of the QMS ISO 9001–2000 compliance certificate. To reach our goal, we need to describe the business processes and make quality measurements using office automation and document management systems. After we have this data, we address the international certification bodies with it.
Software development: keeping pace with the times
In order to develop a software that would not raise any questions from the certifying authorities, we need a team of really experienced developers working on such task,—someone who is expert in both business-related questions and software development. Therefore, we’ve decided to work with Scand — company that’s been developing excellent software for clients from the USA, Europe and Canada for more than 15 years. They’ve already released various complex projects that’ve met PSI DSS and ISO requirements, and therefore one cannot find a better candidate for this role.
In accordance with the European PSD2 directive, we must provide an open API-interface so that developers of third-party services could connect to our RBS systems. This is an advantage for us: the solution is a prerequisite for the emergence of convenient and high-speed client-oriented applications.
To accelerate and optimise the processing of applications, we will receive the status of principal members of the IPS — Visa/Mastercard Principal Membership. This category of participation is the highest one, it will allow us to emit all types of cards of our own design and under our BIN directly. This way we will be able to deal with cards acquiring without any intermediaries, connecting our equipment through a processing centre.
After paying the membership fee, we will open an insurance deposit in the settlement bank of the payment system, the size of which will be determined by the analysis of our business plan. After developing a unique design and getting card blanks ready, our bank will pass card issuing and acquiring certification. On our own we will connect the card accepting equipment and bridge it with the processing centre. We will be able to start card issuance after at least one year since the start of the project.
Connecting to SWIFT
While obtaining the EMI license we will simultaneously connect to the SWIFT system in order to start issuing an IBAN (it is needed for making currency transfers to the EU countries). The scheme includes two stages:
- Procedure of joining the SWIFT Community;
- In-house creation of a hardware and software complex and it’s connection to the SWIFT system.
At first stage, after approval of these documents — application, bank address, license, review of the bank’s report schedule, cost recovery obligation, we will receive the status of candidate. During the next year, we’ll be preparing to become a full member of the SWIFT community, by scheduling the start and end dates of the required standard activities.
Connecting to SWIFT will require a financial contribution, a logical terminal (unique bank code), a network port, ICC cards, SWIFT User Handbook, Secure Card Reader equipment and a deployment of special addressing scheme in order to implement message transmission.
Opening the correspondent account
At the moment of filing an application for opening the correspondent account, we must have the bank’s charter, confirmation of tax registration, bank license, documents on the registration of the bank in the Pension Fund, etc.
What do we offer?
Our British fintech startup sees itself as a unique combination of traditional and cryptocurrency bank flavoured with a spicy sauce of modern technology. We are going to use two-factor biometric identification in online banking, blockchain to create our own electronic currency and a number of other advanced technologies, — trying to keep up with time and complying with the latest European directives.
In our next articles we will explain in detail how we will obtain aforementioned licences.