Key points for AI Systems developers and providers
paul@paulfoleylaw.ie
22 Northumberland Road, Dublin D04 ED73, Ireland, EU
Published by Thomson Reuters, Mondaq, Financier Worldwide and others, Paul Foley Law has also contributed to World Bank Group projects on the laws applicable to traded PLCs in Ireland. Clients include:
Paul Foley Law | EU Crowdfunding Regulation: latest
New EU Regulation creates a harmonised European legal regime for crowdfunding
PSD2 in Ireland: authorisation steps
Key points in applying for a Payment Services Authorisation in Ireland under the European Union (Payment Services) Regulations as amended (PSRs)
Legal issues to think about for mobile app developers
The General Data Protection Regulation 2016/679 (GDPR) requires a data controller to implement data protection by design and by default (Article 25 GDPR). Organising for and engineering data protection and security requirements into a Mobile APP (APP) is difficult, particularly as APPs are generally developed using the Agile development process.
Payment Services Directive (PSD2) in short
The PSD2 regulatory framework aims to reduce costs, improve the security of payments and facilitate the emergence of innovative new mobile and internet payment methods.
(Published in Financier Worldwide magazine, December 2016)
Home loans without borders
EU cross-border residential mortgages: are they nearer a reality? (Published in Irish Public Sector magazine, April 2018)
Art 12(3)”….. prospective crowdfunding service providers must provide proof of the following:
(a) absence of a criminal record in respect of infringements of national rules in the fields of commercial law, insolvency law, financial services law, anti-money laundering law, fraud law or professional liability obligations for all the natural persons involved in the management of the prospective crowdfunding service provider and for shareholders who hold 20% or more of the share capital or voting rights;
(b) proof that the natural persons involved in the management of the prospective crowdfunding service provider collectively possess sufficient knowledge, skills and experience to manage the prospective crowdfunding service provider and that those natural persons are required to commit sufficient time to the performance of their duties.”
Commission Delegated Regulation (C(2022) 4835 final) of 12th of July 2022 under Article 48(3) of the Regulation. It is important to note that there are still a number of procedural steps to be taken before the extended transitional period enters into force.
When issuing a standardisation request to European standardisation organisations in accordance with Article 10 of Regulation (EU) 1025/2012, the Commission must specify that standards are coherent, easy to implement and drafted in such a way that they aim to fulfil in particular the following objectives:
The Commission must issue standardisation requests covering all essential requirements of the Regulation in accordance with Article 10 of Regulation (EU) No 1025/2012 no later than 6 months after the date of entry into force of the Regulation.
Directive (EU) 2016/680 on the protection of natural persons regarding processing of personal data connected with criminal offences or the execution of criminal penalties, and on the free movement of such data.
Art (13(1) High-risk AI systems shall be designed and developed in such a way to ensure that their operation is sufficiently transparent to enable users to interpret the system’s output and use it appropriately. An appropriate type and degree of transparency shall be ensured, with a view to achieving compliance with the relevant obligations of the user and of the provider set out in Chapter 3 of this Title.
Art 51: Before placing on the market or putting into service a high-risk AI system referred to in Article 6(2), the provider or, where applicable, the authorised representative must register that system in the EU database referred to in Article 60.
For certain high-risk AI systems, no action or decision must be taken by the user on the basis of the identification resulting from the system unless this has been verified and confirmed by at least two natural persons. (Article (14(5))
Annex III high-risk AI systems pursuant to Article 6(2) are the AI systems listed in any of the following areas:
1. Biometric identification and categorisation of natural persons:
(a) AI systems intended to be used for the ‘real-time’ and ‘post’ remote biometric identification of natural persons;
2. Management and operation of critical infrastructure:
(a) AI systems intended to be used as safety components in the management and operation of road traffic and the supply of water, gas, heating and electricity.
3. Education and vocational training
4. Employment, workers management and access to self-employment
5. Access to and enjoyment of essential private services and public services and benefits
7. Migration, asylum and border control management
8. Administration of justice and democratic processes.
Union Legislation (not reproduced here) on Large Scale IT Systems in the area of freedom, security and justice.
1. Schengen Information System
2. Visa Information System
3. Eurodac
4. Entry/Exit System
5. European Travel Information and Authorisation System
6. European Criminal Records Information System on third-country nationals and stateless persons
7. Interoperability
Fines of up the higher of 30,000,000 EUR or, if the offender is company, up to 6% of its total worldwide annual turnover for (a) non-compliance with the prohibition of the artificial intelligence practices referred to in Art 5 and; (b) non-compliance of the AI system with the requirements laid down in Art 10 (Data and data governance) (Art 71(3)).
The non-compliance of the AI system with any requirements or obligations under the AI Act, other than in Arts 5 and 10, will be subject to fines of up to 20,000,000 EUR or, if the offender is a company, up to 4% of its total worldwide annual turnover for the preceding financial year, whichever is higher (Art 71(4)).
Finally the supply of incorrect, incomplete or misleading information to notified bodies and national competent authorities in reply to a request, will be subject to administrative fines of up to 10,000,000 EUR or, if the offender is a company, up to 2% of its total worldwide annual turnover for the preceding financial year, whichever is higher (Art 71(5)).
Latest Commission definition of an ‘artificial intelligence system’ (AI system) is software that is developed with one or more of the techniques and approaches listed in Annex I and can, for a given set of human-defined objectives, generate outputs such as content, predictions, recommendations, or decisions influencing the environments they interact with.
The ESMA final Report on the draft Regulatory Technical Standards (RTS) was published on the 10 November 2021 (reference ESMA35-42-1183). This Report now been submitted to the European Commission, which will start the endorsement process.
Article 10(5)
Where prospective non-sophisticated investors do not provide the information required pursuant to paragraph 2, or where crowdfunding service providers consider, on the basis of the information received under that paragraph, that the prospective non-sophisticated investors have insufficient knowledge, skills or experience, crowdfunding service providers shall inform those prospective non-sophisticated investors that the services offered on their crowdfunding platforms may be inappropriate for them and issue them a risk warning.
That risk warning shall clearly state the risk of losing the entirety of the money invested. Prospective non-sophisticated investors shall expressly acknowledge that they have received and understood the warning issued by the crowdfunding service provider.
Article 22(2)
The crowdfunding service provider must provide for a pre-contractual reflection period, during which the prospective non-sophisticated investor may, at any time, revoke his or her offer to invest or expression of interest in the crowdfunding offer without giving a reason and without incurring a penalty.
The reflection period referred to in paragraph 2 shall start at the moment of the offer to invest or the expression of interest by the prospective non-sophisticated investor, and shall expire after four calendar days. (Article 22(3).
ANNEX I (MIFID II) LISTS OF SERVICES AND ACTIVITIES AND FINANCIAL INSTRUMENTS SECTION
A Investment services and activities
(1) Reception and transmission of orders in relation to one or more financial instruments;
(7) Placing of financial instruments without a firm commitment basis.
Article 20(1) of the EU Crowdfunding Regulation
Article 25(5) of the EU Crowdfunding Regulation
Article 25(4) of the EU Crowdfunding Regulation
Article 19(2)
Crowdfunding service providers shall inform their clients that their crowdfunding services are not covered by the deposit guarantee scheme established in accordance with Directive 2014/49/EU and that transferable securities or admitted instruments for crowdfunding purposes acquired through their crowdfunding platform are not covered by the investor compensation scheme established in accordance with Directive 97/9/EC.
Article 23(6)
The key investment information sheet referred to in Article 23(2) must contain all of the information in Article 23(6).
Article 21(7)
Each time before a prospective non-sophisticated investor or non-sophisticated investor accepts an individual crowdfunding offer thereby investing an amount that exceeds the higher of either €1,000 or 5% of that investor’s net worth as calculated in accordance with paragraph 5, the crowdfunding service provider must ensure that such investor:
For the purposes of point (c) of the first subparagraph of this paragraph, the assessment referred to in Article 21(1) may be used as proof that the prospective non-sophisticated investor or non-sophisticated investor understands the investment and its risks.
Article 10(5)
Where a crowdfunding service provider does not provide payment services in relation to the crowdfunding services, either itself or through a third party, such a crowdfunding service provider shall put in place and maintain arrangements to ensure that project owners accept funding of crowdfunding projects, or any other payment, only by means of a payment service provider in accordance with Directive (EU) 2015/2366 (PSD2).
Article 8(2)
Crowdfunding service providers must not accept as project owners in relation to the crowdfunding services offered on their crowdfunding platform any of the following:
(a) their shareholders holding 20 %, or more, of share capital or voting rights;
(b) their managers or employees;
(c) any natural or legal person linked to those shareholders, managers or employees by control as defined in point (35)(b) of Article 4(1) of Directive 2014/65/EU (MiFID II).
Crowdfunding service providers that accept as investors in the crowdfunding projects offered on their crowdfunding platform any of the persons referred to in points (a), (b) and (c) of the first subparagraph shall fully disclose on their website the fact that they accept such persons as investors, including information on the specific crowdfunding projects invested in, and shall ensure that such investments are made under the same conditions as those of other investors and that those persons do not enjoy any preferential treatment or privileged access to information.
Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No 648/2012.
Facilitation of granting of loans includes services such as presenting crowdfunding offers to clients and pricing or assessing the credit risk of crowdfunding projects or project owners.
Lending-based crowdfunding platforms just facilitate the conclusion by investors and project owner of loan agreements without the crowdfunding service provider at any moment acting as a creditor of the project owner.
The intention is to accommodate different business models enabling a loan agreement between one or more investors and one or more project owners to be concluded through a crowdfunding platform.
Article 25(3): Products subject to Union law that are to be placed under the customs procedure ‘release for free circulation’ shall be subject to controls performed by the authorities designated under Article 25(1). They shall perform those controls on the basis of risk analysis in accordance with Articles 46 and 47 of Regulation (EU) No 952/2013 and, where relevant, on the basis of risk-based approach as referred to in the second subparagraph of Article 11(3) of the MSR.
Article 18 (1) and 18 (2) of the MSR
Article 5(3) of the MSR
Article 5(2) of the MSR
Article 4(3) of the MSR is reproduced above “The requirement to have an economic operator established in the EU (Article 4)”.
Article 4(3) of the MSR is reproduced under the paragraph titled “The requirement to have an economic operator established in the EU (Article 4)”.
Requirements for accreditation and market surveillance (to ensure compliance) relating to the marketing of products in the EU are currently found in Regulation (EC) 765/2008, Decision 768/2008/EC and Directive 2019/95 (the General Product Safety Directive (which contains surveillance provisions for non-harmonised consumer products))
Controls on products entering the Union market (Article 25), Suspension of release for free circulation (Article 26), Release for free circulation (Article 27), Refusal to release for free circulation (Article 28)
Article 4(3) of the MSR is reproduced under “The requirement to have an economic operator established in the EU (Article 4)”.
economic operator is defined in Article 3 (13) of the MSR as “the manufacturer, the authorised representative, the importer, the distributor, the fulfilment service provider or any other natural or legal person who is subject to obligations in relation to the manufacture of products, making them available on the market or putting them into service in accordance with the relevant Union harmonisation legislation” and in more detail in Article 4(2).
Article 4(5). This Article only applies in relation to products that are subject to Regulations (EU) No 305/2011 , (EU) 2016/425 and (EU) 2016/426, and Directives 2000/14/EC , 2006/42/EC, 2009/48/EC, 2009/125/EC, 2011/65/EU, 2013/29/EU, 2013/53/EU, 2014/29/EU, 2014/30/EU, 2014/31/EU, 2014/32/EU, 2014/34/EU, 2014/35/EU, 2014/53/EU and 2014/68/EU of the European Parliament and of the Council.
The provisions on market surveillance of the Market Surveillance Regulation, cover products that are subject to the Union harmonisation legislation listed in Annex I concerning manufactured products other than food, feed, medicinal products for human and veterinary use, living plants and animals, products of human origin and products of plants and animals relating directly to their future reproduction.
This will ensure a uniform framework for market surveillance of those products at Union level and will help to increase the confidence of consumers and other end users in products placed on the Union market. If new Union harmonisation legislation is adopted in the future, it will be for that legislation to specify whether this MSR is also to apply to that legislation (Recital (6) of the MSR). But note Article 4(5) applies a narrower set of Regulations and Directives to economic operators.
Article 17 of the MSR
Article 20(2) of the MSR
Article 20 (1) of the MSR
Article 18 (1) of the MSR
Article 19(1) of the MSR
Article 29 of the MSR establishes the Network.
Article 10(4) of the MSR
Article 10(3) of the MSR
Article 10(2) of the MSR
Article 10 (1) of the MSR
Article 6 of the MSR
Article 4(3) of the MSR
Article 4(2)(d) of the Market Surveillance Regulation
Article 4(2)(c) of the Market Surveillance Regulation
Article 4(2)(b) of the Market Surveillance Regulation
Article 4(2)(a) of the Market Surveillance Regulation
Regulation (EC) No 765/2008 of the European Parliament and of the Council of 9 July 2008 setting out the requirements for accreditation and market surveillance relating to the marketing of products and repealing Regulation (EEC) No 339/93.
Directive 2004/42/CE on the limitation of emissions of volatile organic compounds due to the use of organic solvents in certain paints and varnishes and vehicle refinishing products and amending Directive 1999/13/EC (Article 38 of the Market Surveillance Regulation) Article 6 (monitoring) and Article 7 (reporting).
Article 44 MSR. However that Article also provides that Articles 29, 30, 31, 32, 33 and 36 shall apply from 1 January 2021.
Article 4(5). This Article only applies in relation to products that are subject to Regulations (EU) No 305/2011 , (EU) 2016/425 and (EU) 2016/426, and Directives 2000/14/EC , 2006/42/EC, 2009/48/EC, 2009/125/EC, 2011/65/EU, 2013/29/EU, 2013/53/EU, 2014/29/EU, 2014/30/EU, 2014/31/EU, 2014/32/EU, 2014/34/EU, 2014/35/EU, 2014/53/EU and 2014/68/EU of the European Parliament and of the Council.
Article 4(4) of the MSR
The MiFID II Regime for the purposes of this report, comprises Directive (EU) 2014/65 (MiFID II) and the Markets in Financial Instruments Regulation (600/2014) (MiFIR), being the foundation regulations for the MiFID II regime and Commission Delegated Directive EU 2017/593 (MiFID II Delegated Directive).
The Covid MiFID Recovery Directive also amends Directives 2013/36/EU on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, and Directive (EU) 2019/878 amending Directive 2013/36/EU as regards exempted entities, financial holding companies, mixed financial holding companies, remuneration, supervisory measures and powers and capital conservation measures. Other Covid -19 recovery legislative changes include amendments to the Capital Requirements Regulation (575/2013) (CRR) as well as changes to the Prospectus Regulation (2017/1129) and the Securitisation Regulation ((EU) 2017/2402).
“An investment firm which manufactures financial instruments for sale to clients shall maintain, operate and review a process for the approval of each financial instrument and significant adaptations of existing financial instruments before it is marketed or distributed to clients” (par 2).
“The product approval process shall specify an identified target market of end clients within the relevant category of clients for each financial instrument and shall ensure that all relevant risks to such identified target market are assessed and that the intended distribution strategy is consistent with the identified target market (par 3).
“An investment firm shall also regularly review financial instruments it offers or markets, taking into account any event that could materially affect the potential risk to the identified target market, to assess at least whether the financial instrument remains consistent with the needs of the identified target market and whether the intended distribution strategy remains appropriate (par 4).
“An investment firm which manufactures financial instruments shall make available to any distributor all appropriate information on the financial instrument and the product approval process, including the identified target market of the financial instrument”
(par 5). (Article 16(3) paragraphs 2 to 5 of MiFID II)
“For the purpose of this Article, research shall be understood as covering research material or services concerning one or several financial instruments or other assets, or the issuers or potential issuers of financial instruments, or as covering research material or services closely related to a specific industry or market such that it informs views on financial instruments, assets or issuers within that industry or market.
“Research will also comprise material or services that explicitly or implicitly recommend or suggest an investment strategy and provide a substantiated opinion as to the present or future value or price of financial instruments or assets, or otherwise contain analysis and original insights and reach conclusions based on new or existing information that could be used to inform an investment strategy and be relevant and capable of adding value to the investment firm’s decisions on behalf of clients being charged for that research.”
(Article 9a (last two paragraphs thereof) of MiFID II inserted by the Covid MiFID Recovery Directive).
“The information provided to clients or potential clients shall include the following: (c) the information on all costs and associated charges must include information relating to both investment and ancillary services, including the cost of advice, where relevant, the cost of the financial instrument recommended or marketed to the client and how the client may pay for it, also encompassing any third-party payments.
“The information about all costs and charges, including costs and charges in connection with the investment service and the financial instrument, which are not caused by the occurrence of underlying market risk, shall be aggregated to allow the client to understand the overall cost as well as the cumulative effect on return of the investment, and where the client so requests, an itemised breakdown shall be provided. Where applicable, such information shall be provided to the client on a regular basis, at least annually, during the life of the investment”.
(Article 24(4)© MiFID II)
Article 25(2) (par 3). “When providing either investment advice or portfolio management that involves the switching of financial instruments, investment firms shall obtain the necessary information on the client’s investment and shall analyse the costs and benefits of the switching of financial instruments. When providing investment advice, investment firms shall inform the client whether or not the benefits of the switching of financial instruments are greater than the costs involved in such switching”.
(this par is incorporated into MiFID II by the Covid MiFID Recovery Directive).
New Article 5a “Investment firms must provide all information required to be provided by this Directive to clients or potential clients in electronic format, except where the client or potential client is a retail client or potential retail client who has requested receiving the information on paper, in which case that information shall be provided on paper, free of charge. Investment firms shall inform retail clients or potential retail clients that they have the option of receiving the information on paper.
“Investment firms shall inform existing retail clients that receive the information required to be provided by this Directive on paper of the fact that they will receive that information in electronic format at least eight weeks before sending that information in electronic format. Investment firms shall inform those existing retail clients that they have the choice either to continue receiving information on paper or to switch to information in electronic format.
“Investment firms shall also inform existing retail clients that an automatic switch to the electronic format will occur if they do not request the continuation of the provision of the information on paper within that eight week period. Existing retail clients who already receive the information required to be provided by this Directive in electronic format, do not need to be informed.”
(New Article 5a inserted into MIFID II by the Covid MIFID Recovery Directive).
“predominantly commercial group” means any group of which the main business is not the provision of investment services within the meaning of this Directive, or the performance of any activity listed in Annex I to Directive 2013/36/EU, or acting as a market maker in relation to commodity derivatives.”
(Article 4(1) (65) added into MiFID II by the Covid MiFID Recovery Directive).
“agricultural commodity derivatives” means derivative contracts relating to products listed in Article 1 of, and Annex I, Parts I to XX and XXIV/1, to, Regulation (EU) No 1308/2013 of the European Parliament and of the Council as well as to products listed in Annex I to Regulation (EU) No 1379/2013 of the European Parliament and of the Council.”
(new par (59) inserted in Article 4 of MiFID II)
New Article 73(2) of MiFID II
Article 2(3) ancillary services
Regulation (EU) No 600/2014 of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Regulation (EU) No 648/2012.
New Article 73(2) of MiFID II inserted by the Covid MiFID Recovery Directive
New Article 58(2) of MiFID II
New Article 58(1) of MiFID II
Annex C of MiFID II Point (10) “Options, futures, swaps, forward rate agreements and any other derivative contracts relating to climatic variables, freight rates or inflation rates or other official economic statistics that must be settled in cash or may be settled in cash at the option of one of the parties other than by reason of default or other termination event, as well as any other derivative contracts relating to assets, rights, obligations, indices and measures not otherwise mentioned in this Section, which have the characteristics of other derivative financial instruments, having regard to whether, inter alia, they are traded on a regulated market, OTF, or an MTF” (new Article 58(1) of MIFID II).
“(44) ‘transferable securities’ means those classes of securities which are negotiable on the capital market, with the exception of instruments of payment, such as: (c) any other securities giving the right to acquire or sell any such transferable securities or giving rise to a cash settlement determined by reference to transferable securities, currencies, interest rates or yields, commodities or other indices or measures.”
New Article 57(6) of MiFID II inserted by the Covid MiFID Recovery Directive
New Article 57(4) of MiFID II inserted by the Covid MiFID Recovery Directive
Article 57(2) MiFID II
New Article 57(8) of MiFID II (part thereof)
New Article 57(7) in MiFID II
New Article 47(6) (part of) inserted by the Covid MiFID Recovery Directive
New Article 57(3) of MiFID II inserted by the Covid MiFID Recovery Directive.
Annex C.10 of Annex I of MiFID II “Options, futures, swaps, forward rate agreements and any other derivative contracts relating to climatic variables, freight rates or inflation rates or other official economic statistics that must be settled in cash or may be settled in cash at the option of one of the parties other than by reason of default or other termination event, as well as any other derivative contracts relating to assets, rights, obligations, indices and measures not otherwise mentioned in this Section, which have the characteristics of other derivative financial instruments, having regard to whether, inter alia, they are traded on a regulated market, OTF, or an MTF” (new Article 58(1) of MIFID II).
New Article 57(1) to MiFID II inserted by the Covid MiFID Recovery Directive (extract).
New Article 57(1) to MiFID II inserted by the Covid MiFID Recovery Directive
commodity derivatives shall be considered to be critical or significant where the sum of all net positions of end position holders constitutes the size of their open interest and is at a minimum of 300 000 lots on average over a one-year period.
recital 17 of the Covid MiFID Recovery Directive paraphrased
recital 17 of the Covid MiFID Recovery Directive paraphrased
recital 15 of the Covid MiFID Recovery Directive paraphrased
recital 14 of the Covid MiFID Recovery Directive paraphrased
recital 13 of the Covid MiFID Recovery Directive paraphrased
recital 12 of the Covid MiFID Recovery Directive paraphrased
recital 12 of the Covid MiFID Recovery Directive paraphrased
recital 12 of the Covid MiFID Recovery Directive
Excluded Elements. The elements referred to in the second subparagraph of this paragraph shall exclude:
(a) intragroup transactions as referred to in Article 3 of Regulation (EU) No 648/2012 that serve group-wide liquidity or risk management purposes;
(b) transactions in commodity derivatives or emission allowances or derivatives thereof that are objectively measurable as reducing risks directly relating to the commercial activity or treasury financing activity;
(c) transactions in commodity derivatives or emission allowances or derivatives thereof entered into to fulfil obligations to provide liquidity on a trading venue, where such obligations are required by regulatory authorities in accordance with Union law or with national laws, regulations and administrative provisions, or by trading venues”. (New Article 2(4) of MiFID II (part of))
New Article 2(4) of MiFID II inserted by the Covid MiFID Recovery Directive “By 31 July 2021, the Commission shall adopt a delegated act to supplement this Directive by specifying, for the purpose of point (j) of paragraph 1 of this Article, the criteria for establishing when an activity is to be considered to be ancillary to the main business at group level.
“Those criteria shall take into account the following elements:
(a) whether the net outstanding notional exposure in commodity derivatives or emission allowances or derivatives thereof for cash settlement traded in the Union, excluding commodity derivatives or emission allowances or derivatives thereof traded on a trading venue, is below an annual threshold of EUR 3 billion; or
(b) whether the capital employed by the group to which the person belongs is predominantly allocated to the main business of the group; or
(c) whether or not the size of the activities referred to in point (j) of paragraph 1 exceeds the total size of the other trading activities at group level. The activities referred to in this paragraph shall be considered at group level.”
New Article 2(1)(j) of the MiFID II Directive inserted by the Covid MiFID Recovery Directive
Recital (11) of the Covid MiFID Recovery Directive (Extract)
New Article 30(1) inserted into MiFID II in place of the existing MiFID II Article 30(1), by the Covid MiFID Recovery Directive.
Article 28(1) Member States shall require that investment firms authorised to execute orders on behalf of clients implement procedures and arrangements which provide for the prompt, fair and expeditious execution of client orders, relative to other client orders or the trading interests of the investment firm.
Those procedures or arrangements shall allow for the execute on of otherwise comparable client orders in accordance with the time of their reception by the investment firm (Article 28(1) MiFID II).
Article 27 (Obligation to execute orders on terms most favourable to the client)
Article 25 (Assessment of suitability and appropriateness and reporting to clients)
Article 24 (general principles and information to clients)
New paragraph added to Article 27(3) MIFID II by the Covid MiFID Recovery Directive
Recital 9 of the Covid MiFID Recovery Directive
MiFID II Article 27(3) “Member States must require that for financial instruments subject to the trading obligation in Articles 23 and 28 Regulation (EU) No 600/2014, each trading venue and systematic internaliser and for other financial instruments each execution venue makes available to the public, without any charges, data relating to the quality of execution of transactions on that venue on at least an annual basis and that following execution of a transaction on behalf of a client the investment firm shall inform the client where the order was executed. Periodic reports shall include details about price, costs, speed and likelihood of execution for individual financial instrument.”
Article 29a(2) of MiFID II inserted by the Covid MiFID Recovery Directive
Article 25(6). “The investment firm shall provide the client with adequate reports on the service provided in a durable medium. Those reports shall include periodic communications to clients, taking into account the type and the complexity of financial instruments involved and the nature of the service provided to the client and shall include, where applicable, the costs associated with the transactions and services undertaken on behalf of the client”.
Recital (6) of the Covid MiFID Recovery Directive
“switching of financial instruments” means selling a financial instrument and buying another financial instrument or exercising a right to make a change with regard to an existing financial instrument. Article 4(8a) inserted into MiFID II by the Covid MiFID Recovery Directive.
Recital (10) of the Covid MiFID Recovery Directive.
Article 29a(1) under Services provided to professional clients inserted into MiFID II by the Covid MiFID Recovery Directive
Recital (5) MiFID Covid Recovery Directive
Article 9a inserted into MiFID II by the Covid MiFID Recovery Directive
Member States shall require that, when providing investment services or, where appropriate, ancillary services to clients, an investment firm acts honestly, fairly and professionally in accordance with the best interests of its clients and comply, in particular, with the principles set out in this Article and in Article 25 (Article 24 (1) of MiFID II)
Recital (8) of the MiFID Recovery Directive
Commission document titled: Public consultation on the review of the MiFID II/MiFIR regulatory framework at page 55.
Source: Articles 23, 24 and 25 of Directive (EU) 2014/65 (MiFID II), Articles 12 and 13 of Commission Delegated Directive 2017/593 and page 55 of EU Commission document titled: Public consultation on the review of the MiFID II/MiFIR regulatory framework.
new subparagraph added by the Covid MiFID Recovery Directive to Article 24 (4) of MiFID II
Page 50 of the EU Commission document titled: Public consultation on the review of the MiFID II/MiFIR regulatory framework.
Article 16a inserted into MiFID II by the Covid MiFID Recovery Directive
“Investment firms which manufacture financial instruments for sale to clients shall ensure that those financial instruments are designed to meet the needs of an identified target market of end clients within the relevant category of clients, the strategy for distribution of the financial instruments is compatible with the identified target market, and the investment firm takes reasonable steps to ensure that the financial instrument is distributed to the identified target market.
“An investment firm shall understand the financial instruments they offer or recommend, assess the compatibility of the financial instruments with the needs of the clients to whom it provides investment services, also taking account of the identified target market of end clients as referred to in Article 16(3), and ensure that financial instruments are offered or recommended only when this is in the interest of the client”. (Article 24(2) of MiFID II)
Recital (4) of the Covid MiFID Recovery Directive.
MiFID II defines eligible counterparties in Article 30(2). Article 30(3) and Article (30)(4) of MiFID II are relevant also when determining who is to be entitled or treated as eligible counterparties.
a make-whole clause means a clause that aims to protect the investor by ensuring that, in the event of early redemption of a bond, the issuer is required to pay to the investor holding the bond an amount equal to the sum of the net present value of the remaining coupon payments expected until maturity and the principal amount of the bond to be redeemed. (Par 44a inserted into Article 4(1)(44) of MiFID II by the Covid MiFID Recovery Directive)
Directive (EU) 2021/338 of 16 February 2021 amending Directive 2014/65/EU as regards information requirements, product governance and position limits, and Directives 2013/36/EU and (EU) 2019/878 as regards their application to investment firms, to help the recovery from the COVID-19 crisis.
Application form currently accessible at this link >
Key Stages of Application Process are accessible here >
The legal requirement is set out at section 5(1)(m) of PSD2.
The foundation for these requirements is article 5 of PSD2. Article 5 (1) of PSD2 requires the submission by an application of:
“(m) the identity of persons holding in the applicant, directly or indirectly, qualifying holdings within the meaning of point (36) of Article 4(1) of Regulation (EU) No 575/2013, the size of their holdings and evidence of their suitability taking into account the need to ensure the sound and prudent management of a payment institution;
(n) the identity of directors and persons responsible for the management of the payment institution and where relevant, persons responsible for the management of the payment services activities of the payment institution, as well as evidence that they are of good repute and possess appropriate knowledge and experience to perform payment services as determined by the home Member State of the payment institution”.
See guideline 13 of the CBOI Application Form and see EBA/GL/2019/04 29 November 2019 FINAL REPORT EBA Guidelines on ICT and security risk management.
See page 15 of the CBOI application form and EBA/GL/2018/05 (consolidated version) 18 July 2018 Final Report Guidelines on fraud reporting under the Payment Services Directive 2 (PSD2) Application date 01.01.2019 Amended by EBA/GL/2020/01 01.07.2021.
See pages 14 and 15 of the CBOI application form and see also section 3.7 of EBA/GL/2019/04 29 November 2019 FINAL REPORT EBA Guidelines on ICT and security risk management.
Currently accessible at page 13 of this link >
See CBOI Application form guideline 9 on page 13; also CBOI Guidance Note (page 26) and EBA/GL/2017/10 27/07/2017 Final Report: Guidelines on major incident reporting under Directive (EU) 2015/2366 (PSD2).
governance arrangements and internal control mechanisms. See CBOI Application form guideline 8 on page 12; also the CBOI Guidance Note from pages 24 to 26 which specifies amongst things that the board has to have at least one independent director.
See the CBOI Application Form guideline 4, page 9; and the CBOI Guidance Note on the Business Plan is on pages 17 to 21 of the CBOI Guidance Note >
Program of operations. See section/guideline 3 on page 8 of the CBOI Application Form; and from pages 15 to 16 of the CBOI Guidance Note >
European Communities (Electronic Money) Regulations 2011 as emended by the PSRs.
EMI is an electronic money institution being a legal person that has been granted authorisation under Title II of Directive 2009/110 to issue electronic money; ‘electronic money’ means electronically, including magnetically, stored monetary value as represented by a claim on the issuer which is issued on receipt of funds for the purpose of making payment transactions as defined in point 5 of Article 4 of Directive 2007/64/EC, and which is accepted by a natural or legal person other than the electronic money issuer.
PI is a Payment Institution. A payment services provider where it is a Payment Institution as defined, requires a payment services authorisation.
ancillary activities are:
(a) the provision of operational and closely related ancillary services such as ensuring the execution of payment transactions, foreign exchange services, safekeeping activities, and the storage and processing of data;
(b) without prejudice to Regulation 43 (Access to payment systems), the operation of payment systems;
(c) business activities other than the provision of payment services, subject to any law of the State or of the Union applicable to such activities.
In Ireland PSD2 is implemented by the European Union (Payment Services) Regulations 2018 as amended (PSR2.)
SI No. 6 of 2018 as amended.
See EBA/GL/2017/08 07/07/2017 Final Report Guidelines on the criteria on how to stipulate the minimum monetary amount of the professional indemnity insurance or other comparable guarantee under Article 5(4) of Directive (EU) 2015/2366 (PSD2)
The legal requirement is set out at section 5(1)(k) of PSD2 of the Guidance Note >
see EBA/GL/2019/04 29 November 2019 FINAL REPORT EBA Guidelines on ICT and security risk management
This requirement is in article 5(1)(j) of PSD2.
EBA/GL/2018/05 (consolidated version) 18 July 2018 Final Report Guidelines on fraud reporting under the Payment Services Directive 2 (PSD2) Application date ØO 01.01.2019 Amended by EBA/GL/2020/01 01.07.2021.
Commission Delegated Regulation 2018/389
Commission Delegated Regulation 2018/389
see EBA-Op-2018-04 13 June 2018 Opinion of the European Banking Authority on the implementation of the RTS on SCA and CSC.
EBA/GL/2019/04 29 November 2019 FINAL REPORT: EBA Guidelines on ICT and security risk management and EDPD Guidelines 06/2020 on the interplay of the Second Payment Services Directive and the GDPR
personalised security credentials means personalised features provided by the payment service provider to a payment service user for the purposes of authentication (Article 4(31) of PSD2).
Safeguarding User’s Funds is in regulation 17(2) “A payment institution that provides payment services referred to in paragraphs 1 to 6 of the Schedule shall safeguard user’s funds in either of the following ways:
(a) user’s funds (i) shall not be mixed at any time with the funds of any person other than the payment service user on whose behalf the funds are held, and (ii) where the funds are still held by the payment institution and not yet delivered to the payee or transferred to another payment service provider by the end of the business day after the day of receipt, shall be deposited in a separate account in a credit institution or invested in assets designated or approved by the Bank for the purpose of these Regulations as secure, liquid and low risk assets;
(b) user’s funds shall be covered by an insurance policy.”
‘framework contract’ means a payment service contract which governs the future execution of individual and successive payment transactions and which may contain the obligation and conditions for setting up a payment account.
See pages 19 to 21 of the CBOI Guidance Note
The Minimum Competency Code 2017 (MCC 2017) and the Central Bank (Supervision and Enforcement) Act 2013 (Section 48 (1)) Minimum Competency Regulations 2017 (MCR 2017) came into effect on 3 January 2018.
PCF means Pre-Approval Controlled Functions.
Qualifying Holding means a legal or natural person with a direct or indirect holding of shares or other interest in the applicant which represents 10 per cent or more of the capital or of the voting rights, or any direct or indirect holding of less than 10 per cent of the capital or of the voting rights but which makes it possible to control or exercise a significant influence over the management of the applicant in which a holding subsists.
This document is accessible if one inputs this title into one’s search box.
Guidance Note currently accessible at this link >
Regulation 21: “Where a payment institution has its registered office in the State, it shall have its head office in the State and shall carry out at least part of its payment service business in the State.”
Ireland. The Central Bank will expect decision-making at Board and Committee level to take place within the State. In addition, to ensure the central management is located within the ”head office”, its functions must include (where applicable):
(i) Financial Control;
(ii) Legal and Compliance; and
(iii) Risk Management.
It follows that there should be a significant senior management presence (within the applicant) in the State to ensure that full authority and effective control of the applicant rests within the “head office”.
Article 9 “Member States shall prohibit persons or undertakings that are not credit institutions from carrying out the business of taking deposits or other repayable funds from the public.
“Paragraph 1 shall not apply to the taking of deposits or other funds repayable by a Member State, or by a Member State's regional or local authorities, by public international bodies of which one or more Member States are members, or to cases expressly covered by national or Union law, provided that those activities are subject to regulations and controls intended to protect depositors and investors.”
Schedule par 4 Execution of payment transactions where the funds are covered by a credit line for a payment service user: (a) execution of direct debits, including one-off direct debits; (b) execution of payment transactions through a payment card or a similar device; (c) execution of credit transfers, including standing orders. Schedule par 5 Issuing of payment instruments and/or acquiring of payment transactions.
CBOI is the Central Bank of Ireland.
account information services means a payment service where funds are received from a payer, without any payment accounts being created in the name of the payer or the payee, for the sole purpose of transferring a corresponding amount to a payee or to another payment service provider acting on behalf of the payee, and/or where such funds are received on behalf of and made available to the payee.
payment initiation service means a service to initiate a payment order at the request of the payment service user with respect to a payment account held at another payment service provider.
'relevant proxy advisor' means a proxy advisor: (a) that provides services to shareholders with respect to shares that are admitted to trading on a regulated market in any Member State, and (b) in respect of which the competent Member State, within the meaning of Article 1(2)(b) of the Shareholders' Rights Directive, is the State (s1110K(7) of the SRD2 Regulations).
S1110D(5) (a) Subject to paragraph (b), an intermediary (in this subsection referred to as a ‘relevant intermediary’) who is provided with a confirmation under subsection (2) or (3) (in this subsection referred to as the ‘relevant confirmation’), shall, as soon as practicable, transmit the relevant confirmation to the shareholder to whom it relates. (b) Where: (i) it is not possible for the relevant intermediary to transmit the relevant confirmation directly to the shareholder to whom it relates, and (ii) the relevant intermediary is part of a chain of intermediaries, the relevant intermediary shall, as soon as practicable, transmit the relevant confirmation to each other intermediary in the chain of intermediaries known to the relevant intermediary as being part of the chain. (c) An intermediary to whom a relevant confirmation is transmitted under paragraph (b) and who can transmit the relevant confirmation directly to the shareholder to whom it relates shall, as soon as practicable, transmit the relevant confirmation directly to that shareholder.
Section 1110(4) Where a related party transaction entered into, or to be entered into, by a traded PLC involves a shareholder of the traded PLC, that shareholder shall not take part in the approval referred to in subsection s1110O(3).
‘material transaction’ means a transaction in which any percentage ratio, calculated in accordance with one or more class tests, is 5% or more; ‘percentage ratio’ means, in relation to a transaction, a figure, expressed as a percentage, that results from applying a calculation under a class test to the transaction.
Section 1110(O)(5)( (a) Subsections (1) to (3) shall not apply to: (i) a transaction entered into in the ordinary course of business and concluded on normal market terms, (ii) transactions entered into between a traded PLC and its subsidiary, or a number of its subsidiaries, provided that (I) the subsidiary or subsidiaries are wholly owned by the traded PLC, or (II) no related party of the traded PLC has an interest in the subsidiary or subsidiaries, as the case may be, (iii) transactions regarding remuneration of directors, or certain elements of remuneration of directors, awarded or due in accordance with section 1110M, or (iv) transactions offered to all shareholders on the same terms where equal treatment of all shareholders and protection of the interests of the traded PLC are ensured. (b) In subparagraph (iii) of paragraph (a), ‘director’ has the same meaning as it has in section 1110M.
It is important to note how director is defined in s1110N(11).
A traded PLC may temporarily derogate from its remuneration policy where (a) doing so is necessary in exceptional circumstances, to serve the long-term interests and sustainability of the traded PLC as a whole or to assure its viability, and (b) the derogation is in accordance with the procedural conditions and other provisions on derogation set out in the remuneration policy.(s1110M(8) of the SRD2 Regulations).
The Remuneration Policy and what it must contain are set out in 13 paragraphs in s1110M(6)
‘intermediary’ means a person, whether situated in a Member State or elsewhere, that provides services, in relation to a traded PLC, of safekeeping of shares, administration of shares or maintenance of securities accounts on behalf of shareholders or other persons, and includes -
(a) an investment firm as defined in Regulation 3 of the European Union (Markets in Financial Instruments) Regulations 2017 (S.I. No. 375 of 2017),
(b) a credit institution as defined in point (1) of Article 4(1) of Regulation (EU) No. 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No. 648/20128, and
(c) a central securities depository as defined in point (1) of Article 2(1) of Regulation (EU) No. 909/2014 of the European Parliament and of the Council of 23 July 2014 on improving securities settlement in the European Union and on central securities depositories and amending Directives 98/26/EC and 2014/65/EU and Regulation (EU) No.236/2012.
relevant proxy advisor means a proxy advisor: (a) that provides services to shareholders with respect to shares that are admitted to trading on a regulated market in any Member State, and (b) in respect of which the competent Member State, within the meaning of Article 1(2)(b) of the Shareholders' Rights Directive (means SRD1, SRD II and Directive 2014/59 establishing a framework for the recovery and resolution of credit institutions and investment firms), is the State.
relevant asset manager means an asset manager:
(a) that invests in shares traded on a regulated market on behalf of investors, and
(b) in respect of which the competent Member State, within the meaning of Article 1(2)(a) of the Shareholders' Rights Directive, (means SRD1, SRD II and Directive 2014/59 establishing a framework for the recovery and resolution of credit institutions and investment firm) is the State
relevant institutional investor means an institutional investor: (a) that invests, whether directly or through an asset manager, in shares traded on a regulated market, and (b) in respect of which the competent Member State, within the meaning of Article 1(2)(a) of the Shareholders' Rights Directive (means SRD1, SRD II and Directive 2014/59 establishing a framework for the recovery and resolution of credit institutions and investment firms) is the State.
traded PLC means a PLC: (a) whose shares are admitted to trading on a regulated market in any Member State, and (b) that is neither:(i) an undertaking for collective investment in transferrable securities within the meaning of Article 1(2) of Directive 2009/65/EC (UCITS)5, nor (ii) a collective investment undertaking within the meaning of point (a) of Article 4(1) of Directive 2011/61/EU on Alternative Investment Fund Managers and amending Directives 2003/41/EC and 2009/65/EC and Regulations (EC) No. 1060/2009 and (EU) No. 1095/2010 (section 1109(4) of the Act).
Impact Assessment Part 2 page 51 footnote 32
Impact Assessment where used in this Article means, document reference “Brussels, 26.4.2018 SWD(2018) 138 final PART 1/2 COMMISSION STAFF WORKING DOCUMENT IMPACT ASSESSMENT Accompanying the document Proposal for a Regulation of the European Parliament and of the Council on promoting fairness and transparency for business users of online intermediation services”. See Impact Assessment Part 2, page 51, footnote 32.
Article 15 of the Platforms Regulation
Recital (46) of the Platforms Regulation
see Article 14 generally of the Platforms Regulation
Article 12(6) of the Platforms Regulation
Article 12(2) of the Platforms Regulation
Article 12 (1) of the Platforms Regulation
Article 11 of the of the Platforms Regulation
Impact Assessment Part1, page 18 under par 2.1.2.
Impact Assessment, Part 1, page 17 under par 2.1.2
Article 10(2) of the Platforms Regulation
Article10(1) of the Platforms Regulation
Impact Assessment, Part 1, page 17 under par 2.1.1.6
Article 9(3) of the Platforms Regulation
Article 9(2) of the Platforms Regulation
Article 9(1) of the Platforms Regulation
Article 7(3) of the Platforms Regulation
Article 7(2) of the Platforms Regulation
Impact Assessment Part 1 page 16
Article 6 of the Platforms Regulation
Article 2(12) 'ancillary goods and services' means goods and services offered to the consumer prior to the completion of a transaction initiated on the online intermediation services in addition to and complementary to the primary good or service offered by the business user through the online intermediation services.
Impact Assessment page 17 of Part 1
Article 5(7) of the Platforms Regulation
Recital 27 of the Platforms Regulation
Article 5(6) of the Platforms Regulation
Article 5(5) of the Platforms Regulation
Article 5(4) and Recital 26 of the Platforms Regulation
Article 5(2) of the Platforms Regulation
In Article 5(3) of the Platforms Regulation
Article 5(1) of the Platforms Regulation
ranking means the relative prominence given to the goods or services offered through online intermediation services, or the relevance given to search results by online search engines, as presented, organised or communicated by the providers of online intermediation services or by providers of online search engines, respectively, irrespective of the technological means used for such presentation, organisation or communication; (Article 2(8))
Article 8 of the Platforms Regulation
Article 3(3) of the Platforms Regulation
Article 4 of the Platforms Regulation
Article 11 internal complaint-handling process
Article 3(2) of the Platforms Regulation
Recital (17) of the Platforms Regulation
Recital (16) of the Platforms Regulation
as defined in Article 2(10) of the Platforms Regulation
The Impact Assessment referred to potentially harmful trading practices. These included (i) sudden unexplained changes in terms and conditions unilaterally imposed by platforms without prior notice, (ii) delisting of products, services or businesses or suspension of accounts without clear statement of reasons (iii) issues related to ranking of business users or their offers (iv) Issues related to data access and use (v) discrimination of businesses and favouring of online platform's own competing services and (vi) lack of effective redress for business users. These amongst other matters are the drivers of the obligations below.
Article 1(3). of the Platforms Regulation
Article 1(2) of the Platforms Regulation
See Recital (11) of the Platforms Regulation for more detail.
business user means any private individual acting in a commercial or professional capacity who, or any legal person which, through online intermediation services offers goods or services to consumers for purposes relating to its trade, business, craft or profession (Article 2(1))
Online intermediation services’ means services which meet all of the following requirements: (a) they constitute information society services within the meaning of point (b) of Article 1(1) of Directive (EU) 2015/1535 (Laying down a procedure for the provision of information in the field of technical regulations and rules on Information Society services), (b) they allow business users to offer goods or services to consumers, with a view to facilitating the initiating of direct transactions between those business users and consumers, irrespective of where those transactions are ultimately concluded; (c) they are provided to business users on the basis of contractual relationships between the provider of those services and business users which offer goods or services to consumers (Article 2(2))
corporate website users means any natural or legal person which uses an online interface, meaning any software, including a website or a part thereof and applications, including mobile applications, to offer goods or services to consumers for purposes relating to its trade, business, craft or profession. (Article 2(7))
‘online search engine’ means a digital service that allows users to input queries in order to perform searches of, in principle, all websites, or all websites in a particular language, on the basis of a query on any subject in the form of a keyword, voice request, phrase or other input, and returns results in any format in which information related to the requested content can be found (Article 2(5))
Impact Assessment Part 1, Page 3, under paragraph 1.2
This is a test popup
A PEP means a natural person who is or has been entrusted with prominent public functions and includes:
Article 11 - Member States must ensure that obliged entities apply customer due diligence measures in the following circumstances:
(c) in the case of persons trading in goods, when carrying out occasional transactions in cash amounting to EUR 10,000 or more, whether the transaction is carried out in a single operation or in several operations which appear to be linked;
(d) for providers of gambling services, upon the collection of winnings, the wagering of a stake, or both, when carrying out transactions amounting to EUR 2,000 or more, whether the transaction is carried out in a single operation or in several operations which appear to be linked.
Correspondent relationship means:
(a) the provision of banking services by one bank as the correspondent to another bank as the respondent, including providing a current or other liability account and related services, such as cash management, international funds transfers, cheque clearing, payable-through accounts and foreign exchange services;
(b) the relationships between and among credit institutions and financial institutions including where similar services are provided by a correspondent institution to a respondent institution, and including relationships established for securities transactions or funds transfers (Article 3(8)).
Article 3 (6) ‘beneficial owner’ means any natural person(s) who ultimately owns or controls the customer and/or the natural person(s) on whose behalf a transaction or activity is being conducted and includes at least:
(a) in the case of corporate entities:
(i) the natural person(s) who ultimately owns or controls a legal entity through direct or indirect ownership of a sufficient percentage of the shares or voting rights or ownership interest in that entity, including through bearer shareholdings, or through control via other means, other than a company listed on a regulated market that is subject to disclosure requirements consistent with Union law or subject to equivalent international standards which ensure adequate transparency of ownership information.
A shareholding of 25 % plus one share or an ownership interest of more than 25 % in the customer held by a natural person shall be an indication of direct ownership. A shareholding of 25 % plus one share or an ownership interest of more than 25 % in the customer held by a corporate entity, which is under the control of a natural person(s), or by multiple corporate entities, which are under the control of the same natural person(s), shall be an indication of indirect ownership. This applies without prejudice to the right of Member States to decide that a lower percentage may be an indication of ownership or control.
Control through other means may be determined, inter alia, in accordance with the criteria in Article 22(1) to (5) of Directive 2013/34/EU of the European Parliament and of the Council
(ii) if, after having exhausted all possible means and provided there are no grounds for suspicion, no person under point (i) is identified, or if there is any doubt that the person(s) identified are the beneficial owner(s), the natural person(s) who hold the position of senior managing official(s), the obliged entities shall keep records of the actions taken in order to identify the beneficial ownership under point (i) and this point.
Directive 2015/2366/EU on payment services (PSD2)
Custodian wallet providers means an entity that provides services to safeguard private cryptographic keys on behalf of its customers, to hold, store and transfer virtual currencies.
The new EU AML/CTF regime comprises the Fourth Money Laundering Directive (Directive 2015/849)(MLD4), the Wire Transfer Regulation (Regulation 2015/847 (WTR), and the Fifth Money Laundering (Directive 2018/843 (MLD5).MLD5 which amends MLD4 is available as a consolidated document on Europa.
The new EU AML/CTF regime comprises the Fourth Money Laundering Directive (Directive 2015/849)(MLD4), the Wire Transfer Regulation (Regulation 2015/847 (WTR), and the Fifth Money Laundering (Directive 2018/843 (MLD5).MLD5 which amends MLD4 is available as a consolidated document on Europa.
Fiat currencies are coins and banknotes that are designated as legal tender and electronic money, of a country, accepted as a medium of exchange in the issuing country, such as the Euro. The Commission refers to this type of provider as a virtual currency exchange platform (VCEP)”.
Virtual currencies means a digital representation of value that is not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency and does not possess a legal status of currency or money, but is accepted by natural or legal persons as a means of exchange and which can be transferred, stored and traded electronically.
Gambling: With the exception of casinos, and following an appropriate risk assessment, Member States may decide to exempt, in full or in part, providers of certain gambling services from national provisions transposing this Directive on the basis of the proven low risk posed by the nature and, where appropriate, the scale of operations of such services.