In May 2023, the Central Bank of Kuwait (“CBK”) has, by virtue of Decision No. 45/471 of 2023, amended the Instructions for Regulating the Electronic Payment of Funds (“New Regulatory Instructions“), which revokes the previous CBK decision on the same matter which was issued by virtue of Decision No. 44/430 of 2018 (“Revoked Instructions”).

It is worth highlighting that while the Revoked Instructions only entitled the financial institutions such as banks to take the role of electronic payment infrastructure provider (“EPIP”) and that any activity service provider operating in electronic money or electronic payment and settlement services has to be an electronic payment agent (“EPA”) of such EPIP, which created an extra-layer of implicit supervision and oversight by local banks on the EPAs while such EPAs are assuming their role and responsibilities under the umbrella of the EPIP, the New Regulatory Instructions eliminated the role of the EPIP, and hence, the activities undertaken by the service providers as defined under the New Regulatory Instructions have become directly regulated by the CBK.

The New Regulatory Instructions are designed to establish the necessary regulatory and organizational frameworks while keeping up with the technological developments in the e-payment means, through enabling the CBK to directly supervise and oversee the institutions operating in this sector. Further, the New Regulatory Instructions empower the CBK with additional supervisory powers over electronic payment transactions which take place within the State of Kuwait, as well as the authority to issue the mandatory directives pertaining to the same.

Classification of Regulated Activities

The New Regulatory Instructions outline the requirements for both existing and emerging service providers operating as electronic payment providers, e-money providers or e-payment (“Regulated Activities”). Under the New Regulatory Instructions, the CBK approval/license is granted based on the volume and nature of the Regulated Activities, as briefly highlighted below:

• E-Payment Service Provider (“EPSP”): EPSPs are categorized into two types: small and large.

  Small EPSPs must be in the legal form of a joint-stock company or a limited liability company with a minimum capital of KWD 50,000 (fifty thousand Kuwaiti Dinars) on an ongoing basis, and can provide various services from the Regulated Activities, save for creating, saving, or transferring e-money and buy now pay later (“BNPL”) services (“Restriction”).
  
  Large EPSPs, on the other hand, must be in the legal form of a joint-stock company with a minimum capital of KWD 250,000 (two hundred and fifty thousand Kuwaiti Dinars) and the Restriction is also applicable thereon.
  

• E-Money Service Providers (“EMSP”): Similar to EPSPs, EMSPs are divided into small and large categories.

  Small EMSPs must be in the legal form of a joint-stock company or a limited liability company with a minimum capital of KWD 100,000 (one hundred thousand Kuwaiti Dinars) and can provide various activity services from the from the Regulated Activities except for BNPL services.

  Large EMSPs must be in the legal form of a joint-stock company with a minimum capital of KWD 1,000,000 (one million Kuwaiti Dinars) and do not have any restrictions on the activity services as long as such activity is within the scope of the Regulated Activities which they may provide.

• E-Payment Service Operators (“EPSO”): EPSOs are required to be in the legal form of a joint-stock company with a minimum capital of KWD 2,000,000 (two million Kuwaiti Dinars). They must operate and manage retail payment systems within Kuwait and can provide any activity services from the Regulated Activities, save for the Restriction.

What is the scope of the Regulated Activities?

Without prejudice to the CBK’s right and discretion to add to the scope of activities, the New Regulatory Instructions provide some activities to be within the scope of Regulated Activities, as listed herein below:

• payment acquisition;
• direct debit;
• issuing or providing e-payment methods;
• creating, saving, or transferring e-money; and
• BNPL services, limited-purpose e-money.

Exclusions from the Regulated Activities

The New Regulatory Instructions provide that payment transactions conducted through authorized commercial brokers, cash payment transactions, specific e-payment methods used for goods/services within a single issuer or affiliated companies, transactions within securities settlement systems, check-based payments, intercompany transactions, and transportation of banknotes and coins shall be excluded from the scope of the Regulated Activities.

Registration and Other Requirements

Registration

All the providers of the Regulated Services must register in the designated register at the CBK, except for local banks, which are exempt from the aforementioned requirement. Such register serves as a platform whereby the basic information of the service providers, along with additional data specified by the CBK are recorded.

Suspension of the Service Providers

The CBK, under the New Regulatory Instructions, has the authority to suspend the registration of the service providers under various circumstances which include the provider’s failure to perform the licensed activity within six months from the registration date, engaging in activities that adversely impact system stability or the financial system, hindering the work of CBK inspectors, or engaging in practices that may pose a risk to customers or the public interest.

Change of ownership

Service providers are also required to request the prior approval of the Governor of the CBK on any proposed changes to their memorandum of association or by-laws, including the change in the shareholding structure.

Other requirements

Service providers should also adhere to specific risk management requirements. They must develop and abide by the policies, procedures, systems, and controls to effectively manage risks associated with the privacy of data, their electronic payment services, including operational, legal, reputational, money laundering, liquidity, third-party, and business continuity risks. Additionally, the service providers must establish policies and procedures to detect and address fraud, and are required to inform the competent authorities about fraud cases and provide ongoing notifications to the CBK in that regard.

CBK’s Supervisory Role

Service providers are obligated to submit all necessary data and information to the CBK for the purpose of facilitating supervision, control, and inspection of their activities. They must also allow CBK personnel access to their books, records, documents, periodic reports, data, work minutes, and any other information specified by the CBK’s instructions, in ensuring proper oversight. Additionally, the service providers are required to cooperate fully with the CBK in this regard and must not take any actions that hinder the CBK’s supervisory process.

In conclusion, in furtherance of the CBK’s proactive role in protecting the payers who use e-payment means, these New Regulatory Instructions were issued to provide an extra layer of guarantee to the safety and stability of the e-payment sector in Kuwait.

We, at GLA, would be happy to assist you with any advice on the above and provide you with practical solutions to ensure continuous compliance with the CBK’s rules and regulations.

Authors: Maha El Meihy, Legal Director, Fahad Al Baijan, Associate, Liana Rashid, Trainee Lawyer

For further information, please contact Alex Saleh (alex.saleh@glaco.com) and Maha El Meihy (maha.elmeihy@glaco.com).