Priorities of the National Bank of Moldova for 2026-2027 regarding the supervision of non-bank payment service providers

The competences of the National Bank (NBM) in the field of payment and settlement systems and in payment services provision are becoming more complex, especially considering the implementation of new functionalities related to payment initiation services and account information services, the instant payment scheme, and the connection of the Republic of Moldova to the Single Euro Payments Area (SEPA). In this context, the control of the activities in this area and the monitoring of the associated risks are key components of the supervision process carried out by the NBM.

In carrying out its supervisory duties over non-bank payment service providers (non-bank PSPs), the NBM continues to focus on verifying compliance with the regulatory framework requirements, ensuring operational resilience and assessing the effectiveness of internal control processes and risk management to prevent and mitigate the specific risks associated with their activities.

The priorities related to the supervision process of non-bank PSPs for the 2026-2027 period reflect the key directions of the National Bank of Moldova (NBM) in supervising the non-bank sector related to payment services for the next two years, which may be adjusted depending on the evolution of the risk spectrum in the targeted area.

Thus, in accordance with the principle of risk-based supervision, the NBM has established the following priorities for the supervision process of non-bank PSPs for the 2026-2027 period:

I. Compliance with regulatory requirements on ownership structure and governance

The establishment of secure governance systems, ensuring the adequacy of the ownership structure and capital, represents essential conditions for the activities of non-bank PSPs, throughout the validity period of the licence. The NBM will focus its efforts on evaluating the following aspects:

the quality of the ownership structure to ensure stable and prudent administration of non-bank PSPs and prevent their involvement in risky activities;
the organisational structure, key functions, segregation of responsibilities, independence of control functions, and transparency of the decision-making process;
the adequacy of the internal control framework;
the existence of effective procedures for identifying, managing, monitoring, and reporting the risks to which non-bank PSPs are or could be exposed.

II. Management of risks associated with payment service provision and electronic money issuance

The supervisory activity will focus on verifying the effectiveness of measures implemented by non-bank PSPs for identifying, assessing, and managing operational and liquidity risks, particularly considering the implementation of new functionalities related to payment initiation services, account information services, the instant payment scheme, and the connection of the Republic of Moldova to the Single Euro Payments Area (SEPA).

In this context, during the 2026-2027 period, the NBM will focus its efforts on evaluating:

the operational resilience of non-bank PSPs as participants in financial market infrastructures;
the application of strict customer authentication processes and the verification of their activities related to payment service provision via remote access of electronic payment instruments, and the monitoring mechanisms applied by them;
the monitoring of the actions taken by non-bank PSPs in order to implement the open banking concept;
the contractual relationships with third parties involved in payment services provision through payment schemes and arrangements, the issuance, putting into circulation, and/or acceptance of payment instruments (SEPA, Card processing centres, International card payment systems, etc.);
the protection of funds belonging to payment service users and the adequacy of equity and regulated capital;
compliance with the applicable regulatory framework for payment service provision.

III. Prevention and combatting of money laundering and the financing of terrorism

The National Bank of Moldova will continue to monitor and supervise the activities of non-bank PSPs, focusing on their compliance with the requirements of the applicable regulatory framework and the measures taken to mitigate the risks of money laundering and the financing of terrorism (ML/FT) identified in the national risk assessment. In this regard, supervisory actions will focus on verifying the following aspects:

updating risk assessments of ML/FT in the area of activity of non-bank PSPs, in line with the risks identified at the national level for the respective sector;
assessing ML/FT risks for new products and services, as well as for innovative technologies and solutions under development;
compliance with remote identification requirements, in accordance with Regulation No 281/2024 on the requirements for the identification and verification of customers’ identities by electronic means (e-KYC);
reviewing internal policies and procedures in order to comply with the requirements of applicable legislation;
adequate application of customer due diligence measures, proportionate to the risks assigned to them, including for high-risk clients;
management and operational updates of sanctions lists (EU, OFAC, UN) and compliance with requirements for the application of international restrictive measures;
implementing advanced monitoring through dedicated scenarios, detecting suspicious transactions and activities, and their appropriate reporting;
improving IT systems and internal control mechanisms to prevent fraud and avoid the use of non-bank PSPs in unlawful activities;
continuous training of staff through training programs adapted to legislative changes and new ML/FT typologies.

These supervisory actions will contribute to strengthening the mechanisms for preventing and mitigating identified ML/FT risks, enhancing the internal control systems of non-bank PSPs, and developing a secure, transparent, and resilient non-bank payment sector.

IV. Risk associated with information and communication technologies (ICT)

In the context of the increasing digitalisation and expansion of payment services provided by non-bank PSPs, the NBM aims to strengthen a secure, transparent, and efficient operational framework for these entities.

For the reference period, the supervision of non-bank PSPs will focus on strengthening internal governance and risk management processes, in line with technological developments and the requirements of the regulatory framework. The NBM will assess the ability of non-bank PSPs to identify, control, and monitor risks associated with digital activities, ensuring the existence of appropriate organisational structures and well-founded internal policies in this regard.

A key focus will be on operational resilience and information security, considering the essential role of IT infrastructures in the provision of payment services. In this context, supervision will examine how IT incidents are managed, the operation of continuity mechanisms, and the measures to protect user data. Additionally, relationships with third-party providers will be analysed, focusing on how outsourcing is managed, especially when it impacts critical processes.

In the context of the accelerated implementation of new technologies and the diversification of business models, the NBM will monitor the integration of innovations to ensure they are accompanied by appropriate controls and do not create vulnerabilities in payment systems.

The planned actions aim to facilitate the implementation of new payment services and payment instruments, strengthen innovative character, and enhance the security of payment services, encouraging the use of cashless payments.