BlueSnap Payment Services Ireland Limited breached the requirements of the European Union (Payment Services) Regulations 2018 (the PSR 2018) between January 2021 and December 2022.

The company was authorised by the Central Bank as a payment institution under the PSR 2018 on 23 December 2020 to provide payment services.

BlueSnap provides “merchant acquiring services” enabling its customers, which are businesses that sell products and services online, to accept payments for products and services sold.

When an online sale is made by one of BlueSnap’s customers, BlueSnap should collect the money, hold it securely in a segregated bank account and then pay it onwards to the customer’s bank account.

However, the Central Bank said BlueSnap did not deposit its customers’ funds in the designated safeguarding account, mixed its customers’ funds with other funds, and delayed informing the Central Bank once it became aware that it was not following the safeguarding procedures that BlueSnap had set out to the Central Bank in its application for authorisation.

These failings arose due to deficiencies in regulatory awareness and understanding of reporting requirements, in addition to inadequate oversight and monitoring by BlueSnap of safeguarding operations which were provided by the BlueSnap group — which BlueSnap says it has now resolved.

A settlement was reached between the Central Bank and BlueSnap on 19 November 2024.

The Central Bank determined that sanctions comprising a reprimand and a monetary penalty in the amount of €463,200 were warranted. The application of a 30 per cent settlement scheme discount brought that amount down to €324,240.

The sanctions have been accepted by BlueSnap but will not take effect unless they are confirmed by the High Court.

Seána Cunningham, director of enforcement and anti-money laundering at the Central Bank, said: “Payment and e-money firms are authorised to hold and transfer money on behalf of customers, and at the core of this is a requirement for them to safeguard this money.

“Safeguarding customer funds is a fundamental requirement for any payment or e-money institution and the Central Bank has made its supervisory expectations in this regard clear. 

“When firms apply for authorisation, they need to demonstrate to the Central Bank how they will meet their regulatory obligations.

“It follows that they must then adhere to the commitments they have made at authorisation when they provide services as an authorised financial services provider. If information provided at authorisation is no longer accurate, firms must inform the Central Bank of this promptly and take any necessary remedial action.

“In this case, BlueSnap failed to comply with its safeguarding obligations, which exposed its customers to significant risk, and failed to inform the Central Bank promptly of changes to the accuracy of the information it provided in its application for authorisation. 

“The safeguarding of customer funds has been, and will continue to be, a key area of supervisory focus for the Central Bank.”