In this Article (33), “Payment Token Service Provider” refers to a Licensee or a Registree, with the exception of Registered Foreign Payment Token Issuers.
2.
A Payment Token Service Provider must have and maintain effective, robust and well-documented corporate governance arrangements, including a clear organizational structure with well-defined, transparent and consistent lines of responsibility.
3.
The corporate governance arrangements referred to in Article (33)2 must be comprehensive and proportionate to the nature, scale and complexity of the Payment Token Services provided, and shall contain, at a minimum:
a)
an organization chart showing each division, department or unit, indicating the name of each responsible individual accompanied by a description of the respective function and responsibilities;
b)
controls on conflicts of interest;
c)
controls on integrity and transparency of the Licensed Payment Token Service Provider’s operations;
d)
controls to ensure compliance with applicable laws and regulations;
e)
methods for maintaining confidentiality of information; and
f)
procedures for regular monitoring and auditing of all corporate governance arrangements.