Module Application
This module applies to organisations that require authorisation, registration or ongoing prudential supervision to provide regulated financial services within the European Union. It covers the principal requirements applying to credit institutions, investment firms, payment institutions, electronic money institutions, insurers, crypto-asset service providers, crowdfunding service providers and other regulated financial entities where relevant. Compliance requires organisations to obtain and maintain the necessary authorisations, satisfy governance, capital, conduct and operational resilience requirements, and comply with ongoing supervisory obligations administered by EU and national competent authorities.
Module Scope
The module covers the lifecycle of regulatory authorisation, including licensing, changes in control, passporting, governance and fitness and propriety, prudential and capital requirements, conduct of business, consumer protection, outsourcing and ICT risk management, AML/CFT interfaces, supervisory reporting, recovery and resolution considerations, and regulatory intervention.
Some of the specific questions this module covers are:
- Does the organisation obtain and maintain all required regulatory authorisations before carrying on regulated financial services activities?
- Does the organisation maintain governance, risk management, capital and operational resilience arrangements required by EU legislation?
- Does the organisation comply with ongoing reporting, notification and supervisory engagement obligations?
- Does the organisation satisfy requirements for cross-border activities, passporting and changes in control?
The key topics covered in this module are:
- Authorisation & Licensing
- Governance & Fit and Proper Requirements
- Prudential & Capital Requirements
- Conduct of Business & Customer Protection
- Operational Resilience & ICT Risk
- AML/CFT & Financial Crime Interfaces
- Supervisory Reporting & Regulatory Engagement
- Cross-border Passporting & Resolution
The module encompasses a range of legislative sources and primary law including:
- Regulation (EU) 2023/1114 (MiCA)
- Regulation (EU) 2022/2554 (DORA)
- Directive 2013/36/EU (CRD)
- Regulation (EU) No 575/2013 (CRR)
- Directive 2014/65/EU (MiFID II)
- Regulation (EU) No 600/2014 (MiFIR)
- Directive (EU) 2019/2034 (IFD)
- Regulation (EU) 2019/2033 (IFR)
- Directive (EU) 2015/2366 (PSD2)
- Directive 2009/110/EC (Electronic Money Directive)
- Directive 2009/138/EC (Solvency II)
- Directive (EU) 2016/97 (IDD)
- Directive 2011/61/EU (AIFMD)
- Directive 2009/65/EC (UCITS)
- Directive 2014/59/EU (BRRD)
- Directive (EU) 2024/1640
- Directive (EU) 2015/849
- Regulation (EU) 2020/1503 (ECSPR)
- Commission Delegated Regulations (EU) 2024/1772 and 2024/1774
- Charter of Fundamental Rights of the European Union
Non-compliance may result in refusal, suspension or withdrawal of authorisation, administrative penalties, pecuniary sanctions, public censure, restrictions on business activities, remediation directions, capital add-ons, enforcement action against responsible persons, and, where provided by legislation, civil or criminal liability.
This module is designed for organisations that require authorisation or registration to provide regulated financial services within the European Union, including credit institutions, investment firms, payment institutions, electronic money institutions, insurers, crypto-asset service providers, crowdfunding service providers, fund managers and other regulated financial entities. It is also relevant to directors, senior management and governance, legal, risk and compliance professionals responsible for maintaining regulatory authorisation and ongoing supervisory compliance.