obOpen Banking Lab
GlossarySTETBlogContact
Regulation

ACPR

Autorité de Contrôle Prudentiel et de Résolution (French Prudential Supervision and Resolution Authority)

France's regulator for banks, insurers and fintechs. It is the ACPR that grants PSP, AISP and PISP authorisations — and that can withdraw them.

See also:EBABanque de FranceCommission EuropéenneTPPASPSP

Definition

The ACPR (Autorité de Contrôle Prudentiel et de Résolution) is France's regulator for banks, insurers and fintechs.

Attached to the Banque de France, it is the body that grants the authorisations any PSD2 player needs to operate in France — PSP, EMI, AISP, PISP, CBPII — and that can withdraw them in the event of a breach.

ACPR, EBA, Banque de France: who does what

Three players that are often confused:

  • EBA — the European authority, which writes the technical rules (RTS, guidelines).
  • ACPR — the French authority, which applies these rules: authorisation, supervision, sanction.
  • Banque de France — the central bank, to which the ACPR is attached (shared premises and resources) while remaining independent in its decisions.

The ACPR is the direct point of contact for any French fintech seeking authorisation.

What the ACPR does

  • Grants authorisations: payment institution (PI), electronic money institution (EMI), AISP, PISP, CBPII.
  • Supervises on an ongoing basis: minimum capital, anti-money-laundering framework (AML/CFT), governance, IT security.
  • Carries out on-site and off-site inspections: audits, document requests, surprise visits.
  • Sanctions through its Sanctions Committee: from a warning to the withdrawal of authorisation, with fines that can reach €100M or 10% of turnover.
  • Maintains the national register of PSPs (REGAFI), which can be consulted online to check that a player is authorised.

What the ACPR does not do

  • Does not write the law: that is for the European Commission (directives) and the French Parliament (transposition).
  • Does not draft the RTS: that is the EBA.
  • Does not settle customer disputes: that role falls to the competent ombudsman or to consumer associations.
  • Does not supervise the financial markets: that is the AMF (Autorité des Marchés Financiers, the French Financial Markets Authority).

In the PSD2 ecosystem

The ACPR is the mandatory entry point for any French fintech targeting the PSD2 scope. It then relays the information to the EBA register to activate the European passport.

Concrete examples

  • Obtaining an authorisation: Bridge, Pennylane, Qonto, Lydia and Fintecture all obtained their status from the ACPR before operating. Expect 6 to 12 months of review and a substantial file (governance, IT, own funds, continuity plan).
  • Checking a partner: before signing with a provider, you consult REGAFI to confirm its status and the exact scope of its authorisation.
  • Notable sanctions: the ACPR has already imposed fines of several million euros for AML/CFT breaches — a concrete, not theoretical, risk.
  • Useful monitoring: the ACPR regularly publishes reviews, positions and recommendations (fintech, crypto, AI) that anticipate upcoming inspections.

Sources

Back to glossary