1. Member States shall ensure that the controls exercised by the competent authorities for checking continued compliance with this Title are proportionate, adequate and responsive to the risks to which payment institutions are exposed.
In order to check compliance with this Title, the competent authorities shall, in particular, be entitled to take the following steps:
(a) to require the payment institution to provide any information needed to monitor compliance specifying the purpose of the request, as appropriate, and the time limit by which the information is to be provided;
(b) to carry out on-site inspections at the payment institution, at any agent or branch providing payment services under the responsibility of the payment institution, or at any entity to which activities are outsourced;
(c) to issue recommendations, guidelines and, if applicable, binding administrative provisions;
(d) to suspend or to withdraw an authorisation pursuant to Article 13.
2. Without prejudice to the procedures for the withdrawal of authorisations and the provisions of criminal law, the Member States shall provide that their respective competent authorities, may, as against payment institutions or those who effectively control the business of payment institutions which breach laws, regulations or administrative provisions concerning the supervision or pursuit of their payment service business, adopt or impose in respect of them penalties or measures aimed specifically at ending observed breaches or the causes of such breaches.
3. Notwithstanding the requirements of Article 7, Article 8(1) and (2) and Article 9, Member States shall ensure that the competent authorities are entitled to take steps described under paragraph 1 of this Article to ensure sufficient capital for payment services, in particular where the non-payment services activities of the payment institution impair or are likely to impair the financial soundness of the payment institution.