‘Payment services and EMoney institutions have seen increased scrutiny from the FCA over the past few years and we are seeing evidence that the FCA has identified a number of focus areas to ensure regulatory responsibilities are met. These are clearly set out in their Dear CEO letter from July 2019 and their more recent guidance from July 2020 highlights particular concerns with safeguarding customer’s funds and prudential risk management. We anticipate that the regulator will continue its focus over the coming year and expect it to use a range of regulatory tools, including the continued use of Skilled Person reviews’
Richard Barnwell, BDO Partner, Financial Services Advisory
Increased focus on the payments and e-money sector
Following the implementation of the second Payment Services Directive (PSD2) and maneuvering key updates such as Open Banking and Strong Customer Authentication, as well as the introduction of the 5th Money Laundering Directive, the FCA has built its authorisation and supervision teams to manage the increased risks posed by the sector. In doing so, the FCA has set out in its previous business plans for both 2019/20 and 2020/21, how it intends to implement its Payments Sector strategy as well as ensure payment services and e-money is safe and accessible.
The FCA had included information relating to safeguarding customer funds as part of its assessment of firms during the re-authorisation of firms in line with PSD2. However following challenges faced by some payment services and e-money firms, including the return of funds on administration, the FCA has reiterated the need for strong risk, governance, systems and controls. Rapid development in the financial technology sector and an increased reliance on payment services and e-money during the Coronavirus pandemic has also increased the focus of the FCA ensuring there are appropriate measures to safeguard customer funds and minimise the potential for consumer detriment.
Supervision and areas of concern
The Director for Supervision for Retail and Authorisations issued a ‘Dear CEO’ letter to non-bank payment service providers in July 2019 highlighting problem areas following its review of how well firms were meeting the safeguarding requirements in practice. This identified the following problem areas:
- How well firms understood which funds are categorised as ‘relevant funds’ and should be segregated
- Weak risk management and oversight of customer funds
- Effectiveness of firms’ safeguarding procedures and documentation
- Designating safeguarding accounts
- How effectively firms carried out reconciliations
- The effective of firms’ governance and oversight arrangements
Given the review conducted and the clarity provided to firms last year, further supervisory contact has been made on an ad hoc basis with payment services and e-money firms to include remedial work around the controls required for the protection of customer funds.
Following the Coronavirus pandemic, the FCA issued additional finalised guidance in July 2020 for payment and e-money firms regarding safeguarding customers’ funds and prudential risk management. This provided additional temporary guidance to the industry in attempts to strengthen firms’ prudential risk management and arrangements for safeguarding customers’ funds at a time of changing business models and economic stress. The finalised temporary guidance addressed the following:
- Keeping records and accounts
- Safeguarding accounts and acknowledgement letters
- Selecting, appointing and reviewing third parties
- When the safeguarding obligation starts
- Unallocated funds
- Annual audit of compliance with safeguarding requirements
- Disclosing information in treatment of funds on insolvency to customers.
- Governance and controls
- Liquidity and capital stress testing
- Risk management arrangements
- Capital adequacy
The FCA has also explicitly highlighted the need for payment and e-money firms to have a wind down plan to manage liquidity, operational and resolution risks. Whilst these should be proportionate to the size and nature of the firm, we have seen action from the FCA to obtain further information from firms in this particular area.
Risk, Governance, Systems and Controls
With the FCA acting quickly on the various behaviours they identified in the market, it is increasingly important for payment and e-money firms to have robust risk management arrangements and the appropriate systems and controls to manage and monitor risks in accordance with the their conditions of authorisation and registration.
Whilst not yet subject to the SMCR, the firm’s senior management has an obligation to ensure systems and controls are regularly reviewed including its governance arrangements. This is particularly important at a time of business model change, growth and increased risk.
How can we help you?
We have strong regulatory experience with firms within the payments and e-money sector, obtained through working with new and existing firms that have proactively identified the need for support or been contacted directly by the FCA for further information. We have assisted a variety of clients with enhancing their safeguarding controls, risk and governance arrangements. TWe offer a range of services to help firms that are tailored to a firm’s business model, governance structure, governance arrangements and operations. We also provide ongoing regulatory and compliance support to firms on a retained basis.
In addition to the above, BDO also has extensive experience in relation to Skilled Person reviews (appointed to conduct over 20% of the skilled person reports commissioned by the FCA in 2018/2019), advisory and internal audit engagements across a variety of sectors. Specifically, we have supported payments and e-money firms in conducting skilled person reviews to assess payments and e-money business models, relevant funds, segregation of customer funds, risk management and oversight of safeguarding controls as well as the effectiveness of safeguarding procedures and documentation.
For more information, please contact Richard Barnwell or Zahra Ellahi to discuss further and refer to our wider team below.