Article:

Independent safeguarding audits for Payment Services and E-Money firms

11 February 2021

Payment Services and E-Money institutions have seen increased scrutiny from the FCA in recent years. Safeguarding of client money, especially within the current uncertain economic environment is an important area of focus by the regulator.

Within the FCA Guidance on Payment Services and Electronic Money – Our Approach document there is a requirement to perform an independent review of their compliance with the safeguarding provisions, which historically have been conducted by the third line or external assurance providers. However, the FCA now requires firms to perform an annual independent safeguarding audit. The expected scope of the audit will be based upon chapter 10 of FCA’s ‘Payment Services and Electronic Money (our approach)’ document which will cover, at a minimum:

  • Definitions on relevant funds – at the core of safeguarding is the requirement to clearly define relevant funds, i.e. which funds should be captured by safeguarding requirements and which should not
  • Documentation of controls and processes – a clear understanding of where the obligation to safeguard funds starts and ends within the process and the key elements of internal and external reconciliations
  • Methods of safeguarding – the requirements sets out the appropriate methods for safeguarding (Segregation or insurance/guarantee method) and how they should be performed
  • Systems and controls – an appropriate control environment that is designed to safeguard funds is fundamental to ensuring complete and accurate identification, separation and reconciliation of relevant funds to safeguard. This extends from business operational controls to IT General controls
  • Insolvency event - Safeguarding is there to protect customer funds in the event of insolvency. The requirements link to wind-down planning and ensuring that funds are safely segregated to ensure protection of these funds in any future unforeseen circumstance. 

The expectation is that the audit should align to the accounting year end and be completed 4 months post period end date, by a competent team with specialist skills in auditing compliance with the safeguarding requirements under the PSRs/EMRs.

How can we help you?

We have strong regulatory experienced team, specifically with practical safeguarding experience within the payments and e-money sector. Experience gained by working with local UK and international clients, and within the FCA’s Payment Services and E-money Authorisation team.

We offer a range of services to help firms that are tailored to a firm’s business model, governance structure, governance arrangements, operations and three lines of defence.

For more information, please contact Luke Patterson and Kelly Sheppard to discuss further.