The FCA has recently published proposed temporary guidance for payment firms in light of the ongoing COVID-19 crisis - further underlining safeguarding as one of the FCA’s supervisory priorities.
The regulator is concerned that safeguarding shortcomings, such as, commingling of customer and own funds as well as inaccurate record keeping, would hinder the repayment of outstanding customer claims should one or more payment services or e-money firms fail. The challenging UK economic environment which could lie ahead has hastened regulatory intervention in a sector where many firms rely on investor funding to stay viable on the road to profitability.
The guidance should help firms prevent harm to their customers if firms fail, by making the wind-down process as orderly as possible and facilitating the return of customer funds in a timely manner.
Key challenges for payment firms
It is our experience that payment firms often face common challenges in implementing measures to safeguard customer funds under the Payment Services Regulations 2017 and/ or Electronic Money Regulations 2011:
- Identification and segregation of relevant funds - For firms using the segregation method, the accurate identification of relevant funds is a pre-requisite for their proper separation from those received for other purposes. It is common for firms to forego a complete analysis of how relevant funds arise within the programme of e-money or payment services they offer. This makes it difficult to determine when funds flowing through their banking arrangements should be protected in order to avoid co-mingling.
- Book-keeping, reconciliation and account administration - Firms should have robust systems to record customer funds held and well-designed controls to check their completeness and accuracy. The proposed FCA guidance has, for the first time, prescribed a pro-forma bank/custodian acknowledgement letter and a naming convention for customer accounts.
- Monitoring and oversight - We are aware that some firms still lack well-documented policies and procedures. This makes the management of customer funds and related risks operationally difficult to monitor and report on. There is an expectation that safeguarding practices are reviewed regularly at decision-making committees, supported by relevant management information.
Compliance audits - standing up to the scrutiny of an “audit”.
Within the temporary guidance the FCA has made it clear that it expects firms to arrange specific annual audits of their compliance with the safeguarding requirements under the regulations and to exercise due skill, care and diligence in selecting and appointing auditors for conducting safeguarding audits.
For many firms operating payment and/or e-money services, these new safeguarding audits will be the first time their organisational arrangements for safeguarding have been subject to the scrutiny of an ‘independent audit’. Assuming that these new safeguarding audits will be structured in a similar manner to those established for investment firms in charge of client money and assets (e.g. “CASS Audits”), it is very likely that the initial reports received/issued will contain significant findings management will need to be prepared to remediate.
What firms should do now?
Firms should take steps in the immediate-term to ensure that their house is in order prior to the commencement of an external "safeguarding audits", and should consider taking the following steps:
- Safeguarding health checks - Carrying out independent review of the firm’s safeguarding arrangements and receive fact based findings and insights, as well as a clear management action plan that is approved by the Board to remediate any issues identified.
- Internal audit - Internal Audit should ensure that it has resources with the right regulatory skills and knowledge to review and challenge the firm's safeguarding arrangements.
- Robust policies, risk, controls and procedural documentation - Firms should design policies and procedures to make clear the firm's approach to compliance with the safeguarding regulations, and ensuring that they are truly embedded within their controls environment.
This consultation on the proposed temporary guidance ends on 5 June 2020.
The FCA will conduct a full consultation later in 2020 on changes to its existing Approach Document, which will likely include a proposal to incorporate this temporary guidance.