The Financial Conduct Authority (‘FCA’) published on 9 July 2020 their “Dear CEO Letter” covering key areas where non-compliance has the potential to harm consumers and issued finalised guidance on the safeguarding of customer funds and expected prudential risk management measures.
The FCA expects firms to take immediate action by reviewing their processes and controls and putting remediation plans in place where deficiencies against the new guidance are found. It has made it clear that it will act, including by restricting or cancelling permissions, if firms do not properly adhere to the conditions of their authorisation and their other consumer protection requirements.
Overall, this guidance represents a step change in the FCA’s expectations for payment services and e-money firms.
Clarifications to the safeguarding guidance
Much of the finalised guidance is as stated in the FCA’s consultation, however, there are a few areas where the FCA has provided useful clarifications:
- Account naming – the FCA has stated that accounts may be designated as ‘customer’ accounts, as well as the other viable alternatives: ‘safeguarding’ or ‘client’ accounts.
- Unallocated funds – where funds are unallocated to a specific customer, but firms can still identify that they were received to execute a payment transaction or in exchange for the issuance of e-money, the funds are “relevant funds” and should be safeguarded accordingly. Firms must make reasonable endeavours to identify the customer(s) and, pending completion of this process, record these funds in their books and records as ‘unallocated customer funds’.
- Safeguarding audits – the FCA clarified its expectations for annual and material business model change-related safeguarding audits. The auditor will issue a reasonable assurance opinion, the highest level provided, as to whether the firm has maintained organisational arrangements adequate to enable it to meet the FCA’s expectations. It is important to note that auditors will measure firms’ compliance against both the EMRs / PSRs as well as the FCA’s safeguarding provisions set out in Chapter 10 of the Approach Document.
Finalised guidance on prudential risk management
The finalised guidance emphasises the importance of robust governance arrangements and procedures to identify, manage and monitor risks to the prudential health of the business:
- Risk and control capability – the FCA expects firms’ boards and senior management to regularly review their risk management function and ensure that it remains appropriate to the business and its rate of growth. Where the firm is required to have an independent risk management function, the FCA expects firms to proportionately scale up and expand it as the business grows.
- Stress testing – the final guidance expects firms to test for the failure of one or more major counterparties. While it does not require firms to survive the failure of major counterparties, the increased focus on operational resilience suggests that it will expect firms to consider their business continuity arrangements and the impact of counterparty failure on customers. Firms are required to stress test the business at least annually or more frequently if there are substantial changes in the market or in macroeconomic conditions. If part of a group, the firm should be stress testing on a solo basis, taking into account the risks posed by its membership of the group.
- Capital requirements – the final guidance reiterates the importance of correctly calculating their capital requirements and resources on an on-going basis and reminds senior management that it is responsible for this. It is essential that management are comfortable that the numbers are correct – not doing so could lead to regulatory sanctions.
- Intra-group receivables – the FCA considers it “best practice” to deduct intra-group receivables from own funds to reduce intra-group risk, including during stress testing and in regulatory reporting, unless there is an equally safe alternative intra-group arrangement in place. This reflects the fact that if a member of the group fails while owing a significant amount, it could lead to the immediate failure of the other. It is possible that if a firm does not follow the best practice and has no alternative method for safely managing intra-group risk, the FCA may impose restrictions and / or a capital add-on to reduce the potential impact of this risk crystallising.
All payment firms are required to have a wind-down plan (‘WDP’) and this aligns with the regulator not operating a zero-failure regime, but also minimising the impact of failures when they happen. Wind-down planning is linked to other parts of the guidance – risk management and stress testing for examples, as well as identifying the point of failure.
One area that firms typically find challenging when drawing-up a wind-down plan is the operational and logistical aspects of wind-down and, while not highlighted in the paper, it is an important aspect since it is a significant driver of the duration and cost of wind-down.
The wind-down plan will help firms estimate the financial and non-financial resources required to execute the wind-down and this in turn will help firms assess the quantum of capital and liquidity that they should hold in the event that a wind-down is required. Where a firm has insufficient resources to execute a wind-down, the FCA may expect firms to increase them to ensure that they can wind the business down safely.
Governance and oversight arrangements
The “Dear CEO Letter” and accompanying final guidance reiterates the importance of well-designed governance and oversight arrangements in driving high standards of conduct:
- International firms – should have appropriate presence of decision-making authority and risk management capability in the United Kingdom;
- Senior members of firms and board members – should have specific knowledge of how processes, such as safeguarding, are implemented within their own organisations.
A reminder on Brexit
Firms are reminded that they should be ready for Brexit as the end of the transition period fast approaches on 31 December 2020. Further underlining the FCA’s focus on consumer protection, they have chosen to remind firms that their Brexit preparations should be guided by what is the right outcome for customers and take all necessary steps to follow local law and regulatory expectations.