On 4th July 2019, the FCA released the findings from its recent review of non-bank payment service providers (PSPs).
The FCA assessed how well PSPs (i.e. authorised payment and e-money institutions) meet the requirements for safeguarding customer funds in practice, in accordance with the Payment Services Regulations 2017 (PSRs) and the Electronic Money Regulations 2011 (EMRs).
The requirements in the PSRs and EMRs are designed to ensure that PSPs protect customer funds by creating a segregated asset pool of relevant funds from which to pay the claims of electronic money holders, or payment service users, in priority to other creditors if the PSP becomes insolvent. This is important because authorised payment and e-money institutions are not covered by the Financial Services Compensation Scheme. There is therefore high potential for harm to consumers if a PSP has not safeguarded customer funds adequately.
1. How well firms understood which funds are 'relevant funds'
The FCA's review found that some firms were unable to explain which payment services they were providing and some were unable to identify when they were issuing e-money, whilst others were unclear as to whether they were acting as agent or distributor for another PSP. This meant they could not accurately identify relevant funds, and as such, they did not know whether they were safeguarding the correct amount of relevant funds.
2. Effectiveness of firms' safeguarding procedures and documentation
The FCA expects firms to maintain sufficient records to demonstrate compliance with their safeguarding obligations, and to have a documented rationale for every decision they make about their safeguarding process and the systems and controls they have in place.
The FCA found some firms relied on operational process documents which simply outlined the rules. The FCA considers that this does not sufficiently demonstrate a firm's compliance with safeguarding obligations or record keeping requirements.
3. How well firms met the FCA's expectations on segregating funds
The obligation on firms to safeguard starts as soon as they receive relevant funds. The FCA expects firms to segregate relevant funds by receiving them into a separate account. Where, for customer convenience, any other funds are paid into the account, they should be removed as frequently as practicable throughout the day. In no circumstances should such funds be kept together overnight.
The FCA found that not all firms complied with these requirements, and in particular, some did not attempt to segregate relevant funds on receipt.
4. How effectively agents and distributors were overseen
Firms should have arrangements in place to ensure that relevant funds held by agents or distributors are safeguarded as soon as they are received.
The FCA found that some firms did not take any measures to ensure that they were segregated on receipt. Other firms calculated their safeguarding obligation at the end of the business day on which e-money was issued and transferred funds into a safeguarding account the next business day. This meant that relevant funds were combined with other non-relevant funds overnight.
5. Designating safeguarding accounts
Accounts in which relevant funds or assets are placed must be designated in a way that shows it is a safeguarding account. If this is not possible, the FCA expects e-money and payment institutions to provide evidence (such as a letter) confirming the appropriate designation.
The FCA found the account designations were not clear for several firms. Instead, the accounts were named according to their operational function or after the relevant agent or distributor.
6. How effectively firms carried out reconciliations
Firms must carry out internal and external reconciliations as often as necessary, considering the risks to which the business is exposed, and should have a clear explanation for their approach to reconciliations (which must be signed off by their board of directors).
The FCA highlights that in no circumstances would it be acceptable for a firm to carry reconciliation less than once during each business day.
The reconciliation should result in the amount of funds or assets safeguarded being:
- sufficient to cover the amount that the institution would need to safeguard before the next reconciliation; and
- not excessive - to minimise risks from commingling.
The FCA found that several firms did not carry out internal and external reconciliations, or did so infrequently, or did not adjust the balance of their safeguarded accounts in a timely way when they identified discrepancies. This resulted in the commingling of funds overnight.
7. The effectiveness of firms' governance and oversight arrangements
Firms must have in place effective risk management procedures, adequate internal control mechanisms and maintain relevant records. Firms should monitor these procedures through robust governance arrangements. In addition, organisational arrangements must be sufficient to minimise the risk of the loss or diminution of relevant funds or assets through fraud, misuse, negligence or poor administration.
The FCA found some firms considered safeguarding risk only on an exceptions basis and would only revisit their processes if they identified a breach. In some cases, the FCA found controls to identify a safeguarding breach were not fit for purpose. This meant these firms did not adequately consider safeguarding when developing new products, leading to inadequate safeguarding processes.
Dear CEO Letter and FCA attestation
The FCA published a Dear CEO Letter on 4th July 2019 requiring all electronic money institutions and authorised payment institutions to review their safeguarding arrangements, to make sure they fully meet the requirements in the EMRs and PSRs (as applicable).
The FCA has asked firms to:
- attest to the FCA that they are satisfied that they meet the requirements in regulation 23 of the PSRs or regulation 20 of the EMRs by 31st July 2019. Firms that are un-able to attest by this date should contact the FCA to discuss next steps; or
- notify the FCA immediately if they are non-compliant in any material respect and take prompt remedial action.
The FCA will be conducting further work on firms' safeguarding arrangements, and expects to see that firms have acted to review, and where necessary, remediate their processes. The FCA has said it will take appropriate action against firms with inadequate safeguarding arrangements.
If you are affected by any of the above, we recommend you review your safeguarding arrangements against the FCA's findings without delay. We would be delighted to assist you with your review and, if necessary, advise you on any remediation action.
For further information, please do not hesitate to contact us.
FCA's Dear CEO Letter to non-bank PSPs dated 4th July 2019
FCA's Approach Document on Payment Services and Electronic Money dated June 2019