4th July 2019 - FCA issues Dear CEO Letter to E-Money and Payment Services firms on 'Safeguarding arrangements of non-bank payment service providers'.
If you believe that you may have trouble providing the attestations required to be given to the FCA contact Peter Oakes (linkedin profile) who is working with both UK and Irish professional services firms which are helping fintech firms with their regulatory obligations.
Here's a short summary of the FCA's findings (with links providing further detail):
1) Problems with segregation
There were significant shortcomings identified in firms’ safeguarding arrangements including:
• poor understanding of which funds are relevant and should be segregated;
• delays in segregating funds following receipt; and
• failing to check that the correct amounts are being segregated frequently enough (i.e. through reconciliation processes)
2) Weak risk management and oversight
Sample of firms showed insufficient oversight of arrangements for managing the risks to customer funds. Examples of this included:
lack of detail and rationale in policy documentation
lack of effective and regular monitoring and review of safeguarding.
Several firms with rapidly evolving business and operating models could evidence adequate consideration of the impact of their operational changes on safeguarding arrangements.
3) Priority areas for improvement and some points firms should consider to help ensure that customer funds are protected in an insolvency event. Click here to read more
4) Examples of how firms have operationalised the requirements in line with the rules and guidance, and other examples of non-compliant processes. Click here to read more
The FCA now expects all relevant firms to review their current safeguarding arrangements, including the rationale for the decisions made, to make sure they fully meet the requirements.
The FCA expects firms should, if not already done, map each of its products or services to determine when the funds they hold are relevant funds and whether they require additional safeguarding arrangements.
Where a firm has identified inadequacies, the FCA expects the firms to take prompt remedial action. This includes notifying the FCA in writing without delay if in any material respect the firm has not complied with or is unable to comply with the requirements in regulation 20 of the EMRs or regulation 23 of the PSRs.
Note: Each and every Electonic Money Firm and Authorised Payments Institution must respond by confirming one of the following statements to the FCA:
A) I confirm that my firm has carried out a review of its safeguarding procedures taking into account the guidance in the FCA’s Approach Document and the letter of 4 July 2019 date. I confirm that I am satisfied that my firm complies with the safeguarding requirements set out in regulation 23 of The Payment Services Regulations 2017. OR
B) My firm has ceased to carry out payment services and is taking appropriate steps to cancel its authorisation.
The FCA says that it is requiring this attestation to gain a personal commitment from each relevant firm that specific action has been taken. The FCA's aim is to ensure that there is clear accountability and senior management focus on those specific issues where the FCA would like to see change within firms.
If you believe that you may have trouble providing the attestations required to be given to the FCA contact Peter Oakes (linkedin profile) who is working with both UK and Irish professional services firms which are helping fintech firms with their regulatory obligations.
Here's a short summary of the FCA's findings (with links providing further detail):
1) Problems with segregation
There were significant shortcomings identified in firms’ safeguarding arrangements including:
• poor understanding of which funds are relevant and should be segregated;
• delays in segregating funds following receipt; and
• failing to check that the correct amounts are being segregated frequently enough (i.e. through reconciliation processes)
2) Weak risk management and oversight
Sample of firms showed insufficient oversight of arrangements for managing the risks to customer funds. Examples of this included:
lack of detail and rationale in policy documentation
lack of effective and regular monitoring and review of safeguarding.
Several firms with rapidly evolving business and operating models could evidence adequate consideration of the impact of their operational changes on safeguarding arrangements.
3) Priority areas for improvement and some points firms should consider to help ensure that customer funds are protected in an insolvency event. Click here to read more
4) Examples of how firms have operationalised the requirements in line with the rules and guidance, and other examples of non-compliant processes. Click here to read more
The FCA now expects all relevant firms to review their current safeguarding arrangements, including the rationale for the decisions made, to make sure they fully meet the requirements.
The FCA expects firms should, if not already done, map each of its products or services to determine when the funds they hold are relevant funds and whether they require additional safeguarding arrangements.
Where a firm has identified inadequacies, the FCA expects the firms to take prompt remedial action. This includes notifying the FCA in writing without delay if in any material respect the firm has not complied with or is unable to comply with the requirements in regulation 20 of the EMRs or regulation 23 of the PSRs.
- PSD Firms must complete and return the Safeguarding Attestation - Authorised Payments Institutions
- E-Money Firms must complete and return the Safe Guarding Attestation - Electronic Money Institutions
Note: Each and every Electonic Money Firm and Authorised Payments Institution must respond by confirming one of the following statements to the FCA:
A) I confirm that my firm has carried out a review of its safeguarding procedures taking into account the guidance in the FCA’s Approach Document and the letter of 4 July 2019 date. I confirm that I am satisfied that my firm complies with the safeguarding requirements set out in regulation 23 of The Payment Services Regulations 2017. OR
B) My firm has ceased to carry out payment services and is taking appropriate steps to cancel its authorisation.
The FCA says that it is requiring this attestation to gain a personal commitment from each relevant firm that specific action has been taken. The FCA's aim is to ensure that there is clear accountability and senior management focus on those specific issues where the FCA would like to see change within firms.