| UK & Europe | Articles
Earlier this year, the FCA’s portfolio letter to payment and e-money firms intensified the spotlight on the sector. In the face of tightening economic conditions and a cost-of-living crisis, the regulator expressed concerns that firms lack robust controls, risking harm to their customers and to the integrity of the financial system.
The letter sets client safeguarding out as one of the FCA’s top priorities, emphasising how important it is to get this right. For the last few years, firms have been required to conduct audits and share these reports with the FCA, meaning it has a much better understanding of how well firms are complying with safeguarding requirements.
The main safeguarding themes highlighted by the letter include a lack of documentation around key policies, a lack of a clear definition of relevant funds, inadequate reconciliation procedures and a lack of due diligence. This is a wide-ranging set of issues, so there are a number of things that firms should be considering, as well as steps they should be taking, to address the FCA’s concerns. We regularly advise clients on how best to meet regulatory expectations, and there are a number of things that all firms should be doing.
Identifying relevant funds
Identifying relevant funds is the first thing that firms need to think about, as it sets the safeguarding footprint. Get it wrong and firms risk either omitting relevant funds or co-mingling other funds with their relevant funds. In the first instance firms would not be protecting all relevant funds and in the second firms risk polluting the safeguarding account. Therefore, in both instances the result would be putting their customers’ funds at risk. A precise understanding of when funds become relevant is essential to avoid over or under safeguarding.
Firms with multiple regulatory footprints will likely find this challenging. Those with CASS permissions are at particular risk of getting it wrong, due to a potential overlap between CASS funds and funds for payments activities. Clearly mapping the flow of funds to distinguish between what is safeguarding and what is CASS is key to making this work. If clients have both footprints, firms will need to maintain books and records such that the respective flows of funds are kept separate and are clearly identifiable.
Choosing the right safeguarding method
Once relevant funds are identified, firms must decide on the method of safeguarding. The regulations offer two core options: the segregation method and the insurance or comparable guarantee method.
The segregation method involves keeping relevant funds separate from the other funds the firm may be holding. Funds either need to be deposited in a safeguarding account with an authorised credit institution or, alternatively, invested in FCA-approved assets held by an authorised custodian.
The insurance or comparable guarantee method is where a firm organises for relevant funds to be covered by an insurance policy or comparable guarantee. Robust controls are needed to ensure that policies renew on time.
High premiums and uncertainty around the renewal process mean that the segregation method tends to be used more. It is important to note that as part of firms’ wind-down planning, those using this method need to consider how and where the proceeds from the insurance or comparable guarantee would be received in the event of a firm insolvency. This effectively means that firms will need to be able to receive funds into an appropriate safeguarding account during wind-down.
Despite the method used, firms need to be careful to ensure that they are using an account that constitutes a designated safeguarding account. When using the segregation method, we have seen many instances where firms want to hold segregated funds with another payment or e-money firm, which is not permitted by the regulations. Segregated funds held as cash can only be held with authorised credit institutions.
Before setting up a banking relationship with an authorised institution, there is some critical due diligence to be done on the authorised credit institution the firm intends to use. This includes assessing the third party’s diversification risks, capital, credit rating, and risk level in investment and loan activities.
Often firms gather this data without using it to reach a decision. They should be using it to assess the specific risk to their firm of holding relevant funds with these institutions, and whether the protection offered is sufficient in the context of their business and the funds they hold.
Due diligence needs to be done not only before an account is opened, but on a periodic basis throughout the relationship. This year, we have seen a number of banks go into or get close to liquidation. Whilst these banking failures related to non-UK banks, including Silicon Valley Bank in the US and Credit Suisse in Switzerland, the risk of contagion to UK credit institutions remains high, especially as some operated affiliate entities in the UK. Payments firms should therefore be alive to stories about their banking partners, and make sure that these feed into their ongoing due diligence. This would include in some instances taking the decision to do an off-cycle due diligence review on specific third parties.
Reconciliations
Well-defined safeguarding footprints, supported by the proper identification of relevant funds, will make reconciliations much easier. They ensure that everything that needs to be included in the reconciliations is included, and nothing essential is missed.
The FCA’s guidance on reconciliation is very high level, so firms are expected to set the standards for themselves. There are a number of good practices that can help ensure firms meet the regulator’s expectations. First, they should ensure that they use the appropriate records for each reconciliation type. For example, it would not be appropriate to use external statements for internal reconciliations, which should instead rely on internal books and records on what funds the firm is holding for clients.
Adjustments to reconciliations need careful documentation on why they have been done and why they are appropriate. The people undertaking reconciliation on a day-to-day basis must really understand these adjustments, why they are needed and how they fit in with the wider safeguarding picture. They’re more likely to apply them consistently and appropriately as a result.
Robust governance
Good governance underpins effective safeguarding. Ensuring that the governing body has a sound knowledge base regarding safeguarding requirements and risks is fundamental. Depending on the size and structure of the firm, it can be useful to have a safeguarding committee with a reporting line to the governing body. We regularly assess whether governance and oversight arrangements are adequate, and often find more detail is needed on how issues are escalated, responded to and ultimately resolved.
Safeguarding policies should cover all the key aspects of the safeguarding requirements, including the procedure for the identification and escalation of issues. They should also be detailed enough for somebody that is unfamiliar with the business, such as an insolvency practitioner in a wind-down scenario, to understand the processes that the firm runs.
Looking ahead
The FCA has indicated that it will produce a consultation paper proposing changes to safeguarding requirements and guidance. The aim will be to better align safeguarding requirements with CASS requirements, which will hopefully provide some of the detail that firms have been asking for.
Achieving safeguarding success demands a thorough understanding of the regulatory landscape, robust internal controls, and a strong governance framework. As the regulatory environment continues to evolve, staying updated and ensuring compliance with emerging guidelines will be instrumental in navigating the path to safeguarding success.
First published on Thomson Reuters Regulatory Intelligence in December 2023.
Get in touch
Send a message:
