Blogs

Safeguarding 101: Everything payments & e-money firms need to know

Posted: 26/09/2022 | Updated: 14/12/2023 | Read time: 5 minutes

 

Where the use of e-money and digital payments has increased, regulatory changes have quickly followed.

In July 2020, the Financial Conduct Authority (FCA) published temporary guidance on safeguarding and prudential risk to offset the pandemic-induced disruption. It made it permanent in November 2022.

The regulator then issued a Dear CEO letter in May 2021. The letter emphasised the importance of communicating with customers about ‘how their money is protected through safeguarding’.

Since then, the FCA and Bank of England have kept a close eye on the payments sector, with firms facing increasing scrutiny. So, you must keep on top of requirements.

But there’s one major challenge. Unlike CASS, safeguarding is not prescriptive. I.e. the FCA does not specify how organisations should implement requirements.

So, we’ve put together an essential guide to clarify safeguarding:

 

What is safeguarding?

True to its name, safeguarding means taking steps to protect client assets.

Safeguarding measures were first introduced in 2011 with the launch of the Electronic Money Regulation 20. This was updated in 2017 with the Payment Services Regulation 23.

The FCA requires authorised payment institutions (PIs) and electronic money institutions (EMIs) to take action to protect customer funds as soon as they are received.

Unlike commercial banking, e-money is not state-backed, so protecting clients from unnecessary risk is critical. It also minimises risk to the payments industry as a whole.

 

What are the latest updates to safeguarding regulations?

In February 2023, the FCA outlined a consultation on strengthening safeguarding requirements in its sixth edition of the Financial Services Regulatory Initiatives Grid, published in February. If the plans get the green light, the regulator will use increased rule-making powers as part of the Future Regulatory Framework Review.

Set to be published in H1, final rules and feedback are due in early 2024.

The FCA also issued a Dear CEO letter on 16 March, raising concerns over the lack of “sufficiently robust controls” for safeguarding payments. This, it says, is causing firms to “present an unacceptable risk of harm to their customers and financial system integrity.”

 

Want to know how to meet the FCA’s Dear CEO requirements? Head to this blog.

 

How will safeguarding rules change in the future?

New safeguarding regulations will become  “more detailed and rules-based, like the CASS approach.” That’s according to Natalie Zorzella, Payments Policy Manager at the FCA, speaking on our webinar, held in partnership with the Payments Association.

“The CASS approach is not that different to what payment services firms experience now,” she said. “If you look at the guidance we’ve issued – on what good safeguarding practices under the current regime look like – a lot of that is heavily drawn from our experience and our learning on CASS.”

Natalie also said implementing a statutory trust will be a key feature of the safeguarding rules. This is because the statutory insolvency protection under the current Payments Service Regulation (PSR) will soon end.

“So we need to ensure we can replace that insolvency protection under our own rules and have a bit more prescription,” she added.

 

The FCA’s recommendations for safeguarding

  • Maintain records that demonstrate compliance with the requirements. Every decision they make regarding safeguarding processes must be recorded; systems and controls must be documented
  • Appoint an appropriate individual to oversee procedures
  • Exercise due skill, care and diligence in selecting, appointing and periodically reviewing credit institutions, custodians and insurers
  • Keep records of any relevant segregated funds, relevant funds placed in an account with an authorised credit institution and assets placed in a custody account
  • Keep records that distinguish what relevant funds and assets are held for each client and that distinguish these funds from their own
  • Be able to explain transactions concerning relevant funds and assets

 

What to expect from a safeguarding audit

The FCA expects payments and e-money institutions to undergo an annual safeguarding audit. It involves a full review of policies and procedures to assess good existing practices and areas of risk.

Interviews will examine how far this guidance is embedded within an organisation’s practices, values and culture.

 

How to prepare for a safeguarding audit

  • Stay on top regulations and make changes when required. Include them in safeguarding proposals
  • Ensure every measure is taken to identify relevant funds
  • Communicate clearly with partners, regulators and internal staff
  • Modernise reconciliations procedures – it’s the glue that holds safeguarding together

 

For a more detailed guide on preparing for audits, check out our dedicated blog: How to prepare for safeguarding audits: A guide for payments firms.

 

What reconciliations do you need to perform?

The FCA requires payments organisations to conduct both external and internal reconciliations:

  • External reconciliations – this uses the total actual balance held in safeguarding accounts, including non-relevant funds in the form of fees accrued
  • Internal reconciliations – this is done by comparing the aggregate funds owed to clients with the aggregate funds it believes it holds in its safeguarding account

Both reconciliations should be completed as often as necessary and as soon as possible. To assess frequency, firms should consider business risks it is exposed to.

Any discrepancies – and reasons for differences – must be promptly identified and corrected. This will involve paying the shortfall or withdrawing excess unless discrepancies can be attributed to timing differences.

Where differences cannot be quickly resolved, firms should assume greater amounts to cover a payment or withdrawal.

 

Why are reconciliations important for safeguarding?

Reconciliations are mandatory – and for good reason. They enable firms to check the accuracy of records by comparing internal customer balances with their record of customer funds held in the safeguarding account.

As safeguarding regulations change and evaluations become more rigorous, meeting requirements will become an increasingly important part of a firm’s back-office operations. Any existing cracks in DIY or ill-suited reconciliation systems will be under even greater pressure.

Reconciliations are the backbone of the safeguarding process. We’d recommend using a competent automated solution, such as AutoRek’s dedicated solution for EMI, PIs and credit unions. Streamlining the reconciliations process, including any FX transaction involved, it will ensure accurate, efficient reporting.

 

To learn more about safeguarding, download our whitepaper: Safeguarding for payments & e-money institutions.

Are you thinking about automating key safeguarding processes? Head to our dedicated safeguarding page.

 

Editor’s note: This post was originally published on 26 September, 2023 and has been updated for accuracy.