Posted: 02/06/2023 | Read time: 4 minutes
AutoRek’s Nick Botha discusses how the FCA is taking payments safeguarding very seriously and firms should be able to demonstrate robust governance and control frameworks to avoid unwanted consequence.
The Financial Conduct Authority (FCA) issued a Dear CEO letter on 16 March to payments and e-money organisations. The regulator raised concern over the lack of “sufficiently robust controls” for safeguarding payments, which is causing firms to “present an unacceptable risk of harm to their customers and to financial system integrity”.
The regulator also outlined a consultation on strengthening safeguarding requirements in its sixth edition of the Financial Services Regulatory Initiatives Grid, published in February. This would use its increased rule-making powers as part of the Future Regulatory Framework Review.
Set to be published in H1, final rules and feedback are due in early 2024.
The latest Dear CEO letter and consultation outline show just how seriously the regulator is taking safeguarding. It gives a stark warning to firms that don’t demonstrate robust governance and control frameworks.
To help you meet the FCA’s safeguarding requirements, as outlined in the Dear CEO letter, we’ve put together a short guide. It explains the following:
- What are the FCA’s top 3 safeguarding requirements?
- Best practices: How to meet the safeguarding requirements
- Achieving good governance
- Mitigate third-party risk
- Keep appropriate documentation
- How to meet reconciliation requirements for compliance
What are the FCA’s top 3 safeguarding requirements?
The regulator highlighted three requirements in its letter:
- Ensure customer money is safe – The regulator expects firms to ensure adequate safeguarding arrangements, improve prudential risk management, and maintain detailed wind-down places with appropriate triggers and requirements.
- Ensure operations don’t compromise the broader financial system’s integrity – This requires systems and controls to assess, monitor and manage money laundering risk. It also includes sanctions exposure, risk, and the need to address weaknesses in systems and controls to prevent fraud.
- Meet customer needs through high-quality products and services, competition, innovation and robust implementation of the Consumer Duty rules.
Best practices: How to meet the safeguarding requirements
Meeting the above payments and e-money safeguarding requirements requires a robust approach to safeguarding. This means you should be able to demonstrate the following:
- All relevant funds are identified, including those held on behalf of clients, money received for transactions, fees and charges;
- All client funds are segregated from your funds and held in separate accounts, preventing their use for other purposes;
- Effective systems and controls managing the risks of holding relevant funds are established and maintained; and
- Regular internal and external reconciliations of safeguarding flows are conducted to ensure they’re accurately accounted for.
Achieving good governance
The FCA expects you to maintain records that demonstrate and explain how you comply with every aspect of safeguarding obligations.
This should include a documented rationale for every decision made regarding safeguarding processes and the systems and controls your organisation has in place. In addition, an appropriate individual should have oversight of all regulatory procedures to ensure each aspect of those procedures comply.
Mitigate third-party risk
Your firm should exercise all due diligence in selecting, appointing and periodically reviewing credit institutions, custodians and insurers involved in safeguarding arrangements.
This review should include the following:
- The need to diversify risk;
- The capital and credit risk of the third party;
- The amount of relevant funds or assets placed, guaranteed or insured as a proportion of a third party’s capital and, in the case of credit institutions, deposits; and
- The level of risk in the investment and loan activities undertaken by the third party and its affiliates.
Keep appropriate documentation
You must keep records of any relevant funds segregated, relevant funds placed in an account with an authorised credit institution, and any assets placed in a custody account. It should always be clear what funds have been segregated and via what method.
Records must also distinguish what relevant funds and assets are held from one e-money holder or payment service user from another. They should be easily distinguishable from your own, and you should be able to explain any transactions.
How to meet reconciliation requirements for compliance
Reconciliations are a critical dimension of safeguarding compliance. You must conduct reconciliations between:
- Records and accounts of the entitlement of e-money holders/payments service users; and
- Relevant funds and assets with the records and accounts of amounts safeguarded.
These need to be completed as often as necessary and as soon as reasonable. Records must show and explain the internal reconciliation method and its adequacy.
You must also perform reconciliations between internal accounts and records and those of third parties safeguarding relevant funds or assets. Again, perform this as regularly and as soon as possible to ensure accuracy.
To determine how often you need to perform reconciliations, consider the risks your firm is exposed to. These may relate to your business’s nature, volume and complexity, and where and with whom the relevant funds are held.
This article was first published by The Payments Association.