In Summer 2019, the FCA Issued A Dear CEO Letter To All Payment Companies Regarding Their Safeguarding Accounts and Their Management of Them.
Nearly 18 months on, have you changed your safeguarding methods?
As A Reminder, The Key Findings Were;
1. How well firms understood which funds are ‘relevant funds’
The FCA‘s review found that some firms were completely unable to explain which payment services they were providing and some were unable to identify when they were issuing e-money, whilst some others were unclear as to whether they were acting as agent or distributor for another PSP. This meant they could not accurately identify relevant funds, and as such, they did not know if or whether they were safeguarding the correct amount of relevant funds.
2. Effectiveness of firms’ safeguarding procedures and documentation
The FCA expects firms to maintain sufficient records to demonstrate compliance with their safeguarding obligations, and to have a documented rationale for every decision they make about their safeguarding process and the systems and controls they have in place.
The FCA found some firms relied on operational process documents which simply outlined the rules. The FCA considers that this does not sufficiently demonstrate a firm’s compliance with safeguarding obligations or record keeping requirements.
3. How well firms met the FCA‘s expectations on segregating funds
The obligation on firms to safeguard starts as soon as they receive relevant funds. The FCA expects firms to segregate relevant funds by receiving them into a separate account. Where, for customer convenience, any other funds are paid into the account, they should be removed as frequently as practicable throughout the day. In no circumstances should such funds be kept together overnight.
The FCA found that not all firms complied with these requirements, and in particular, some did not attempt to segregate relevant funds on receipt.
4. How effectively agents and distributors were overseen
Firms should have arrangements in place to ensure that relevant funds held by agents or distributors are safeguarded as soon as they are received.
The FCA found that some firms did not take any measures to ensure that they were segregated on receipt. Other firms calculated their safeguarding obligation at the end of the business day on which e-money was issued and transferred funds into a safeguarding account the next business day. This meant that relevant funds were combined with other non-relevant funds overnight.
5. Designating safeguarding accounts
Accounts in which relevant funds or assets are placed must be designated in a way that shows it is a safeguarding account. If this is not possible, the FCA expects e-money and payment institutions to provide evidence (such as a letter) confirming the appropriate designation.
The FCA found the account designations were not clear for several firms. Instead, the accounts were named according to their operational function or after the relevant agent or distributor.
6. How effectively firms carried out reconciliations
Firms must carry out internal and external reconciliations as often as necessary, considering the risks to which the business is exposed, and should have a clear explanation for their approach to reconciliations (which must be signed off by their board of directors).
The FCA highlights that in no circumstances would it be acceptable for a firm to carry reconciliation less than once during each business day.
The reconciliation should result in the amount of funds or assets safeguarded being:
- sufficient to cover the amount that the institution would need to safeguard before the next reconciliation; and
- not excessive – to minimise risks from commingling.
The FCA found that several firms did not carry out internal and external reconciliations, or did so infrequently, or did not adjust the balance of their safeguarded accounts in a timely way when they identified discrepancies. This resulted in the commingling of funds overnight.
7. The effectiveness of firms’ governance and oversight arrangements
Firms must have in place effective risk management procedures, adequate internal control mechanisms and maintain relevant records. Firms should monitor these procedures through robust governance arrangements. In addition, organisational arrangements must be sufficient to minimise the risk of the loss or diminution of relevant funds or assets through fraud, misuse, negligence or poor administration.
The FCA found some firms considered safeguarding risk only on an exceptions basis and would only revisit their processes if they identified a breach. In some cases, the FCA found controls to identify a safeguarding breach were not fit for purpose. This meant these firms did not adequately consider safeguarding when developing new products, leading to inadequate safeguarding processes.
Dear CEO Letter and FCA attestation
The FCA published a Dear CEO Letter on 4th July 2019 requiring all electronic money institutions and authorised payment institutions to review their safeguarding arrangements, to make sure they fully meet the requirements in the EMRs and PSRs (as applicable).
The FCA has asked firms to:
- attest to the FCA that they are satisfied that they meet the requirements in regulation 23 of the PSRs or regulation 20 of the EMRs by 31st July 2019. Firms that are un-able to attest by this date should contact the FCA to discuss next steps; or
- notify the FCA immediately if they are non-compliant in any material respect and take prompt remedial action.
The FCA will be conducting further work on firms’ safeguarding arrangements, and expects to see that firms have acted to review, and where necessary, remediate their processes. The FCA has said it will take appropriate action against firms with inadequate safeguarding arrangements.
If you have any concerns about your procedures or want them independently checked, call us today on 0207 097 1434
Original text from https://gowlingwlg.com/
Safeguarding Accounts, Safeguarding Your Accounts
Payment Initiation Services, Payment Intermediary Services, Payment Services Companies, Payment Services Explained, Payment Services Ii Directive, Payment Services Regulations 2017 Guidance, Payment Services Regulations 2019, Payment Services Regulations 2019 Uk