Earlier this month the FCA sent a Dear CEO letter to Authorised Payment Institutions (APIs) and e-money institutions (EMIs). This requires immediate action. Firms must review their safeguarding arrangements for customer funds to make sure they are fully compliant and attest to that fact to the FCA by 31 July 2019.
The requirement comes out of an FCA review that found there was insufficient oversight of arrangements for managing risks to customer funds. The FCA considers the risk of customer harm is especially high because the Financial Services Compensation Scheme does not cover this money in the event of a firm’s insolvency.
The safeguarding requirements under the Payment Services Regulations (PSRs) place responsibility on APIs to have appropriate organisational arrangements to the protect their customers’ money. The Electronic Money Regulations (EMRs) place a similar obligation on EMIs. Compliance is a prerequisite for FCA authorisation.
Generally, for APIs “safeguarded funds” are monies received in respect of a customer for a payment transaction, including from a payment service provider. As regards EMIs, these are funds, which have been received in exchange for e-money that has been issued, but which can also include funds received in relation to unrelated payment services.
There are two ways in which firms may safeguard relevant funds. The segregation method and the insurance or comparable guarantee method. The insurance method involves taking out an insurance policy with an authorised insurer, or in the case of a comparable guarantee, this must be issued by a bank or insurer and constitute a primary liability to pay a sum equal to the funds held in the case of the firm’s insolvency.
The segregation method is used by most firms and requires them to keep separate (on receipt) such money from all other funds they hold and, if still held at the end of the business day following the day of receipt, to deposit them in secure, liquid funds in a separate account with a bank or the Bank of England.
The FCA’s review found the following common significant shortcomings:
- a poor understanding of which funds are relevant and should be segregated;
- delays in segregating funds following receipt;
- failures to check that the correct amounts are segregated frequently enough through reconciliation processes; and
- firms with networks of agents or distributors without adequate controls to ensure that relevant funds were segregated on receipt.
There was also insufficient oversight of arrangements for managing risks to customer funds. The FCA examples include a lack of detail and rationale in policy documentation and a lack of effective and regular monitoring and review of safeguarding. Firms that had rapidly evolving businesses and operating models were particularly susceptible to these failings.
In addition to reviewing safeguarding arrangements, firms should record their rationale. The FCA will expect there to be a mapping exercise of products or services to determine whether monies held are relevant funds and, if additional safeguarding arrangements are needed. If failings are found these must be remedied promptly and, moreover, should the review identify non-compliance in any material respect with the requirements in the EMRs or the PSRs, the FCA must be notified in writing without delay.
The FCA warn that they will carry out more work on firms’ safeguarding arrangements, and expect to see that firms have acted on the Dear CEO letter to review and, if necessary, remediate their safeguarding arrangements. In the event that issues were identified with safeguarding requirements post-attestation, the senior manager concerned would need to demonstrate that they had a reasonable basis for confirming compliance. Failure to do so will likely result in disciplinary action by the regulator.