How can payment and e-money institutions meet regulatory requirements to safeguard consumers’ funds? fscom’s Director Alison Donnelly and Independent Payments Consultant Russell Burke, formerly Payment Authorisation Lead in the Central Bank of Ireland, tackled this key question at a webinar hosted by the Association of Compliance Professionals in Ireland (ACOI) last week.
How should payment and e-money institutions in Ireland safeguard customers’ funds?
It’s a condition of authorisation as a payment or e-money institution that firms have in place adequate mechanisms to protect consumer funds through safeguarding. This means doing one of two things to protect the funds that consumers give the firm for payment or e-money services:
- Segregating them from all other funds and either depositing them in a safeguarded account with an EEA-authorised credit institution or investing them in secure, low-risk assets.
- Protecting them with an insurance policy or guarantee.
The rules around safeguarding in Ireland flow from the EU’s Payment Services Directives and Electronic Money Directives. They apply to non-bank payment service providers to give customers confidence that their funds are protected when using this type of firm. This has a wide application because a range of different firms have recently been set up in Ireland’s expanding payment and e-money sector.
The Central Bank announced through its Consumer Protection Outlook last year that it will have a special focus on the sector’s compliance with safeguarding.
Six steps to effective safeguarding
The Central Bank will expect payment and e-money institutions to incorporate the following six best practices.
- Maintain documents outlining well-formed and comprehensive policies and procedures around safeguarding.
- Perform a thorough risk assessment of the various aspects of safeguarding, including the choice of safeguarding method and safeguarding partner (for example, the credit-worthiness of the EEA-authorised credit institution).
- Undertake a proper reconciliation daily, which is signed, dated, and recorded in hard copy.
- Take prompt action to record and fix any differences found in reconciliations using the institution’s own funds.
- Senior management must take an interest in and understand the processes and risks involved in safeguarding, and be able to challenge those presenting new data, policies or frameworks which may not comply.
- Name safeguarding accounts accurately and clearly to identify that they hold customers’ funds.
The costs of ineffective safeguarding
These six steps may sound simple enough but ignoring them can – and does – inflict significant legal, financial, reputational, and strategic damage on financial institutions. In recent years, two national regulators have applied intensive scrutiny around safeguarding which led to enforcement action being taken against five firms:
- The Bank of Lithuania fined four e-money institutions for safeguarding failures in 2019. These firms had used a chain of payment institutions rather than registered banks to move customers’ funds around. While this offered them lower costs and a more effective service, the Bank ruled that the funds were not held with an appropriate credit institution or bank.
- The UK’s Financial Conduct Authority has taken enforcement action against one firm to date and issued further warnings on safeguarding. This risk was heightened after multiple financial institutions became insolvent in 2019, raising questions over the safety of apparently safeguarded customer funds.
In summary, payment and e-money institutions should ensure they understand their obligations around safeguarding. Equally importantly, they must put in place a plan to mitigate risks, secure customer funds, and meet ever-expanding regulatory requirements.