The FCA has, yesterday, published temporary guidance for payment and e-money institutions on how to safeguard and manage their prudential risks. The guidance was consulted on in May for an initial period of two weeks, which was then extended by a further week, and largely remains the same with a few significant changes.
As with the Dear CEO letter last year, payment and e-money institutions must assess what changes they will have to make in light of the new temporary guidance. This blog highlights some of the high impact changes that may have to be made.
The acknowledgement letter
Let’s start with the most controversial aspect, the bank letter. In the consultation, the FCA had appended a template letter that firms were to be expected to send to their safeguarding provider for signature. The purpose of the letter is to confirm, in case the payment or e-money institution hasn’t already, that the bank knows the purpose of the account and the associated obligations. The use of the language of trusts, in the letter, when referring to the payment or e-money institution’s relationship with relevant funds was subject to much criticism from trade associations. The FCA has confirm that they think “payments and e-money firms act as trustees of their customers’ safeguarded funds” but have stated that their template letter is an example, rather than a mandatory template.
Choice of partner
While considering their safeguarding provider, the payment or e-money institution should review whether their partner is sufficiently credit-worthy and trustworthy to protect their customers’ funds. It’s expected that this review is undertaken at least annually and following any change that might impact the assessment. It may seem like a meaningless exercise when alternative options are so hard to come by but the boards and senior management of payment and e-money institutions must be alert to the risks and consider their options.
Reconciliations
The FCA has clarified their expectation that in addition to their expectation that internal and external reconciliations are undertaken at least once every business day, the procedure should be documented. Payment and e-money institutions should also document their rationale for their choice as to the number of times they reconcile in a day. It’s hoped that the documentation of the procedures and rationale will help those charged with distributing the funds in the event of an insolvency to identify the relevant funds.
The EMI safeguarding ‘grace’ period
The EMRs allow EMIs to safeguard the funds received from customers on receipt (but within five days at the latest). This means that the EMI does not have to hold duplicate funds in their safeguarding account while awaiting settlement from their merchant acquirer. However, the FCA has been compelled to point out that such EMIs shouldn’t use the funds of other customers to settle outgoing payments where customers have redeemed their e-money that has been issued for funds not yet settled by the firm’s merchant acquirer. Instead, the EMIs will have to use their own funds to ensure the safeguarding account does not fall short.
Unallocated funds
The FCA have backtracked significantly on the position on unallocated funds that they outlined in the consultation. Unallocated funds are funds received from unidentified customers, for example customer who provided incorrect reference details when paying the payment or e-money institutions. In the consultation, the FCA had said that unallocated funds should be segregated from both the firm’s own funds and relevant funds and placed in a separate account.
For many firms, this would have entailed additional cost in terms of opening an additional set of accounts with their credit institution specifically for unallocated funds. In the Finalised Guidance the FCA now advise that unallocated funds should be safeguarded, but that pending allocation to a customer, firms should record the funds in their books as unallocated. Many payment and e-money institutions already do this.
Audits and breaches
While many payment and e-money institutions have now added safeguarding audits to their list of regular compliance audits, the FCA is formalising their expectation in the temporary guidance. E-money institutions and any payment institutions subject to the statutory (external) audit requirement should also have their safeguarding arrangements audited. In the finalised guidance, the FCA has clarified that the auditor can either be a financial auditor or an external firm or consultant.
The FCA has also confirmed that they expect to be notified on non-compliance such as not keeping up to date records of relevant funds and safeguarding accounts, or where the safeguarding provider has withdrawn its service and the payment /e-money institution is, therefore, no longer able to comply with the safeguarding obligation.
Prudential risk management
Payment and e-money institutions are expected to undertake stress testing of their financial forecasts, see our advice last year following the FCA’s consultation on new guidance for firms on assessing the adequacy of their financial resources, and they shouldn’t count on any intra-group liquidity that is not committed. For similar reasons, the FCA would prefer payment and e-money institutions to deduct any intra-group receivables from their own funds when calculating if they have sufficient capital resources to meet the regulatory requirement.The FCA notes that the deduction of these receivables is best practice, rather than a regulatory requirement.
This guidance is specifically for payment and e-money institutions but it chimes with the guidance published in June for all solo-regulated firms that are subject to threshold conditions and/or the Principles for Businesses (PRIN).
Wind-down plans
The FCA has also confirmed their expectation that payment and e-money institutions have a wind-down plan. Wind-down planning helps firms identify when they are, firstly, at risk of having to wind-down – so they can take mitigating steps but also preparatory steps in case the mitigating steps don’t work – and, secondly, when winding down becomes inevitable – to reduce the inevitable chaos at such a difficult time. We have been working with firms to develop plans and it’s taking around three to four weeks with expert help. The FCA expects such plans to be available on their request.
The FCA’s approach
As our infographic illustrates, the FCA has repeatedly warned of concerns regarding safeguarding but there has only been one enforcement action taken to date and that was many years ago. We can’t say for sure how proactive the FCA will be in checking up whether payment and e-money institutions have met their expectations this time but the signs are that they will make some effort: the 2020/21 Business Plan said that payment services are an FCA priority for supervision and intervention and they have added to their supervisory capacity a rapid response team of prudential specialists focusing specifically on payment and e-money institutions.
You can view the webinars and blogs we regularly provide on our on-demand webinar page.
This post contains a general summary of advice and is not a complete or definitive statement of the law. Specific advice should be obtained where appropriate.