The FCA states in the Consultation and in a related press release, that in line with the FCA’s 2020/2021 Business Plan, the payments sector is a priority area for the FCA and the Consultation is part of ongoing work to ensure that Payment Firms are adequately protecting customers’ funds. The FCA notes that although the sector is developing and growing rapidly, some Payment Firms are unprofitable in the early stages and many also rely on investor funds to remain solvent in the short-term. Some Payment Firms may also be facing decreased revenues because of coronavirus and it could be impacting their ability to operate effectively, as well as their growth plans.
The Proposed Guidance aims to provide additional clarity and to help Payment Firms:
- Strengthen prudential risk management;
- Enhance safeguarding requirements; and
- Put in place more robust plans for winding down.
The FCA has proposed the four questions below and seeks comments on these by Friday 5th June. The final temporary guidance will be published at the end of June.
- Do you agree that we should provide additional guidance on safeguarding, managing prudential risk, and wind-down plans? If not, please explain why.
- Do you agree with our proposed guidance on safeguarding? If not, please explain why.
- Do you agree with our proposed guidance on managing prudential risk? If not, please explain why.
- Do you agree with our proposed guidance on wind-down plans? If not, please explain why.
Proposals for all Payment Firms subject to safeguarding requirements
Keeping records and accounts and making reconciliations
Payment Firms that are Authorised Payment Institutions are required to safeguard ‘relevant funds’. For these purposes ‘relevant funds’ are (i) sums received from, or for the benefit of, a payment service user for the execution of a payment transaction, and (ii) sums received from a payment service provider for the execution of a payment transaction on behalf of a payment service user. For EMIs there is a similar safeguarding obligation, however ‘relevant funds’ in this instance means funds that have been received in exchange for e-money that has been issued .
The FCA’s current guidance under paragraph 10.59 of the FCA payment services approach document (the “Approach Document”), explains that Payment Firms subject to the safeguarding requirements should keep sufficient records and accounts to enable them to identify what relevant funds they hold at any time and without delay. The records should enable them and any third party to distinguish (i) relevant funds from their own money, and (ii) relevant funds held for one customer against those held for another. In addressing the potential for discrepancies (e.g. where relevant funds are held in a currency different to that of the payment transaction), reconciliation should be carried out as often as possible, and no less than once per business day. Authorised Payment Institutions are expected to notify the FCA in writing if they are unable to comply with the safeguarding requirements or cannot resolve reconciliation discrepancies.
The FCA has now clarified that:
- It expects relevant firms to clearly document the reconciliation process and provide an accompanying rationale; and
- The examples of non-compliance which the FCA expects to be notified of include:
- Where the firm has not kept up to date records of relevant funds and safeguarding accounts; and
- Where a firm is unable to comply with the safeguarding obligations due to the decision by a safeguarding credit institution to close a safeguarding account.
Safeguarding accounts and acknowledgement letters
The FCA currently expects the safeguarding account in which the relevant funds or equivalent assets are held, to be named in a way that shows it is a safeguarding account (rather than an account used to hold money belonging to the Payment Firm). Only the Payment Firm may have an interest in, or right over, the relevant funds or assets in a safeguarding account (except as provided under regulation 21 of the Electronic Money Regulations 2011 (“EMRs”) or regulation 23 of the Payment Services Regulations 2017 (“PSRs”)). Payment Firms should have an explicit acknowledgement from the safeguarding credit institution or custodian, stating that the credit institution or custodian has no interest in, recourse against, or right over the relevant funds or assets in the safeguarding account.
The FCA has now further clarified that:
- In the FCA’s view, e-money holders and payment service users implicitly have a beneficial interest in the funds in any safeguarding account.
- The safeguarding account name should include the word ‘safeguarding’ or ‘client’. If this is not possible, a letter from the relevant credit institution or custodian must confirm the appropriate designation.
- Payment Firms should ask safeguarding credit institutions or custodians to sign an acknowledgement letter, stating that they hold all relevant funds or assets in the safeguarding account as trustee, in the form set out by the FCA. If this is not possible then Payment Firms should be able to demonstrate that the credit institution or custodian has no such interest in, recourse against, or right over the relevant funds or assets in the safeguarding account.
The FCA also reiterates that only relevant funds should be kept in the safeguarding account as the mixing of funds may cause delays in returning funds to e-money holders or payment services users if the Payment Firm becomes insolvent.
Selecting, appointing and reviewing third parties
Payment Firms are required to exercise due skill, care and diligence when appointing and periodically reviewing credit institutions, custodians and insurers.
The FCA now clarifies that Payment Firms subject to the safeguarding requirements should carry out such reviews as often as appropriate, and whenever they believe that anything affecting an appointment has materially changed (such as a credit downgrade) and in any event, at least once per year.
The FCA notes that in some cases, Payment Firms may not be able to identify the customer entitled to the funds that it has received, and so cannot issue e-money, or provide a payment service accordingly. This could happen where for example; funds are received with an incorrect unique identifier (e.g. account name/number).
The FCA has now clarified that:
- Unidentified funds are not relevant funds, but they should still be protected according to Principle 10 of the Principles for Businesses, which requires a firm [to] arrange adequate protection for clients' assets when it is responsible for them;
- Such unidentified funds should be placed in a separate account and the Payment Firm should try to identify the customer to whom the funds relate to;
- Once the Payment Firm has identified the customer, it should either return the funds to the customer or, if it is to provide the payment service or issue the e-money as originally intended, it should treat the funds as relevant funds and safeguard them accordingly; and
- If an EMI issues e-money on low value pre-paid gift cards (subject to the limited network exemption), the funds received from customers should be considered relevant funds even if the identity of the ultimate card holder is not known.
Disclosing information on treatment of funds on insolvency to customers
Payment Firms are already required to disclose specific information to customers on the treatment of funds in the event of insolvency. The FCA has now stated that Payment Firms must be careful to avoid giving customers misleading impressions about how much protection they will get from safeguarding requirements, both in respect of the services to which safeguarding apply or by any suggestion that the claims of customers would be paid in priority to the costs of distributing the safeguarded funds. Additionally, Payment Firms should avoid suggesting that funds are protected by the Financial Services Compensation Scheme where this is not the case.
Proposals for Authorised Payment Institutions and EMIs
Annual audit of compliance with safeguarding requirements
Under the current requirements, an auditor is required to notify the FCA if it has become aware, in its capacity as auditor, of a breach of any requirements imposed under the PSRs or EMRs that is of material significance. This would include for example a breach of safeguarding or organisational arrangements. The FCA must also be satisfied that Authorised Payment Institutions and EMIs have robust governance arrangements in line with their conditions for authorisation.
The FCA has now clarified that in order for it to be satisfied with a Payment Firm’s arrangements:
- Payment Firms which are required to be audited, should arrange specific annual audits of their compliance with the safeguarding requirements under the PSRs/EMRs;
- These Payment Firms must also arrange audits of their compliance with safeguarding arrangements whenever there are any changes to their business model which would materially affect their safeguarding arrangements. Examples of these changes include an EMI providing payment services unrelated to issuing e-money, or using insurance as a method of safeguarding instead of, or in addition to, account segregation.
- Payment Firms should exercise due skill, care and diligence in selecting and appointing auditors for such purposes. They should take account of whether their proposed auditor has sufficient skills, resources and expertise in auditing compliance with the safeguarding requirements under the PSRs/EMRs, taking into account the nature and scale of the business.
Proposals for small Payment Institutions and small EMIs only
As set out in CP18/21, the FCA stated that it was not proposing to extend the safeguarding requirements to small payment institutions (“SPIs”), but rather SPIs were required to consider what protections were adequate for the business they were conducting.
The FCA has now stated that SPIs should keep a record of funds received from customers and any accounts into which those funds are paid. SPIs can choose to opt into the safeguarding requirements in the PSRs if they wish to do so, and the FCA encourages SPIs to consider safeguarding their customers’ money voluntarily. Where SPIs do voluntarily opt-in to the safeguarding requirements, they are required to comply with the full range of provisions applicable to Authorised Payment Institutions in respect of safeguarding. This proposal also applies to small EMIs in respect of payment services unrelated to issuing e-money.
Proposals for EMIs only
When the safeguarding obligation starts
Payment Firms must have organisational arrangements to minimise the risk of loss of customer funds through fraud, misuse, negligence or poor administration.
The FCA has now clarified that an EMI should not treat relevant funds it is required to safeguard as being available to meet the commitment it has to a card scheme or another third party to settle payment transactions, before the funds are credited to the EMI’s payment account or otherwise made available to it.
Prudential risk management proposals
Proposals for all Payment Firms subject to the risk management framework
Payment Firms must accurately calculate their capital requirements and resources on an ongoing basis, and report these correctly to the FCA. Senior management should also ensure that capital resources are reviewed regularly.
To reduce exposure to intra-group risk, the FCA has clarified that it is best practice for Payment Firms to deduct any assets representing intra-group receivables from their own funds. Where legally enforceable netting arrangements are in place, a Payment Firm may deduct only the net receivable amount. Any deduction of intra-group balances from a Payment Firm’s own funds requirements should be reflected in the reporting of its regulatory capital position to the FCA, including the deducted amount in the Capital resources section field “Deductions from CET1 items” in the FSA056 or FIN060a return (as applicable).
Liquidity and capital stress testing
The FCA has confirmed that Payment Firms should carry out liquidity and capital stress testing to analyse their exposure to severe business disruptions, and assess their potential impact, using internal and/or external data and scenario analysis. Payment Firms should use the results of this testing to ensure that they can continue to meet their authorisation conditions and own funds requirements, and also make decisions about their liquidity and capital resources, as well as identifying any changes and improvements that are required to their systems and controls.
Risk management arrangements
Firms are expected to consider their own liquid resources and available funding, to meet liabilities as they fall due, and whether credit lines are required to manage any exposure. The FCA has clarified that it is best practice not to include uncommitted intra-group liquidity facilities in such assessments.
Wind down plans
In satisfying the FCA that a Payment Firm has effective procedures to manage any risks to which they might be exposed, the FCA has proposed that a Payment Firm must now also have a “wind down plan” to manage liquidity and resolution risks. The wind down plan should consider a solvent and an insolvent scenario and should address at least the following:
- Funding to cover the solvent wind-down of the Payment Firm, including the return of all customer funds;
- Realistic triggers to start a solvent wind-down;
- The need for any counterparties (i.e. merchants) to find alternative providers;
- Realistic triggers to seek advice on entering an insolvency process; and
- Information which would help an administrator or liquidator to quickly identify customer funds and return them as a priority.
Proposals for Authorised Payment Institutions and EMIs
Governance and controls
The FCA has clarified that Authorised Payment Institutions and EMIs must have robust governance arrangements, effective procedures and adequate internal control mechanisms, with senior management regularly reviewing such systems and controls and ensuring that governance functions and arrangements reflect the firm’s business model, growth and associated risks.
Process and next steps
Comments on the Consultation are sought by Friday 5th June and can be made to the following e-mail address: CPSafeguarding@fca.org.uk
Following the Consultation, the FCA will publish a letter to CEOs of Payment Firms, including the guidance as amended given the consultation responses.
The FCA will conduct a full consultation later in the year on changes to the Approach Document, which is likely to include a proposal to incorporate in the Approach Document the Proposed Guidance (subject to any amendments that are made in response to feedback). The final temporary guidance will remain in place until the Approach Document is updated following the full consultation later in the year.
The FCA’s approach has likely been influenced by the fact that a number of Payment Firms entered insolvency processes in the latter part of 2019, combined with the concerns that were raised as part of its review of safeguarding arrangements carried out at the start of 2019. The additional pressures raised by the current situation appear to have pushed the FCA to act to strengthen its rules relating to safeguarding and risk management so as to best protect customers from financial difficulties that may arise during the current crisis.
The FCA’s Proposed Guidance clearly emphasises the FCA’s focus on Payment Firms and ensuring that they remain stable amidst the Covid-19 Pandemic and also in the long term. The Proposed Guidance aims to ensure greater regulatory compliance and provide further protection for consumers and their funds. We note that some of the proposals seek merely to highlight requirements that were already in place, but these shine light on the key concerns and areas of focus for the FCA, which Payment Firms should pay particular attention to. Payment Firms will need to analyse and review the Proposed Guidance, and the final temporary guidance once it is released, as well as their current safeguarding systems and controls, with a detailed eye to be alive to the changes that they will need to implement in their businesses in order to maintain regulatory compliance.
CMS has industry leading experts that can help you manage your business response to the Covid-19 pandemic and advise on how to comply with your regulatory obligations given the pressures caused by this crisis. We also have a specialist team who advise on all aspects of regulation impacting Payment Firms and can advise on any questions with respect to your current and future regulatory obligations.
Co-authored by Niresh Sri Rajkumar
This article was first published in Thomson Reuters on 1 June 2020.