Blog

What is happening?

The FCA is, in February 2021, proposing in its consultation CP21-3 various changes to the Strong Customer Authentication Regulatory Technical Standards (the SCA RTS) to support competition and innovation in the payments and e-money sector.

What do you need to do?

The specific proposals being made involve;

• adding a new exemption from strong customer authentication (SCA) for when customers access their account information through an account information service provider (AISPs),

• mandating the use of dedicated interfaces (such as application programming interfaces (APIs)) by account servicing payment service providers (ASPSPs) to facilitate third-party provider (TPP) access to retail and SME customers’ payment accounts,

• changing the requirements for publishing interface technical specifications, availability of testing facilities, and fallback mechanisms by account providers,

• treating ASPSPs with deemed authorisation under TPR (whether under the Exit SI or EEA Passport Rights (Amendment, etc., and Transitional Provisions) (EU Exit) Regulations 2018) as exempt from the requirement to set up a fallback interface, where the ASPSP has an exemption from its home state competent authority, and

• increasing the single and cumulative transaction thresholds for contactless payments from £45 up to £100 (or potentially a maximum of £120) and from £130 to £200

The FCA’s Approach Document sets out the approach to the PSRs and EMRs, and what the FCA expects from firms that provide payment and e-money services. It is proposing changes to the guidance on SCA in the Approach Document and to amend the safeguarding and prudential risk management guidance. This includes proposing to make permanent the temporary guidance issued in July 2020 in response to the coronavirus pandemic

The proposals to amend the Approach Document relate to four areas. These are:

• the SCA,

• prudential risk management and safeguarding customer funds,

• onshoring changes to reflect changes to the regulations and rules following EU withdrawal and the end of the transition period, and the application of rules and guidance to firms in one of the temporary permission schemes designed to enable EEA EMIs, PIs and RAISPs to continue operating in the UK for a limited time after the end of the transition period, and

• general updates relating to areas such as reporting requirements

A summary of the key sections being made permanent is set out below.

• The FCA clarified in its temporary guidance that firms should have an acknowledgement from their safeguarding credit institution or custodian, in the form of a letter, or have other documentation, to demonstrate that the safeguarding credit institution or custodian has no interest in, recourse against, or right over the relevant funds or assets in the safeguarding account. It should also make clear that the funds in the safeguarding account are held for the benefit of the firm’s customers. An example letter was set out in the annex to the temporary guidance. The FCA also confirmed its view that a firm holds these funds on trust for its customers.

• A firm’s records should enable it and any third party, such as an insolvency practitioner or the FCA, to distinguish relevant funds from the firm’s own money, and relevant funds held for one customer against those held for another. The FCA clarified in its temporary guidance that it expects firms to document their reconciliation process clearly, with accompanying rationale. This will help with the distribution of funds if the firm becomes insolvent.

• The conditions of authorisation for PIs and EMIs require them to satisfy the FCA that they have robust governance arrangements. It was clarified in the temporary guidance that, as part of satisfying the FCA that they have such arrangements, firms that need to arrange audits of their annual accounts under the Companies Act 2006 should arrange specific annual audits of their compliance with the safeguarding requirements under the PSRs/EMRs. The FCA also expects these firms to arrange audits of their compliance with safeguarding arrangements whenever there are any changes to their business model that would materially affect their safeguarding arrangements.

• The FCA expects the auditor to provide an opinion addressed to the firm on whether the firm has maintained organisational arrangements adequate to enable it to meet expectations of its compliance with the safeguarding provisions of the EMRs/PSRs throughout the audit period, and whether the firm met those expectations as at the audit period end date.

• Firms should carry out liquidity and capital stress testing to analyse how exposed they are to severe business disruptions and assess the potential impact, using internal and/or external data and scenario analysis. Firms should use the results of these tests to help make sure they can continue to meet their conditions of authorisation and own funds requirements. In particular, they should help firms assess whether they have adequate liquidity and capital resources, as well as identify any changes and improvements to required systems and controls.

• It is essential that firms accurately calculate their capital requirements and resources on an ongoing basis, and report these correctly in regulatory returns, as well as on request.

• To reduce exposure to intra‑group risk and as part of a firm’s stress testing and risk management procedures, the FCA considers it best practice for firms to deduct any assets representing intra-group receivables from their own funds. This is designed to make sure there is an adequate level of financial resources in each regulated entity at all times to absorb losses. It also reflects that a period of financial stress may affect the ability of other members of a firm’s group to repay the amounts they owe.

• When firms are assessing whether they have adequate resources to cover their liquidity risk, the FCA considers it best practice for firms not to include uncommitted intra-group liquidity facilities. It expects firms to consider their own liquid resources and available funding options to meet their liabilities when they are due, and whether they need access to committed credit lines to manage their exposures. Firms should do this as part of their liquidity risk-management procedures.

• The conditions for being authorised or registered require a firm to satisfy the FCA that it has effective procedures to manage any risks they might be exposed to. The FCA clarified in the temporary guidance that it requires firms to have a wind-down plan to manage their liquidity and resolution risks. The plan should consider the winding down of the firm’s business under different scenarios, including a solvent and insolvent scenario.

• Firms may safeguard customer funds using either the segregation method of safeguarding or the insurance or guarantee methods of safeguarding or a combination of these. Different risks are associated with the insurance and guarantee methods compared with the segregation method. In particular, risk of disputed claims where insurance policy or guarantee terms are not clear, or risk of a policy or guarantee not being renewed, which could be exacerbated if the firm does not have an adequate contingency plan. The FCA issued a letter to firms’ compliance officers in December 2019. In that letter, it provided guidance on risks and controls relating to the insurance method of safeguarding. It proposes to consolidate this guidance in the Approach Document and apply it to the guarantee method of safeguarding.

• The FCA reminded firms in the December 2019 letter that where a firm safeguards customer funds using insurance, it is important that the arrangements will make sure that, as soon as possible after the firm is subject to an insolvency event, the credit balance on the designated account will be the same as if the firm had segregated the funds all along. This means the insurance policy must payout for the full amount of any shortfall regardless of how it comes about.

• The FCA has also clarified that to make sure an institution’s relevant funds remain adequately safeguarded, the amount of the insurance cover should always exceed the amount of the safeguarded funds being protected by the insurance policy, including to allow for any foreseeable variation in the amount of such safeguarded funds, there should be no level below which the policy does not payout, the policy should provide insurance cover for at least as long as the institution is using insurance to protect the safeguarded funds, and institutions should make sure their insurers understand that the circumstances leading to a claim would provide no grounds to dispute their liability to pay it.

How can we help you?

If you’d like to know more about how we can help you with your SCA or safeguarding arrangements, or any other aspect of FCA compliance, our expert team is here to help.

Contact us today on 0207 436 0630 or email info@thistleinitiatives.co.uk.