Blog

Author - Lorraine Mouat, Head of Payment Services 

Background

On March 16, 2023, the Financial Conduct Authority (FCA) published a Dear CEO letter sending a very strong message to payment services and e-money firms, addressing what it sees as the key priorities. The letter highlighted the FCA's expectations for firms to focus on the protection of consumers, competition, and innovation in the payment services industry. 

What do you need to do?

If you are a payment services firm, you need to sit up and take notice! Now is not the time to be complacent. Considering our recent experience and exposure to the FCA, this recent communication from the regulator is no big surprise. The payments sector is one of the fastest growing and most rapidly evolving sectors in the financial services industry. With the rise of new payment technologies and the increasing popularity of digital payments, the sector has become more complex and competitive than ever before. As a result, there is a range of emerging risks and challenges that firms in the sector must address, including cybersecurity threats, financial crime, and the need to ensure that consumers are treated fairly and transparently. By focusing on the payments and e-money sector, the FCA is demonstrating its commitment to protecting consumers, promoting competition, and supporting innovation in this critical area of the financial services industry.

Consumer Protection

The FCA emphasises the importance of consumer protection in payment services. Prioritising the fair treatment of consumers is paramount. You should therefore take time to consider the transparency of your fees and charges and the adequacy of your security measures, and ensure customer communications are clear, exactly what the new Consumer Duty rules aim to address.  There is also a need for your firm to address the risks associated with emerging payment technologies, such as mobile payments and digital wallets, to ensure that consumers are protected. Too often, the risk management, and systems and controls payment services firms had in place at the outset are no longer fit for purpose and have failed to keep pace with the firm’s growth and technical development. When was the last time you conducted a review of your compliance landscape? Are your directive, preventative and detective mitigating controls still relevant, and would your governance, monitoring and oversight arrangements stand up to FCA scrutiny?  

Competition

The FCA also highlighted the importance of competition in the payment services industry. Firms should now therefore be focusing on how they can promote competition in the industry by providing consumers with choice and access to a variety of payment services. Firms are expected to collaborate with each other and with other stakeholders to promote competition in the industry. Can your firm evidence variety, collaboration, pricing structures and other innovative ways to promote competition? How do you assess, monitor, and evidence this? These are things you will now need to consider if you’re going to stay out of the regulatory spotlight.

Innovation

Emphasis has also been placed on the importance of innovation, with firms being encouraged to develop new and innovative payment products and services that meet the evolving needs of consumers. The FCA also highlighted the importance of innovation in addressing emerging risks in the industry, such as cyber threats and financial crime. Are you aware of the needs of your target market and how up to date and appropriate is your financial crime risk management framework? We see many issues with firms’ risk management arrangements, with ineffective risk identification, unclear risk assessment methodology and measures, and a lack of appropriate mitigating controls. This is certainly one area that we know will attract the attention of the regulator and could put your business and your customers at risk. 

Governance

The FCA has identified significant issues with firms’ governance, oversight and leadership, including a lack of appropriately knowledgeable and experienced personnel to provide payments services and issue e-money. This includes key functions such as the Money Laundering Reporting Officer and other compliance staff, governance arrangements, risk procedures and controls that are not comprehensive and proportionate to the nature scale and complexity of the business. The FCA also found a lack of appropriate Board oversight arrangements in some firms, as well as inadequate meaningful due diligence before onboarding agents and distributors, as well as a lack of ongoing monitoring. The appropriateness of a firm’s governance arrangements has always been a priority for the FCA, at the point of authorisation and beyond. Having the right people, with the right skills, in the right roles, and a robust oversight and monitoring framework is an essential element of any good governance. The spotlight is well and truly on these key roles, so firms need to take stock.

Operational Resilience

The FCA letter emphasises the importance of compliance with the Operational Resilience requirements and firms’ monitoring of their dependency on providers of critical services, including technology and banking services, and the need for them to have appropriate contingency plans to move providers if necessary. Having the ability to prepare for, respond, and recover from critical incidents is paramount. Business continuity is now no longer enough. If your firm hasn’t already started the process of mapping your important business services and setting tolerance levels, you should make this your priority. The deadline of March 2022 has passed, but there is still time to get things moving.

Wind-Down Planning

The FCA noted that many firms have not yet created wind-down plans and that the plans reviewed frequently fail to meet the FCA’s expectations. Common issues identified include plans which appear over-optimistic about the time it would take to wind down, insufficient detail about the steps for winding down to make the plan practical and usable in reality, a lack of consideration of appropriate triggers for winding-down and a lack of adequate analysis of the costs and cash requirements for winding down. We often see wind down plans that have failed to keep pace with the firm’s growth or are not realistic enough to be a useful control in the event of a wind down situation. Inappropriate triggers and lack of detail on how the plan will be activated are all areas for concern.

How can we help you?

Payment service firms need to act now! Immediate action is needed in response to the FCA’s expectations and to avoid regulatory scrutiny and business impact. Firms that act now are more likely to succeed in the long run. It is essential that your firm acts swiftly and decisively to ensure compliance with regulatory requirements and to ensure you can meet consumer needs in a highly competitive market.

We are here to support. Whether it is a review of your policies and procedures, risk management and compliance framework or helping you prepare for the implementation of the Consumer Duty or Operational Resilience, which should help your firm address a number of the FCA’s priorities.

Contact our specialist team now to schedule a free consultation.  Get in touch with us by calling 0207 436 0630 or sending an email to info@thistleinitiatives.co.uk.