FCA portfolio strategy letter sent to authorised payment institutions & e-money issuers
July 10, 2020
What has happened?
The FCA has recently issued a Dear CEO portfolio strategy letter to authorised payment institutions (APIs) and e-money issuers (EMIs), explaining how it expects these firms to act to prevent harm to their customers.
In its 2020/21 Business Plan, the FCA announced that the risks to consumers in the payment services sector are a priority requiring its supervisory focus and intervention. In the portfolio strategy letter, it sets out the actions firms must take to prevent harm to customers by ensuring that they are compliant with their regulatory obligations across six key areas.
The FCA has also recently published a feedback statement and finalised guidance following a short consultation. The guidance provides additional direction for firms to meet their safeguarding requirements and outlines the FCA’s expectation of firms to put in place more robust plans for winding down so that customer funds can be returned in a timely manner.
As part of the FCA Coronavirus and Safeguarding customers’ funds guidance which was released on 9 July 2020, it has been stipulated that all API and EMI firms are to carry out an annual audit of the firm’s safeguarding controls, along with clarification on other safeguarding requirements highlighted within the guidance document.
We will be providing an in-depth breakdown of the FCA’s guidance of how a firm can demonstrate its controls in relation to safeguarding.
What do you need to do?
The FCA expects payment firms to consider and discuss these key areas and additional guidance internally and agree on what further action to take to ensure that they meet the requirements. They should also consider the application to them of the FCA’s Principles for Business and the guidance set out in the FCA approach document and where they employ agents, consider the implications for those agents.
The regulator has identified six key areas where non-compliance with obligations harms consumers and in which issues are widespread and many firms may be failing to meet the required standards. These are;
- Safeguarding – APIs and EMIs must have appropriate and well-managed safeguarding arrangements so that, if a firm becomes insolvent, customers’ funds are returned in a timely and orderly way
- Prudential risk management – Firms must ensure they have adequate financial resources. This means meeting own funds requirements at all times, having sufficient regulatory capital to be able to incur losses while remaining solvent or to fail in an orderly way. It also means having a sufficient quantity and quality of liquid assets to be able to pay debts and meet obligations as they fall due
- Financial crime – Firms should be alert to the risk they could be used to facilitate fraud, money laundering, terrorist financing, bribery, corruption and other financial crime and should operate appropriate systems and controls to mitigate these risks and comply with financial crime reporting obligations
- Financial promotions and consumer communications – Firms must review their financial promotions to ensure they are clear, fair and not misleading. Firms should be putting their customers’ interests at the heart of their business, and this includes when they draft, publish and review financial promotions. It is especially important that firms consider the potential harm for consumers should they buy or be sold the wrong products or services due to misleading, unfair or unclear promotions. The FCA will continue to undertake proactive reviews of financial promotions and will contact firms to address any issues that it observes
- Governance and oversight – As a condition of authorisation, the directors and management of APIs and EMIs must possess appropriate knowledge and experience to provide payment services and, for EMIs, issue e-money
- Records management and reporting – APIs and EMIs must maintain records relating to their compliance with the Payment Services Regulations and Electronic Money Regulations. The FCA’s work has highlighted material inaccuracies and omissions in the information that firms provide through regulatory reporting and responses to its requests for information. In most cases, record keeping of regulated processes is inadequate to demonstrate they have been conducted in a manner which meets the requirements
The portfolio strategy letter also covers the FCA’s expectations concerning firms servicing of EEA-based customers following the end of the Brexit transition period.
How can we help you?
If you’d like to know more about how we can help with your payment services governance, oversight and processes, or any other aspect of FCA compliance, our expert team is here to help. Contact us today on 0207 436 0630 – or email email@example.com.