Technology has transformed the payment services industry in recent years. Online and mobile payments now offer consumers real alternatives. But newer payment services providers (PSPs) have often found the banks’ traditional monopoly tough to break.
The EU recognised this in January 2018 when it introduced its revised Payment Service Directive (PSD2), part of whose purpose was promoting innovation and improving market access for PSPs.
Acknowledging the heightened security risk in the payment services arena created by the ‘growing technical complexity of electronic payments’, PSD2 brought in stricter new requirements around:
The FCA now requires all applicants seeking authorisation as PSPs to provide evidence of robust IT security policies and procedures – and a detailed risk assessment.
The FCA’s recent temporary additional guidance on safeguarding requirements stipulates that all EMIs and those payment services firms that must comply with Companies Act 2006 auditing requirements must undertake, on at least an annual basis, an audit with another independent external firm or consultant who has the appropriate specialist skill in auditing compliance with the safeguarding requirements under the PSRs/EMRs, taking into account the nature and scale of the firm’s business. Our expert payments services team are able to provide the support necessary for firms to comply with these latest requirements.
Our Payment Services team has in-depth knowledge of the regulatory compliance requirements facing PSPs. We apply our experience and expertise to create a service tailor-made to your precise needs.
Among the firms we work with are:
Among the many ways we can help PSPs are:
Applying for authorisation as a payment service provider (PSP) requires submitting a wide array of documentation. This includes a regulatory business plan, a suite of compliance policies and procedures, and an IT security risk assessment. We can provide template documents and work with you to tailor these to your specific circumstances. We can also carry out a gap analysis on your current policies and procedures – and help you address any action points identified.
Our FCA safeguarding audit services help your firm comply with its mandatory requirement to undertake a safeguarding audit. This requirement applies to any authorised payment institutions and e-money firms who are required to audit their annual accounts under the Companies Act 2006.
We anticipate that the regulator will be undertaking continuous and thorough supervisory checks to ensure firms remain compliant with FCA safeguarding requirements. Its 2020/21 business plan specifically identified payment services and e-money firms as among its top priorities, so scrutiny is likely to be intense. Learn more about our safeguarding audit services.
Small payments institutions registration
We can help with your registration as a small payment institution (SPI or small PI) and ensure you’re up to date with your regulatory requirements.
We can provide payment service providers with effective support and guidance on completing and submitting REP018 operational risk reports.
We have extensive experience of auditing firms in the payment services space – whether on compliance issues generally, or specifically in areas such as safeguarding, complaints policies and procedures, or training programmes. In line with EBA and FCA guidance, we can provide services such as an extensive audit of a firm’s safeguarding framework procedures as well as the firms wider compliance requirements.
Financial crime policy and procedures
Working closely with our Financial Crime team can help PSPs update their policies and procedures in line with a risk-based approach, as required by the Money Laundering Regulations 2017.
Limited Network Exclusion (LNE) and Electronic Communication Exclusions (ECE)
We are able to assist firms that are required to report to the FCA under Payment Services Regulations, even where the firm is not FCA regulated. These include the Electronic Communication Exclusion auditing requirements for telecoms businesses and the FCA’s reporting obligations on payments and e-money firms under the Limited Network Exclusion.
If you’d like help submitting regulatory returns via Gabriel (the FCA’s online system for collecting and storing regulatory data from firms), we can also help with this.
We’re always happy to hear from businesses operating in this space. So if there’s anything at all you’d like some help, advice or support with, please don’t hesitate to get in touch.