In a ‘Dear CEO’ letter the FCA has set out clear requirements for payment institutions (PIs) and e-money institutions (EMIs) operating within the payment services sector to act on new guidance focused on customer protection.
The letter notes the pressures brought about by Covid-19 and the imperative to “act to prevent harm to your customers.”
Outlining six key areas where firms much act to review and improve their compliance procedures to protect consumers, the FCA goes on to warn that “We will act swiftly and decisively if you fail to meet our expectations.”
“We base our action on intelligence and proactive analysis using a range of indicators to identify firms to proactively contact, or visit to ensure that the relevant standards are met. Where we identify weaknesses, we will take action to ensure that firms meet the requirements," the letter reads.
“If we see a firm’s actions are likely to lead to consumer harm we will act swiftly. This may include restricting permissions to conduct regulated activity and cancelling permissions if it will protect consumers.”
The six areas identified in the letter relate to non-compliance with firms’ obligations under the Payment Services Regulations 2017 and the Electronic Money regulations 2011 harms consumers.
Safeguarding is first addressed, following the FCA finding widespread issues with how firms safeguard customer funds the FCA is testing firms’ safeguarding arrangements which are still showing inadequacies. Firms are instructed review safeguarding arrangements to ensure compliance, including additional guidance released today.
The FCA also underlines prudential risk management, as it has found several firms have calculated their own funds’ requirement incorrectly, others used inadequate governance and controls. Firms must ensure they have sufficient regulatory capital to incur losses while remaining solvent.
The letter states that several firms have been failing to appropriately manage financial crime risks. The watchdog insists that firms must be aware of financial crime risks inherent in their business and consider potential risks posed by innovative products and unusual business models.
Governance and oversight, particularly in light of APIs and EMIs, is another area the FCA instructs must be reviewed regularly to ensure that firms remain compliant as the business changes or grows. The final two areas explored by the guidance pertain to financial promotions and consumer communications and records management and reporting.
Matt Hopkins, of the global banking team, BDO commented that “This is the end of light touch regulation of e-money and payment institutions.”
“The historic lighter touch regulation may have given a false assurance that these firms are non-complex - when the truth is the opposite…The proposed rules address this disconnect between the scale and complexity of the sector and its previous regulatory regime.”
“E-money institutions have grown exponentially - operating across jurisdictions, with multi-product and multi-channel offerings. The regulator has become, understandably, more concerned about the volumes of customer funds in a sector over which it has less oversight than stakeholders may expect.”
The FCA’s warning shot comes off the back of Wirecard’s extraordinary unravelling. A swathe of UK based fintechs were caught in the crossfire when the FCA imposed a temporary suspension on Wirecard’s activity in the UK. Dozens of fintechs’ reliant on the collapsed payments technology provider were faced with disastrous circumstances as their customers were unable to access their own funds.
Hopkins' comments are particularly resonant in light of the Wirecard debacle: “A number of E-money and payment services providers (PSPs) have become integral to what is a very interconnected and complex payments architecture with significant sums of retail cash transacted daily.”
“The safeguarding requirements are the absolute cornerstone of the e-money requirements. However, at any point in time there will be potentially highly significant sums of “cash in transit” and unallocated cash balances. If a payments business fails this complex web needs to be unravelled quickly to ensure there is no customer detriment and the regulator recognises that.”