FCA publishes Final Guidance and Dear CEO letter on Coronavirus and Safeguarding Customers' Funds


The Guidance

The Guidance aims to temporarily strengthen Payment Firms’ approach towards safeguarding and prudential risk management in light of Coronavirus and subsequent economic pressure. The FCA will conduct a full consultation later in 2020/21 on changes to its Approach Document. The key takeaways from the Guidance are as follows:

Proposals for Payment Firms subject to safeguarding requirements

  • Keeping records and accounts and making reconciliations – Where there is potential for discrepancies regarding the records and accounts of “relevant funds”, Payment Firms should carry out reconciliations on at least a daily basis and Payment Firms should clearly document their reconciliation process and relevant rationale.

The FCA should be notified if Payment Firms are unable to comply with the safeguarding requirements.

  • Safeguarding accounts and acknowledgment letters – The safeguarding account must be named in a way that shows it is a safeguarding account and this means the account name should include the word ‘safeguarding’, ‘customer’, or ‘client’. If this designation cannot be made clear in the account name, the FCA expects Payment Firms to provide evidence, such as a letter from the relevant credit institution or custodian, confirming the appropriate designation. An acknowledgement letter (an example of which is set out in Annex 1 of the Guidance) should be entered into to make it clear that the safeguarding credit institution or custodian, has no interest in, recourse against, or right over the relevant funds or assets in the safeguarding account. Where this is not possible the Payment Firm should have an alternative way of demonstrating this. The FCA has explicitly said that Payment Firms are holding the monies on trust.
  • Selecting, appointing and reviewing third parties – Payment Firms should carry out periodic reviews of their providers as often as appropriate, at least annually, and whenever a firm might reasonably conclude that anything affecting the appointment decision has materially changed.
  • Unallocated funds – Where a Payment Firm is unable to identify the customer entitled to funds received, these funds should be treated as “relevant funds” and should be safeguarded as such. Payment Firms should use reasonable endeavours to identify the customer to whom the unallocated funds relate. Before allocation of the funds to the relevant customer, the FCA expects Payment Firms to record the funds in their books as ‘unallocated customer funds’.
  • Disclosing information on treatment of funds on insolvency to customers – Payment Firms must avoid giving customers misleading impressions about how much protection they will get from safeguarding requirements. They should also avoid suggesting that the relevant funds are protected by the Financial Services Compensation Scheme.

Proposals for Authorised Payment Institutions (“APIs”) and EMIs subject to safeguarding requirements

  • Annual audit of compliance with safeguarding requirements – An auditor must notify the FCA if it is aware of a breach of any regulatory requirements by relevant firms that is of material significance (including breaches of safeguarding or organisational arrangements). Relevant firms must also arrange for specific annual audits of their compliance with the safeguarding requirements.

Proposals for small Payment Institutions and small EMIs only subject to safeguarding requirements

  • Small Payment Institutions – The FCA now clarifies that, when complying with Principle 10, all firms including Small Payment Institutions (“SPIs”), should keep a record of the customer funds that they hold. The FCA encourage SPIs to consider safeguarding their customers’ money voluntarily. This also applies to small EMIs in respect of payment services unrelated to issuing e-money

Proposals for EMIs only subject to safeguarding requirements

  • When the safeguarding obligation starts – EMIs should not treat relevant funds that they are required to safeguard as being available to meet their commitments to a card scheme or another third party to settle payment transactions.

Proposals for Authorised Payment Institutions and EMIs regarding risk management

  • Capital adequacy – The FCA has repeated the need for APIs, authorised EMIs (“AEMI”) and small EMIs (“SEMI”) to accurately calculate their capital requirements and resources on an ongoing basis. The FCA clarifies that as best practice, these firms should deduct assets representing intra-group receivables from their own funds. Although the FCA considers the above ‘best practice’, the Guidance specifies that it is not the only way of complying with the risk management requirements, but if you choose another method you must explain the rationale for it.
  • Liquidity and capital stress testing – The Guidance confirms that relevant firms should carry out stress testing to analyse their exposure to a range of severe business disruptions, or the failure of one or more of their major counterparties. If they are part of a group, they should carry out stress testing on a solo basis, taking into account risks posed by its membership of the group.
  • Risk-management arrangements – The FCA expects relevant firms to consider their own liquid resources and available funding options to meet their liabilities as they fall due. Firms should also consider whether they need access to committed credit lines to manage their exposures.
  • Wind-down plans – APIs, AEMIs and SEMIs must have a wind-down plan to manage their liquidity, operational and resolution risks. Plans should consider the winding-down of the firm’s business under different scenarios, including insolvency. The FCA also notes that relevant firms which are members of a group should ensure that their wind-down plan considers how the regulated firm within the group would manage its liquidity, operational and resolution risks in a solvent and insolvent scenario, on a solo basis.
  • Governance and controls – Relevant firms must have robust governance arrangements, and effective procedures to identify, manage and monitor risks, in accordance with their conditions of authorisation or registration. Senior management should ensure that firms regularly review systems and controls, including governance arrangements; these should reflect particular firms’ specific risks, business model and growth.

The Letter

The FCA has confirmed that risks to consumers in the payment services sector is an FCA priority requiring supervisory focus and intervention. The Letter sets out the actions the FCA expects Payment Firms to take to prevent harm to customers across six key areas; safeguarding, prudential risk management, financial crime, financial promotions and consumer communications, governance and oversight and records management and reporting.

The key highlights are:

  • Safeguarding – Firms should review their safeguarding arrangements regularly to ensure that these remain complaint at all times and in particular as their business changes. The FCA expects to see that firms have acted to review and remediate their safeguarding arrangements where required, taking into account the guidance in the approach document and the Guidance published by the FCA .
  • Prudential risk management – The FCA expects to see that firms have acted to review and remediate their risk management where required, including assessments of quality and quantity of liquidity and orderly wind-down plans.

The FCA has been quite prominent in stating that it will be doing active testing of compliance and adopting a more interventionist approach then it is currently doing so.

Additionally, the Letter reminds Payment Firms of the importance of preparing for Brexit. If a firm has customers in the EEA, they will need to decide on their approach to servicing existing contracts with them. They should be guided by what is the right outcome for customers and take the necessary steps to follow local law and regulator expectations. Notably, it would in many cases be a poor outcome for customers if firms suddenly stopped servicing them. Firms may find it beneficial to read the recent commission paper which talks about these specific points.

The FCA expects the Letter to be discussed and acted on to ensure compliance at board level. Principal firms are expected to ensure their appointed agents comply with the contents of the letter that are relevant to them. Payment Firms should be aware that the FCA expects them to explain the actions that have been taken in response to the Letter, focusing in particular on how customers have been sufficiently protected.

This article was first published in Thomson Reuters on 17 July 2020.

Co-authored by Oliver Bridal