Why has the FCA issued the letter?

While welcoming the competition and innovation it has seen in the payments sector, the FCA is still concerned that many payments and e-money firms do not have sufficiently robust controls leading to unacceptable risk of harm to their customers and to financial system integrity more broadly.

In the FCA’s view, this risk of customer harm is increased by the tightening economic conditions and the cost-of-living crisis. The letter was published within a week of the Silicon Valley Bank collapse in the U.S. (and rescue in the UK), which might not be entirely coincidental timing. In any case, it’s likely to act as a useful reminder to payments and e-money firms of where the FCA’s regulatory spotlight will fall in the coming weeks and months.

Three outcomes…

The FCA instructs firms to identify the messages in the letter that are relevant to their firm and take appropriate action to deliver three outcomes that it has set for them:

Outcome 1: ensure your customers' money is safe

• The FCA reminds firms of its 2022/25 Strategy commitment to focus on reducing harm from firm failure. It sets out three priorities in its approach to ensuring customer money is safe:
  • Safeguarding: It has identified a number of common failings in firms’ safeguarding arrangements including a lack of due diligence and acknowledgement of segregation from credit institutions providing safeguarding accounts, and variable compliance with its July 2020 guidance (now in its Payments and E-money Approach Document) on conducting an annual audit of safeguarding arrangements. Firms should ensure they are safeguarding customers' funds in line with applicable legislation and guidance.
  • Prudential risk management: Firms should regularly review their prudential risk management arrangements and ensure, among other things, that their firm meets its regulatory capital requirement at all times, considers the particular financial risks it faces, based on the business model it operates, and considers how those risks may be heightened by macroeconomic conditions, and plans well ahead to ensure it has adequate financial resources on an ongoing basis. As well as the Approach Document, the FCA directs firms to its Finalised Guidance FG20/1 on assessing adequate financial resources.
  • Wind-down planning: The FCA’s supervisory work has identified that many firms have not yet created wind-down plans and the plans that it has reviewed frequently fail to meet its expectations. Firms should ensure they have an appropriate wind-down plan in place that is reviewed regularly and kept up to date so it continues to meet the FCA's expectations. ​Firms should refer to the FCA’s Wind-down planning guide and the findings of its April 2022 thematic review of wind-down plans TR22/1, as good practice and for information about what to consider when preparing wind-down plans.

Outcome 2: ensure your firm does not compromise financial system integrity

• According to the FCA, payments and e-money firms are a target for bad actors due to their ability to provide bank-like services, willingness to service high-risk customers, and weaknesses in some firms’ systems and controls. The FCA has seen evidence of elevated fraud rates in some firms in the sector. It’s also concerned that there could be a further increase in fraud as a result of the cost-of-living crisis. With all of this in mind, priorities for firms should be:
  • Money-laundering and sanctions: AML systems and controls need to be effective and commensurate with business risks, with regular review of compliance with AML obligations and sanction requirements and compliance with responsibilities under the Proceeds of Crime Act 2002 and Terrorism Act 2000 through accurate and timely submissions of suspicious activity reports (SARs).
  • Fraud: Immediate action should be taken to protect customers against fraud risks and ensure they are not being used to receive the proceeds of fraud.​

Outcome 3: meet your customers' needs

• While good examples of positive innovation by payments firms which has created tangible benefits for customers and the payments ecosystem include the development of Open Banking, there are still incidences of products and services which do not consistently deliver good customer outcomes and payment firms not acting in customers’ best interests.
• Unsurprisingly, here the FCA expects firms to ensure that customer needs are met through adequate implementation of the new Consumer Duty. It refers firms to the recently published Consumer Duty implementation portfolio letter to payments and e-money firms, which sets out its expectations of their compliance with the Duty. For more on this, take a look at our Engage article UK Consumer Duty: FCA publishes further portfolio letters to help firms with implementation.

…underpinned by three cross-cutting priorities

The FCA has also identified three priorities which underpin the three outcomes described above:

Priority 1: governance and leadership, including oversight of agents and distributors

• The FCA describes inadequate governance and oversight as a ‘root cause’ of many of the regulatory issues in the payments portfolio (as highlighted in its July 2020 portfolio letter). Action should be taken action to ensure governance and leadership meets the FCA's expectations and governance arrangements should be regularly reviewed to ensure they remain robust and proportionate to the nature scale and complexity of the business. There is also a reminder of firms’ responsibilities when using agents and distributors.​

Priority 2: operational resilience

• The FCA makes it clear that it is proactively monitoring firms' progress in complying with the operational resilience requirements introduced in March 2022 and will take action where it identifies deficiencies.
• It also expects firms to monitor their dependency on providers of critical services (including technology and banking services) and have appropriate contingency plans to move providers if necessary.

Priority 3: regulatory reporting

• The FCA has seen ‘sustained non-compliance’ with its reporting requirements, which it considers ‘unacceptable’. It warns that it will make more frequent use of its right to charge firms that fail to meet the reporting deadlines an administrative charge of £250, and that ongoing failure may result in a referral to enforcement for cancellation.

What about the approach to firms seeking authorisation, registration or variation of permission?

• The FCA makes it clear that firms that submit poor quality applications for authorisation are likely to find their applications either rejected or refused.

A reminder of requirements on changes in control

• The FCA continues to see transactions where acquisitions or increases in control of payments and e-money firms complete without prior FCA approval.
• It reminds firms of the requirements on change of control and directs firms to the FCA’s dedicated webpages and Approach Document for further information on those requirements. There is also a reminder that the statutory requirements can be found in Part XII of the Financial Services and Markets Act 2000 (as applied and modified by Schedule 3 of the Electronic Money Regulations 2011 and Schedule 6 of the Payment Services Regulations 2017, respectively).

ESG and Diversity and Inclusion

• The FCA also expects payments and e-money firms to take action to support the ESG agenda and promote diversity and inclusion.

Risk of ‘swift and assertive action’ where firms cannot or will not meet the FCA’s standards

Where the FCA identifies issues, it will take ‘swift and assertive action’ to protect customers and ensure market integrity in accordance with the approach to supervision and enforcement described in its Approach Document, and in line with its 2022/25 Strategy commitment to act earlier and more assertively in dealing with problem firms. It will continue to intervene using the full range of its supervisory tools. In cases where firms can’t meet the conditions for authorisation, the FCA forewarns firms that it will take more assertive action sooner and will remove or sanction firms who cannot or will not meet its standards.

Next steps

There’s more ahead for the payments and e-money sector. The FCA is already planning to consult in the first half of 2023 on strengthening the requirements for safeguarding funds, using enhanced rule-making powers to be conferred on it as part of the Future Regulatory Framework Review. It aims to publish final rules around the end of 2023 or early 2024.

The government’s call for evidence on its review of the Payment Services Regulations 2017 closes on 7 April. In the call for evidence, the government recognises that the pace of change in payments policy has been a concern for some stakeholders in recent years. It reassures industry that as it considers the replacement of retained EU law in this area, policy change will only occur where there are concrete benefits or risks, and not for its own sake. Certain elements of the framework may be repealed and replaced to an accelerated timescale, where a clear and pressing need for change has been identified. This includes measures highlighted in the government’s review of the systemic perimeter and in the review of the PSRs – such as in relation to enhancing fraud prevention, safeguarding, and the fair protection of customers in relation to the termination of payment services. See our Engage article for more on the call for evidence: UK government reviews Payment Services Regulations and Payment Card Interchange Fee Regulations.

On safeguarding, the FCA is already planning to consult in the first half of 2023 on strengthening the requirements for safeguarding funds, using enhanced rule-making powers to be conferred on it as part of the Future Regulatory Framework Review being implemented via the Financial Services and Markets Bill 2022-23. It aims to publish final rules around the end of 2023 or early 2024.

The government is also planning a review of the Payment and Electronic Money Institution Insolvency Regulations 2021 in due course. As set out at consultation, the government intends for these regulations to apply across the UK where necessary, and is in the process of preparing the relevant regulations extending the regime to Northern Ireland and Scottish Limited Liability Partnerships. The review will be completed within two years of the regime having come into force throughout the UK.

If you would like to discuss any of the issues raised in the FCA’s portfolio letter for payments firms, please get in touch with one of the contacts listed in this article.

Authored by Virginia Montgomery.