Safeguarding arrangements – Payment Service Providers (PSP’s) 🔒
The FCA remains a strong advocate for the industry and have authorized hundreds of electronic money and payment institutions in recent times, so naturally, the regulator’s interest in this area of the market has intensified.
This intensification has led to closer scrutiny by the FCA, and concerns have been expressed around the strength of firms’ oversight and governance structures, highlighting issues such as anti-crime controls and an increase in fraud rates. When considered within the context of the cost of living crisis and the FCA’s objective of reducing customer harm, such firms must carefully consider their operating model and seek to implement and manage robust controls to reduce the risk of harm to their customers and the wider market.
The FCA have increased their communications in this area of late, culminating most recently in March of this year outlining “FCA priorities for Payment Firms” – https://www.fca.org.uk/publication/correspondence/priorities-payments-firms-portfolio-letter-2023.pdf
The protection of customer funds is central to the PSD rules with firms required to identify relevant funds and correctly segregate them in a timely manner. A safeguarding account is a financial mechanism used to protect client funds in the event of a financial institution’s insolvency. It is a special type of account where funds held on behalf of clients are separated from the financial institution’s own funds, and are not available to the institution in the case of its insolvency.
If the financial institution becomes insolvent, the client’s funds held in the safeguarding account remain ring-fenced and protected from the institution’s creditors.
Following the published findings of the multi-firm review of fast-growing firms (FGF’s) – https://www.fca.org.uk/publications/multi-firm-reviews/fast-growing-firms , payment service firms have experienced rapid growth over a 3-year period, with the FCA identifying the following areas requiring improvement:
Firms were viewed as not keeping pace with risk management and governance arrangements alongside business growth with a lack consideration and awareness of regulation across inspected firms. Foreseeing upcoming regulatory change, and a lack of planning to manage such change was noted.
Firms’ capability to identify and describe relevant funds(1) in relation to their business model and the point at which funds become relevant funds and need protection/segregation were highlighted as a key area of concern.
Firms generally understand how the regulations apply to them and their products, but have less clarity on which actual payment services they provide, when they provide them and the capacity in which they transact (agent or distributor). These types of situations can easily start to increase the complexity and present challenges for firms, particularly when identifying the point at which the funds require safeguarding.
Firms are expected to maintain records and accounts to evidence their compliance with the safeguarding obligations, including decisions made and rationales relating to procedures and the control environment under which they operate.
Responsibilities and clear parameters for operation of controls and processes that underpin the firms safeguarding obligations must be present, ensuring organisational arrangements exist and can be evidenced and sufficient to explain the firm’s compliance to the rules. Regular review, testing and monitoring of the firms safeguarding arrangements and reconciliations are necessary components, that align well to good client outcomes and are indicative of a firm’s positive governance posture.
It is critical for firms to have clear rationale for their arrangements and to be able to explain how their systems and controls would ensure compliance with them.
The obligation on firms to safeguard starts upon receipt of relevant funds. For firms electing to use the segregation method, funds must be segregated upon receipt. If relevant funds continue to be held at the end of the business day following the day of receipt, the firm must:
Best practice and the regulator expectation is that firms segregate relevant funds by receiving them into a separate account and in the event of any mixed remittance, that those other funds are removed as frequently as is practicable throughout the day.
In no circumstances should such funds be kept together overnight.
Where relevant funds are held on a firm’s behalf by agents or distributors, the firm cannot discharge its fiduciary responsibility and it remains responsible for ensuring that the funds are segregated, with adequate and compliant practices in place to ensure relevant funds are safeguarded appropriately.
It remains possible to segregate the equivalent funds, but a firm needs to ensure it can accurately quantify and protect the requisite value and demonstrate that rationale and calculation in good time at intraday points and at end of day, with a comprehensive explanation to accompany and justify the segregated value.
Organisational arrangements must be sufficient to minimise the risk of the loss or diminution of relevant funds or assets through fraud, misuse, negligence or poor administration (regulation 24(3) of the EMRs and regulation 23(17) of the PSRs 2017).
This requirement is in addition to the general requirements on institutions to have effective risk management procedures, adequate internal control mechanisms and to maintain relevant records. They should monitor these procedures through robust governance arrangements.
Accounts holding relevant funds must be designated in a way that clearly shows it is a safeguarding account and this clarity must be confirmed with the institution to ensure funds are not comingled with firms own funds.
No person other than the institution may have any interest in or right over the relevant funds or the relevant assets in these accounts.
Similar to the CASS regulations, firms should carry out internal and external reconciliations as often as necessary, considering the risks to which the business is exposed and being cognizant of the volume of activity and complexity in transactional activity that exists.
Firms should document their rationale for the reconciliation and approach, and ensure this is documented and signed off by its board of directors. Firms should carry out reconciliations as often as is practicable.
Where there is a discrepancy or the potential for discrepancies exist between the balance in the safeguarding account, and the amount that should be safeguarded, the firm should address the deficit to ensure protection is at the adequate level.
In no circumstances would it be acceptable for a firm to carry reconciliation less than once during each business day. The reconciliation should result in the amount of funds or assets safeguarded being:
The requirements to safeguard customer funds aim to protect consumers and the industry from suffering financial loss or other harm if a firm fails.
The regulator has continued focus in this area since 2019 and beyond the post pandemic period, to ensure firms have effective and resilient solutions in place to comply with their obligations.
Grath have purpose-built solutions that enable firms to meet their obligations. The focus areas that we can help with are as follows:
If you’d like to know how Grath’s technology can help you with safeguarding, then we’d love to talk!
(1)The PSRs define relevant funds as (a) sums received from, or for the benefit of, a payment service user for the execution of a payment transaction, and (b) sums received from a payment service provider for the execution of a payment transaction on behalf of a payment service user. In the EMRs they are defined as funds that have been received in exchange for electronic money that has been issued.