The safeguarding regulations apply to authorised payment institutions, authorised e-money institutions, small e-money institutions and credit unions that issue e-money.
Firms must comply with the requirements to identify ‘relevant’ funds and ensure the correct balance is held in a safeguarded bank account.
Under regulation 23 of the PSR’s, a firm must safeguard ‘relevant’ funds.
Understanding, on a firm by firm basis how often the safeguarding reconciliation is to be carried out. No one approach fits all firms and the frequency must be reasonable for the size and complexity of the business model. Additionally, where the firm uses multiple currency bank accounts there is a need to normalise the reconciliation. A firm should also agree upon, and consistently apply the type of reconciliation it performs i.e., a balance or transactional reconciliation.
There are two ways which a firm may safeguard relevant funds;
A. The segregation method
B. The insurance or guarantee method
Firm’s may also choose to employ both methods; but a firm will need to make it clear within its records which funds are safeguarded using each method.
The segregation method requires the firm to hold relevant funds in a separate bank account and must do so immediately upon receipt.
The insurance or guarantee method requires the firm to arrange an insurance policy or comparable guarantee and will need to cover all relevant funds or certain relevant funds (with the remainder being protected by the segregation method).
It’s recommended for firms to carry out proactive risk assessments and evaluate their current controls to ensure risks can be controlled and minimised where appropriate. Following a risk-based approach, it would be sensible to review the firms breach or incident log to understand where risk event “hot spots” occur within the business. Root cause analysis performed across incidents can indicate what controls could have been implemented or improved to prevent recurrence.
A firm must consider mapping its risks to controls to easily demonstrate to an auditor or other interested parties such as the regulator on how it maintains oversight of its processes.
Governance and management oversight is crucial and demonstrating audit trail must be ingrained into the firms operational risk culture. Firms should be able to refer to, and adhere to their internal policies and procedures; that should reference areas such as data retention, frequency of reconciliation and the resolution of any reconciliation discrepancies.
A firm should focus on maintaining a full audit trail across the period of time a discrepancy remains unresolved. The person who conducted the reconciliation and what checks or validation were carried out thereafter should also be documented. It makes sense to have some form of repository tool; a one stop shop where records and reconciliations can be stored against digitised completion statements or attestations.
Reconciliations should be regarded as a detective control and the final stage before relevant funds are safeguarded and protected. Firms should consider their wider operational environment and look to develop preventative controls so that reconciliations are not the sole nor final point of control. Validation and approval steps should be embedded into upstream processes with final reconciliations being subject to quality checks and sign off to evidence completion.
To follow our Linkedin pages for insights click here