Contact sales
concerns across payment sector firms

Can you describe the kinds of firms that must perform safeguarding reconciliations?

The safeguarding regulations apply to authorised payment institutions, authorised e-money institutions, small e-money institutions and credit unions that issue e-money.

What must a firm do once it obtains permissions under the Payment Services Regulations 2017?

Firms must comply with the requirements to identify ‘relevant’ funds and ensure the correct balance is held in a safeguarded bank account.

Can you talk us through what funds need to be Safeguarded?

Under regulation 23 of the PSR’s, a firm must safeguard ‘relevant’ funds.

And what are relevant funds?

  • Sums received from, or for the benefit of, a payment service user for the execution of a payment transaction;
  • Sums received from a payment service provider (PSP) for the execution of a payment transaction on behalf of a payment service user.

What advice would you give a firm on how best to perform these sorts of reconciliation?

  • Firms should look to embed technology to automate processes, ensuring relevant funds are identified and safeguarded.
  • Invest in staff training to provide the right level of skill and expertise.
  • There should be a system of controls in place to ensure that relevant funds are reconciled accurately and appropriately safeguarded.

What are the common challenges teams face when carrying out a Safeguarding reconciliation?

Understanding, on a firm by firm basis how often the safeguarding reconciliation is to be carried out. No one approach fits all firms and the frequency must be reasonable for the size and complexity of the business model. Additionally, where the firm uses multiple currency bank accounts there is a need to normalise the reconciliation. A firm should also agree upon, and consistently apply the type of reconciliation it performs i.e., a balance or transactional reconciliation.

Which methodologies have you been using, what are the pros and cons?

There are two ways which a firm may safeguard relevant funds;
A. The segregation method
B. The insurance or guarantee method

Firm’s may also choose to employ both methods; but a firm will need to make it clear within its records which funds are safeguarded using each method.
The segregation method requires the firm to hold relevant funds in a separate bank account and must do so immediately upon receipt.
The insurance or guarantee method requires the firm to arrange an insurance policy or comparable guarantee and will need to cover all relevant funds or certain relevant funds (with the remainder being protected by the segregation method).

What recommendations can you make around systems and controls?

It’s recommended for firms to carry out proactive risk assessments and evaluate their current controls to ensure risks can be controlled and minimised where appropriate. Following a risk-based approach, it would be sensible to review the firms breach or incident log to understand where risk event “hot spots” occur within the business. Root cause analysis performed across incidents can indicate what controls could have been implemented or improved to prevent recurrence.
A firm must consider mapping its risks to controls to easily demonstrate to an auditor or other interested parties such as the regulator on how it maintains oversight of its processes.

Can you give any advice on record retention and maintaining audit trail, particularly concerning discrepancies?

Governance and management oversight is crucial and demonstrating audit trail must be ingrained into the firms operational risk culture. Firms should be able to refer to, and adhere to their internal policies and procedures; that should reference areas such as data retention, frequency of reconciliation and the resolution of any reconciliation discrepancies.

A firm should focus on maintaining a full audit trail across the period of time a discrepancy remains unresolved. The person who conducted the reconciliation and what checks or validation were carried out thereafter should also be documented. It makes sense to have some form of repository tool; a one stop shop where records and reconciliations can be stored against digitised completion statements or attestations.

Can you give any recommendations on how to manage reconciliation quality checks around the reconciliation process?

Reconciliations should be regarded as a detective control and the final stage before relevant funds are safeguarded and  protected. Firms should consider their wider operational environment and look to develop preventative controls so that reconciliations are not the sole nor final point of control. Validation and approval steps should be embedded into upstream processes with final reconciliations being subject to quality checks and sign off to evidence completion.

To learn more about our purpose built Safeguarding Reconciliation platform, please click here or contact us at gareth.foulkes@grath.com

To follow our Linkedin pages for insights click here

Discover the future of CASS and Safeguarding reconciliations
Your request has been submitted successfully
We will get in touch with you immediately via email.
Ok, thanks.