Under the proposed revisions to the FCA Safeguarding Rules, CP24/20 creates more detailed and prescriptive rules for payment firms, setting out the requirements to protect the funds they hold for customers.
These rules must be considered in greater detail as the new regime is implemented over the two phases, as the formal replacement of existing guidance within the Payment Service and E-Money regulations moves into a new chapter of the Client Asset Sourcebook.
In this article we draw parallels across two equivalent rules, dealing specifically with the expectations placed upon auditors when preparing a client assets report (SUP 3.10.5) and the proposed phase one, interim rules for a Safeguarding report (SUP 3A.9.5).
SUP 3.10.4 R provides that an auditor must ensure that a client assets report is prepared in accordance with the terms of, as the case may be, a reasonable assurance engagement or a limited assurance engagement. However, the FCA also expects an auditor to have regard, where relevant, to material published by the Financial Reporting Council that deals specifically with the client assets report which the auditor is required to submit to the FCA. In the FCA’s view, a client assets report that is prepared in accordance with that material is likely to comply with SUP 3.10.4 R and SUP 3.10.5 R where that report is prepared for a firm within the scope of the material in question.
SUP 3A.9.5
3A.9.5 G SUP 3A.9.1R and SUP 3A.9.2R provide that an auditor must ensure that a safeguarding report is prepared in accordance with the terms of, as the case may be, a reasonable assurance engagement or a limited assurance engagement. However, the FCA also expects an auditor to have regard, where relevant, to material published by the Financial Reporting Council that deals specifically with the safeguarding report which the auditor is required to submit to the FCA. In the FCA’s view, a safeguarding report that is prepared in accordance with that material is likely to comply with SUP 3A.9.1R to SUP 3A.9.3R where that report is prepared for a relevant institution within the scope of the material in question
The intent across both regimes is to extend the CASS approach of control effectiveness and substantive testing into the relevant funds regime for Safeguarding.
Following the more prescriptive Chapter 15, Payment Services and E-Money firms will be required to obligation map the new chapter to existing risk registers and control inventories and be capable of evidencing and demonstrating the effectiveness, accuracy and relevance of mitigating controls to minimise safeguarding risk exposure.
Firms must act to strengthen their risk management and control frameworks in anticipation of these rule changes. Now is the time to ensure these systems are not only accurate and comprehensive but also resilient enough to withstand rigorous audit scrutiny.
Amongst its services, Grath offers specialist CASS & Safeguarding regulatory compliance solutions which have been designed and built by risk and regulatory practitioners with years of practical expertise in financial services.
Our understanding and implementation of control and obligation mapping solutions for customers is well established and mature, allowing Payment Services and E-Money firms to benefit from the extensive experience across our development and implementation teams, thereby ensuring efficient and positive audit engagements.
If you are an authorised payment institution, e-money institution, or a credit union that issues e-money in the United Kingdom under the PSRs and EMRs, contact our team to learn more about how Grath can help you manage regulatory compliance, mitigate risk and automate Safeguarding reconciliations.