New guidance for payments firms on customer funds

The FCA is expecting more from payments and e-money firms when it comes to safeguarding customer funds. The FCA finalised guidance released this month outlines guidelines for the industry. Its intention is to “strengthen firms’ prudential risk management and arrangements for safeguarding customers’ funds in this period of economic stress”. The updated guidance mean most affected firms will have to take action, and points to a closer alignment with the CASS rules.

The Covid-19 pandemic has led to increased scrutiny from the FCA of the controls that firms have in place to protect money belonging to customers. Lessons learned during the 2008 financial crisis are likely to have contributed to the current focus. Memories of the collapse of firms and difficulties in returning money and assets to clients are still all too fresh. As a result, the FCA have issued new guidance for payment and e-money firms, covering safeguarding and prudential risk management. The safeguarding aspects of the guidance, which we look at here, will bring requirements more in line with those that exist for investment firms.

Finalised FCA guidance on safeguarding for payment and e-money firms

The guidance, Coronavirus and safeguarding customers’ funds: additional guidance for payment and e-money firms, was released on 9 July 2020. It increases expectations for firms safeguarding customer funds in a number of respects and whilst it’s temporary guidance, the FCA advises that they hope a full consultation will follow and that it’s likely that the additional guidance will be incorporated into their existing document: Payment services and electronic money: our approach.

Compliance with new safeguarding guidelines

For most e-money and payment services firms, it’s likely that immediate action will be needed to check compliance with the new temporary guidance. These include a number of areas: records, accounts and reconciliations, safeguarding accounts, acknowledgement letters, selection and appointment of third parties, timing of safeguarding obligations, unallocated funds, audit, small payment institutions and disclosing information during insolvency.

Records, accounts and reconciliations

The FCA reminds e-money and payment services firms that accurate record keeping underpins the Electronic Money Regulations (‘EMR’) and Payment Service Regulations (‘PSR’). Not only should the firm keep accurate records and reconciliations, it should also document its rationale for the related processes. All of this provides assurance that should an insolvency practitioner be required funds can be returned to clients without undue delay. The guidance highlights that certain types of transaction may make discrepancies in records more likely to occur and that firms must take the nature of transactions into account when determining how often to carry out reconciliations. The guidance makes clear that the FCA expect firms to carry out reconciliations no less frequently than once a day. They also expect firms to have documented their reconciliation process. In our experience, this should be done in a way in which someone who’s not familiar with the process could pick up the process document and follow it.

Safeguarding accounts

The existing Approach Document outlines that relevant funds must be kept in a safeguarding account. In the additional guidance, the FCA clarifies that this means that the accounts should include the word ‘safeguarding’, ‘customer’ or ‘client’ in the name of the account. This is something that e-money and payment firms may need to take immediate action on, if your current safeguarding accounts aren’t named in that way. If the credit institution that you use for the safeguarding account isn’t able to make the change to the account name, you will need to obtain a letter from them confirming the appropriate designation.

Acknowledgement letters

The Approach Document also requires firms to have an acknowledgement to demonstrate that the safeguarding credit institution or custodian has no interest in or recourse against over the relevant funds in the account. In the additional guidance, the FCA provides a template acknowledgement letter that should be used for this purpose. This is similar to the type of acknowledgement letter that investment firms are required to obtain for client bank accounts, so we would hope that most credit institutions and custodians would be familiar with them. However, there is immediate action needed to get compliant letters in place for all relevant accounts. If the firm is unable to get the letter in place for any accounts, work will be needed to make sure that you’re able to demonstrate that the credit institution or custodian doesn’t have any rights over the money, which maybe covered in the existing terms and conditions. The FCA have said that they may ask firms to provide them with copies of the letter or other relevant documents and this is something that we certainly see happening with regularity for investment businesses. Non-compliant letters often give a fairly clear indication of the firm’s approach to safeguarding compliance and may well result in further questions from the FCA.

Selection and appointment of third parties

The Approach Document requires firms to exercise due skill, care and diligence when selecting and appointing a third party involved in the custody of client funds. The additional guidance now clarifies that firms should conduct due diligence reviews no less than annually, and more frequently if something has changed that affects the decision made by the firm to use the third party. Immediate action is needed by firms and they should check when due diligence was last carried out on any relevant third parties and if it was more than a year ago, it should be updated as a priority.

Timing of safeguarding obligations

The Approach Document explains that relevant funds are those funds received in exchange for the e-money that has been issued. Funds received via card payment etc only have to be safeguarded when they are actually credited to the payment account or otherwise made available to the e-money provider (or after 5 business days). In some cases, e-money providers allow customers to make payment transactions before their funds have cleared into the firm’s payment account. The additional guidance outlines that e-money firms should not treat relevant funds that it’s required to safeguard as being available to meet its commitments to a card scheme or another third party to settle the payment transactions. Some e-money firms will need to review their controls in this area, to make sure they’re not falling foul of the additional guidance.

Unallocated funds

The additional guidance again aligns the requirements with those for investment firms in CASS by specifying how allocation of funds to customers should happen and what to do if you’re not sure whether funds you’ve received are relevant funds or not. If a firm receives funds and is confident that they are relevant funds, but is initially unable to identify the customer that they should be allocated to, then the firm must record the funds as ‘unallocated customer funds’ within its records and safeguard the funds. The FCA expect firms to use reasonable endeavours to the customer to whom the funds relate. If a firm is unsuccessful in doing this, they are expected to consider returning the funds to source (whilst keeping in mind any money laundering risks).

Audit

Under the Approach Document, auditors are required to notify the FCA if they find that a firm is in breach of any of the requirements of PSR or EMR. The additional guidance puts a significant responsibility on the regulated firms to be able to demonstrate to the FCA that they have adequate internal control mechanisms. To do this, firms are expected to arrange specific audit of compliance with PSR and/or EMR safeguarding requirements by an audit firm, independent external firm or consultant, if it’s required to have an audit under the Companies Act. The additional guidance explains that in appointing the external party for this task, firms must assess whether the third party has the relevant specialist skill in auditing a firm’s compliance with PSR and/or EMR safeguarding requirements. This is another area that may present a large change to some firms as in some cases, the need for this specialist audit will be new. The need for due diligence as part of the auditor selection should not be underestimated and investment firms have seen how important it is to be able to provide a sound rationale for the selection.

Small Payment Institutions

Small Payment Institutions are not required under the EMR or PSR to safeguard customer funds, although they are still subject to Principle 10 of the FCA’s Principles of Business. The FCA use the additional guidance to remind small payment institutions of this responsibility and urge them to consider safeguarding funds voluntarily.

Disclosing information during insolvency

The additional guidance includes some very specific guidance on firms disclosing information on the treatment of funds to customers on insolvency. The FCA emphasise that firms should avoid misleading customers by suggesting that funds are protected by deposit protection schemes, suggesting that safeguarding protections extend to non-regulated business, or suggesting that customer funds would be repaid in priority to an insolvency practitioner fees.

We are experts in CASS

It is clear that there are many parallels within this guidance to the CASS rules. It would seem that the FCA is looking to align e-money and payment service regulation to the CASS rules. Bovill has an experienced specialist team of CASS experts who are able to help you understand and comply with the new guidance.