The FCA’s temporary suspension of payments processed through Wirecard has now been lifted. But it seems that some customers of UK payment services providers continue to have issues access their accounts. Given that a quarter of UK families have less than £100 in savings, and many more are living one paycheque to the next, any disruption, particularly one occurring around payday, is a significant issue, and one that will cause real customer detriment to consumers.
These are the kind of stories that appear in MPs’ inboxes, find their way to the ears of Treasury Select Committee members, and end up in the “something must be done” pile at the FCA – as the Wirecard failure impacts two of the three pillars of the FCA’s conduct risk objectives: good customer outcomes, and market confidence.
To be fair to the regulator, the FCA have been increasingly vocal about the PSP sector. And perhaps they are taking the view that the balance between opening up markets to innovative competitors, and conduct risk requirements, may need adjusting. There are echoes here to the experience with peer-to-peer lending – where the initial positive and supportive approach from the FCA soon changed when the regulator took the view that the sector had not heeded warnings to put its house in order.
FCA focus on PSPs
In late 2019, the FCA highlighted that payment service providers – or PSPs – would be in scope in their work on building operational resilience. In early 2020, it was announced that PSPs would be a priority area of focus in the FCA 20/21 Business Plan. And this was followed in May by proposals for additional temporary guidance. This paper focused on the prudential risks of PSPs, the need to have effective safeguarding in place for customers’ funds, requirements for robust risk management controls and realistic wind-down plans. So the Wirecard situation will only serve to concentrate the regulator’s mind further.
Payment service providers – meeting the FCA’s expectations
PSP firms should therefore look to put their own houses in order, before the FCA comes knocking:
The prudential requirements highlighted in the FCA’s paper are important. However, prevention is better than cure, so ensuring the soundness of the underlying framework of the firm is key.
The formal consultation on operational resilience has been put back by the regulator, but the underlying principles remain the same. Issues like Wirecard are Op Risk concerns. Firms should ensure they fully understand their business processes, and are able to identify potential failures, before they happen. Both within their own processes, and with outsourced providers.
This is another hot topic for regulators (with the PRA, FCA, EBA and IOSCO all weighing in, in recent months), and clearly core to the Wirecard issue. PSPs – and to be fair, all firms – should ensure initial and ongoing due diligence is done effectively. In this, the fact that the outsourced provider is regulated in an established jurisdiction (or even regulated by the FCA), is not, in itself, an adequate check. And neither is an audit report from a Big 4 accountancy firm. Firms need to conduct thorough checks prior to signing the contract, and undertake ongoing monitoring that covers both commercial and conduct risks metrics.
All the above points mean nothing if an effective governance and control framework is not in place. Good management and good risk identification and control remain key. And this is a point the regulator is well aware of. PSP firms should anticipate that as part of their review of the sector, the FCA may well propose the introduction of more formalised governance structures.
PSP firms must show they are controlling risks
PSP and the wider fintech sector have helped to democratise and liberalise the financial services marketplace. And this is a positive movement, that should continue. However, that is dependent on firms being able to demonstrate that they have identified and controlled the risks within their operations.