The Financial Conduct Authority has issued a dear CEO letter to payment firms
04 April 2023
04 April 2023
What you need to know
What you need to do
On 16 March 2023 the Financial Conduct Authority published a Dear CEO letter to all Payment Firms, which includes all firms subject to the Payment Services Regulations 2017 (PSRs) and the Electronic Money Regulations 2011 (EMRs).
It is no surprise that the FCA issued a Dear CEO letter titled 'FCA Priorities for Payment Firms' following the near collapse of Silicon Valley Bank in the UK, who as we all know, is a banking provider to many technology firms including FCA regulated platforms, Electronic Money firms and Payment firms.
The letter sets out key priorities for payment firms and draws focus on three outcomes the FCA expects firms to address which are key whilst there are heightening concerns around the factors that led to the collapse of SVB and tightening economic conditions.
Interestingly the outcomes based letter, draws attention to the interconnectedness between operational resilience, financial resilience and operational risk. Drawing these themes together, the letter seeks to address the FCA's concerns that payments firms do not have sufficiently robust controls which may result in some firms presenting an unacceptable level of harm to customers and risk to the integrity of the wider financial system.
Payments firms must ensure customers money is safe through three priorities: safeguarding, prudential risk management, and wind down planning.
A. Safeguarding: Firms should have processes and controls in place to ensure customer funds are safe, and the FCA Approach document outlines guidance for firms to ensure appropriate organisational arrangements are in place to do this.
These obligations apply when a firm is a going concern to minimise loss to clients, with firms expected to:
B. The FCA has encouraged regular reviews of prudential risk management arrangements and firms must meet their regulatory capital requirement at all times. This cannot just be a documentation exercise and firms must forecast their likely financial performance in a range of plausible scenarios, and consider holding additional capital where necessary. Financial resilience is in a new era whereby qualitative operational risk factors must be carefully considered with quantitative measures.
C. Wind down plans should be maintained and include clear triggers to indicate commencement of reactions in a stress situation including the orderly, solvent winding down of a business. The plan has been addressed by most firms as a desk top exercise however, the most important consideration is that these plans should be operable and cover a play book of both decision points and actions.
It is no surprise that criminals have sought out ways to expose the recent rise of payment firms which typically sit in the middle of a transaction. With increasing financial crime amongst payment firms, firms must consider (1) money laundering and sanctions obligations and (2) fraud prevention requirements.
Common failures identified by the FCA include:
A cost of living crisis facilitates the perfect storm for fraudulent activity. With that in mind, payments firms are directed to review their customer fraud education processes, enhance fraud prevention systems and controls, engage with industry bodies on information sharing, and remediate any consumer fraud reporting backlogs.
Customer needs must be met through implementation of the FCA's consumer duty. This messaging is no surprise but what it means to payment firms must be well understood. The FCA's expectations for implementing these expectations can be found here.
The FCA identified three cross cutting principles to underpin the outcomes already discussed. These principles are Governance and Leadership, Operational Resilience and Regulatory Reporting.
Firms must have appropriate governance arrangements, risk procedures and controls in place. They must ensure their agents and distributors are registered with the FCA and comply with regulations. Important business services should be identified, with impact tolerances set and plans in place to remain within these tolerances.
Firms must provide accurate information in a timely manner, failure to do so will result in an administrative charge or, in severe cases, enforcement.
It is believed that taking this multi-layered, outcomes based approach will drive positive change in the industry and facilitate the FCA's strategy towards minimising customer harm, minimising risk to the integrity of the wider financial system, and various ESG outcomes.
Authors: Nisha Sanghani, Partner, Regulatory, Governance, Operational Risk & Resilience and Change; Stuart Campbell, Executive , Regulatory, Governance, Operational Risk & Resilience and Change; Abigail Yardley, Executive Regulatory, Governance, Operational Risk & Resilience and Change; Meg Whelan, Specialist Regulatory, Governance, Operational Risk & Resilience and Change
This publication is from Ashurst Risk Advisory LLP which is a limited liability partnership registered in England and Wales under number OC442883. It provides services under the Ashurst Risk Advisory brand and is part of the Ashurst Group. Ashurst Risk Advisory services do not constitute legal services or legal advice, and are not provided by qualified legal practitioners acting in that capacity. Ashurst Risk Advisory is not regulated by the Solicitors Regulation Authority of England and Wales. The laws and regulations which govern the provision of legal services in other jurisdictions do not apply to the provision of risk advisory services. For more information about the Ashurst Group and the services offered, please visit www.ashurst.com. The term "partner" in relation to Ashurst Risk Advisory is used to refer to a member of Ashurst Risk Advisory or to an employee or consultant with equivalent standing and qualifications.
The information provided is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to.
Readers should take legal advice before applying it to specific issues or transactions.