Portfolio Letter: FCA priorities for payments firms [pdf]

The Financial Conduct Authority, FCA, has published a new Portfolio Letter addressed at payment service providers in which the Authority outlines some major concerns about and deficiencies in current practices of payment firms in the below noted areas and sets out its expectations in this context. The key concerns / deficiencies and expectations are briefly summarized below. It shall be noted in this context, that the letter applies to all firms subject to the Payment Services Regulations 2017 (SI 2017/752) and the [https://www.legislation.gov.uk/uksi/2011/99/contents] and the Electronic Money Regulations 2011.
#### Deficiencies
(1) safeguarding customer funds: The FCA has observed that many payment service providers have poor or insufficient procedures in place to identify customer funds that must be safeguarded, to reconcile those fund amounts with those of the custodian bank, or to even segregate own funds from those of customers. Additionally, the Authority has noticed that many payment service providers lack adequate policies for prudential risk management or fail to act upon such policies, particularly with respect to liquidity risk, and have not performend or insufficiently performed stress-tests and scenario planning. Furthermore, their wind-down planning is often inadequate or insufficient in that it encompasses overly optimistic assumptions, does not accurately specify cash and liquidity requirements in case of a wind-down, and does not establish wind-down triggers.
(2) preventing harm for financial market integrity: In this context, the FCA particularly summarizes deficiencies it has observed as regards the prevention of money laundering, fraud, and sanction evasion. Some of the key shortcomings are as follows:
– payment service providers often fail to carry out or document customer due diligence, or if so, the level of due diligence is often not commensurate with the risk a client poses;
– payment firms often fail to re-assess their policies and procedures in this context to ensure that they are still fit for purpose;
– payment firms often cannot provide evidence of their monitoring of sanction regulations, let alone any triggers implemented to detect violations;
– as far as fraud prevention is concerned, firms often fail to sufficiently engage with „industry information sharing bodies“ to exchange relevant information;
– payment firms generally do not put sufficient emphasis on fraud prevention and on the education of customers in this context; and
– payment firms often have large backlogs in the processing of customer fraud complaints.
(3) ensuring „good“ outcomes for customers – or better: implementing the new consumer duty: The FCA notes in this context that is has seen „examples of products and services which do not consistently deliver good customer outcomes and payment firms not acting in customers’ best interests.“ (No further explanation is provided)
#### Expectations of the FCA with respect to point (1) and point (2)
(1) safeguarding customer funds: The FCA expects that firms make this objective a key priority. The FCA further expects firms to perform daily reconciliations with their custodians and to keep records of identified customer funds. Additionally, firms should adequately document the „process to identify which funds are relevant funds for the purposes of safeguarding“ and should be able to verify that customer funds are held separately from their own funds. As far as prudential risk management is concerned, the FCA expects, naturally, that firms meet their capital requirements at all times and that they apply additional capital buffers commensurate with their business model, size, and risk. Additionally, firms need to set up adequate risk triggers, including liquidity shortage triggers, and integrate their specific business circumstances in the scenario analysis of stress tests. Far and foremost, they need to perform stress testing!
(2) preventing harm for financial market integrity: The FCA expects that firms have adequate anti-money laundering policies and controls in place that are commensurate with their scope, size, and risks and that they regularly review these policies and controls to ensure that they are effective and up-to-date. In case of deficiencies, the FCA expects firms to act promptly and make necessary adjustment to their processes to ensure compliance. Furthermore, firms need to ensure to submit Suspicious Activity Reports in a timely fashion, if any suspected violations are detected. As far as fraud prevention is concerned, the FCA primarily expects firms to implement adequate due diligence measures, particularly when onboarding customers, and to monitor customer accounts on an ongoing basis so as to identify any illicit transactions promptly. Finally, firms should take immediate action upon customers‘ fraud complaints.
————-
The FCA also briefly outlines its key expectations as regards operational resilience, governance practices, and regulatory reporting and concludes by noting that it will make it a key priority to ensure compliance with the noted expectations and that it will not hesitate to take „swift and assertive action to protect customers and ensure market integrity“.