Compliance with regulatory requirements at the authorisation stage, as well as during the existence of a regulated firm, is fundamental to any financial services firm operating in the UK under the Financial Conduct Authority (FCA) remit. As the UK’s financial market continues to thrive, and as a growing number of start-ups get involved in financial services, good governance, alongside a robust and effective systems and controls framework are essential, both to protect customers and to ensure the sector remains reliable and trustworthy. Until the pandemic hit, the financial sector had been booming with many new businesses being set up, and more tech companies getting involved in the fintech, digital banking, cloud accounting and online payment sectors. However, any sector dealing in financial data, transactions and assets has an inherent risk level, hence the need for them to be regulated and meet the FCA compliance and regulatory requirements.
UK Regulatory Space and FCA compliance?
The FCA is responsible for regulating all of the UK’s financial services industries, including payment and e-money firms. Through its regulation, the FCA aims to protect customers, promote healthy competition and increase the overall integrity of the financial services market.
FCA compliance is the gold standard for financial regulation and can increase customer confidence and trust in a business which has met its regulatory obligations. However, ensuring your business is compliant, and remains so, can be a time-consuming task that many businesses find overwhelming. To help you on your compliance journey, here are some necessary requirements for becoming FCA compliant and how you can prepare for submitting your application to the FCA if your business intends to issue e-money or provide payment services.
FCA compliance requirements
Business activities and operations
The FCA expects a clear and concise overview of the firms regulated activities including provision, distribution and redemption. As a minimum the funds flow, settlement arrangements, draft contracts and processing times should be detailed. The firm should also be able to demonstrate how they intend to carry out the regulated activities including a forecast budget for the first three years and analysis of the firms competitive position in the market.
Business Structure, Senior Management Structure and Behaviour
Firms must demonstrate how their business will be organised, managed and overseen, including the firms plans to use agents and branches, or any outsourcing arrangements. The FCA sees individuals in management positions as playing an essential role in guiding their staff by their behaviour. Communication from management therefore goes beyond verbal or written. Practices such as corporate governance and ethics, including reporting lines, clear allocation of responsibilities, and reporting and oversight, are fundamentals of FCA compliance and must be carefully considered.
Corporate Governance and Risk Management
Firms should outline their governance arrangements and internal controls including clear organisational structure with well-defined, transparent and consistent lines of responsibility. As a minimum, firms should describe how they mapped the risks and what risk management tools they implemented to protect the business, customers and the industry, accounting procedures, information about persons responsible for the key internal functions including compliance (for example the position of the MLRO), management body structure, oversight and any other committee structures, outsourcing arrangements, as well as the agents/distributors/branches oversight framework.
Responding to clients
Receiving client feedback is valuable for any business and how a business responds to that feedback is equally important. Client feedback can help firms identify shortcomings as well as guidance on how to enhance and improve the services they provide. The FCA requires that management ensure that they implement effective, efficient and customer friendly complaints handling processes. This also includes appropriate training for the customer facing employees.
There are specified training requirements relating to compliance and financial crime prevention. New methods and practices, particularly concerning FCA compliance with regulatory changes and development, may also require training. To keep employees up to date on important information, management should implement a training programme to provide regular training or workshops. It is also essential to refresh the skills and knowledge of employees on a regular basis.
Financial crime framework
The FCA expects firms to develop and implement systems, controls and a set of policies and procedures to manage their financial crime risks, including processes associated with business wide risk assessment, onboarding and customer due diligence, customer risk assessment, screening for sanctions, PEP connections and adverse media, ongoing activity and transaction monitoring, suspicious transaction reporting, monitoring and oversight, as well as senior management involvement and employees training and awareness.
The FCA expects firms to provide evidence that they have met the initial capital requirements at the level required, at the point of authorisation.
Safeguarding is one of the key requirements to ensure customer funds are protected. Firms must demonstrate and evidence their safeguarding arrangements, including selected method of safeguarding of relevant funds, contracts with the selected credit institutions, copies of insurance policies, agreements or comparable guarantee.
IT systems and Controls and Business Continuity / Operational Resilience
Firms must demonstrate robust IT systems and controls, including how incidents are managed and reported in accordance with the EMRs and EBA Guidelines. The FCA expects firms to have an adequate operational and security risk management framework, including detailed risk assessment, overview of IT systems, physical security, as well as sensitive payment data security. Firms data protection and privacy policies must also be evidenced in accordance with the GDPR and local acts. Firms must also outline their arrangements to ensure business continuity and their disaster recovery plans for the business and their IT.
The FCA requires that a firm ensures that any communications or financial promotions are clear, fair and not misleading. Financial promotions that are not accurate, disguise important information and are not likely to be easily understood by the target group, will receive negative attention from the FCA.
It is the FCA’s expectation that a business has effective communication channels in their organisation. It needs to be clear to the FCA how management decisions are relayed to staff. This evaluating of a firm’s communication structure is part of evaluating compliance and according to the FCA, all elements, procedures, and policies are important in communication.
Record keeping requirements
For the FCA to carry out its supervisory tasks, it is essential that they have sufficient records from a firm, including customer and transactional records. As well as records of actual transactions and client activity, these records should also contain documents of training, competence, supervision and recruitment. There are set regulations and guidance on how long different records need to be kept.
Third party relationships
The FCA requires that firms store contracts and agreements of their work with third party suppliers. Collecting intelligence before engaging with third-party suppliers is necessary as the degree of keenness is critical in compliance and regulation. Ongoing monitoring and oversight of the third-party providers performance and adherence to the service level agreements, is also required
Preparing your FCA application
If your business intends to issue e-money or perform payment services within the UK, you will need to submit an application to the FCA to be regulated. This application covers all areas of your business and, if your application is successful, the FCA will continue to monitor your business through a combination of baseline monitoring of your returns, thematic reviews, post implementation reviews and complaints data.
There are three stages in gaining authorisation.
1. Developing your Compliance Processes and Documentation
The first stage is to develop compliance processes and documentation and embed these within your operations, to ensure your organisation understands and meets it regulatory obligations. Your compliance framework is the total of all your procedures and controls that ensure that you are meeting regulatory requirements within your business operations.
This framework needs to be documented to regulatory standards in the format of operating manuals for your business. The FCA will focus on this documentation when considering your application. The areas the framework should cover include:
- The Regulatory Business Plan based on the envisioned operating model (including forecasts)
- Compliance and risk management framework
- Anti-financial crime framework
- Compliance Monitoring and Oversight Programme
- Data Protection/Information Security and Incident Management
- Business Continuity/ Disaster Recovery/ Operational Resilience
- Customer service obligations including Terms and Conditions
- Audit arrangements
- Corporate Governance and Reporting
- Initial and on-going capital requirements
- Financial controls including safeguarding
- Training and Competence Regime
In order to meet the FCA’s regulatory obligations, you will need to have in place certain key personnel with compliance experience and training, such as a Money Laundering Reporting Officer.
2. Completing and Submitting your FCA Application
At this second stage the application can be completed and submitted to the FCA along with the necessary supporting documentation.
The application process includes:
- Completion of the required application form relevant to your business
- Gathering and review of all supporting documentation, including your compliance framework, to ensure consistency across all documentation submitted.
- Discussion with the key members of the Senior Management Team to ensure understanding of the business activities, processes and controls are in place to prepare for potential FCA meetings.
- Application submission via the FCA’s portal or other applicable channels.
3. Regulatory Liaison
Following the application submission, the FCA assigns the firm a Case Officer, who will be the main point of contact with them. The Case Officer will:
- Keep the firm up to date on the progress of the application
- Contact the firm for any additional information or concerns they may have
- Arrange for a meeting with the firm’s Senior Management if appropriate
How we can help your business
Neopay leads the market in navigating companies through the FCA compliance process. We have a 100% success rate in gaining authorisation for our clients and, through our ethos of knowledge sharing and partnership, we deliver confidence and understanding as well as a successful application.
Our established and recognised services help firms that are subject to regulation by the FCA to become authorised, manage their ongoing compliance and regulatory obligations and support their staff with focused compliance training and guidance. Our experience across the fintech, payment services and electronic money sectors, means that if your firm encounters any enquiries or requests from the FCA, it is likely that we have have covered these in past applications, to provide you reassurance that our advice on how best to proceed is based on first-hand experience and in accordance with the FCA’s expectations.
We guide firms through drafting or tailoring the content of the compliance framework to effectively meet the FCA’s requirements. The policies and procedural documents must be specific to the firm and adequately address key aspects as set out by the Regulator. We will assist firms to prepare policies and procedures that are well thought-through and adequately address the regulator’s requirements and what it expects to see. Throughout the application process Neopay will support your firm in the liaison with the Regulator and provide guidance if any interviews are requested by the FCA.
2022 has already seen a range of new regulatory developments with more prescriptive guidance and additional scrutiny. In an exclusive interview with Nigel Reed, Neopay’s Chief Operating Officer, we provide the key information you need to know when considering FCA authorisation. To read the full interview, click here.
If you would like more information on how we can support your business in meeting your FCA compliance requirements and obligations, contact us here.