Skip to content

News

FCA Trends: Section 166 Audits

FCA Section 166
Facebook
Twitter
LinkedIn

Discussions within the market indicate that the FCA are requesting an increasing number of Section 166 audits for firms within the e-money and payments sectors.

In requesting Section 166 audits rather than undertaking investigations internally, the FCA is increasing its capacity for scrutinizing more firms and in more detail.

However, a consequence of this is that often, payments and e-money firms are being assessed based on interpretations and past experiences of the auditing firm, rather than on FCA defined policies and requirements.  And these can vary significantly depending on the firm engaged and their familiarity of the e-money and payments sectors.

What is Section 166?

Section 166 relates to the section of the Financial Services and Markets Act 2000 (FSMA) that allows the FCA to require a firm, at it’s own expense, to obtain an independent report from a skilled person on any issues which the FCA has concerns.

Typically, this report will cover:

  • Identifying, assessing, and measuring risks
  • Reporting and monitoring identified risks
  • Suggesting preventative action
  • Proposing remedial action

Investigations Are Possible

Obviously, the way firms in our market respond to Section 166 requests is extremely important.  If the report confirms that the FCA was right to be concerned, the regulator will investigate your firm. But if their report shows minor issues and that your firm is undertaking the recommendations, the matter will probably be resolved without further action.

However, e-money and payments firms can potentially be put in a difficult position if auditors do not properly understand the market, with findings and recommendations that aren’t always appropriate to their business model.

Hopefully in time, the issues for firms in the payments and e-money market will be resolved.  In the meantime, firms need to find the balance between being cooperative and responsive to the audit findings, whilst also ensuring that their resultant controls meet the requirements of their business model.

Facebook
Twitter
LinkedIn

Related Posts

Fintech Integrated Managed Service

Why Risk Assessments Fail in Practice

Most regulated firms understand the importance of risk assessments. Business-Wide Risk Assessments (BWRAs) and Customer Risk Assessments (CRAs) are well-established parts of a firm’s financial crime framework, helping identify where
Read More >
Protecting Against Money Mules: Insights from the FCA's Review

UK Finance Fraud Report 2026: Payment Fraud Losses Reach £1.28 Billion

UK Finance has published its Annual Fraud Report 2026, revealing that criminals stole £1.28 billion through payment fraud in 2025, a four percent increase on the previous year. Despite significant
Read More >