Discussions within the market indicate that the FCA are requesting an increasing number of Section 166 audits for firms within the e-money and payments sectors.
In requesting Section 166 audits rather than undertaking investigations internally, the FCA is increasing its capacity for scrutinizing more firms and in more detail.
However, a consequence of this is that often, payments and e-money firms are being assessed based on interpretations and past experiences of the auditing firm, rather than on FCA defined policies and requirements. And these can vary significantly depending on the firm engaged and their familiarity of the e-money and payments sectors.
What is Section 166?
Section 166 relates to the section of the Financial Services and Markets Act 2000 (FSMA) that allows the FCA to require a firm, at it’s own expense, to obtain an independent report from a skilled person on any issues which the FCA has concerns.
Typically, this report will cover:
- Identifying, assessing, and measuring risks
- Reporting and monitoring identified risks
- Suggesting preventative action
- Proposing remedial action
Investigations Are Possible
Obviously, the way firms in our market respond to Section 166 requests is extremely important. If the report confirms that the FCA was right to be concerned, the regulator will investigate your firm. But if their report shows minor issues and that your firm is undertaking the recommendations, the matter will probably be resolved without further action.
However, e-money and payments firms can potentially be put in a difficult position if auditors do not properly understand the market, with findings and recommendations that aren’t always appropriate to their business model.
Hopefully in time, the issues for firms in the payments and e-money market will be resolved. In the meantime, firms need to find the balance between being cooperative and responsive to the audit findings, whilst also ensuring that their resultant controls meet the requirements of their business model.