Safeguarding of client funds continues to be a high priority for the Financial Conduct Authority (FCA) in the payments and e-money markets. For the last few years, the FCA has been under increasing pressure regarding the security of safeguarding compared to the Financial Services Compensation Scheme (FSCS).
In February, the FCA confirmed that it has significantly increased its supervisory activity with payments firms, with a focus on prudential risk management, wind down planning and safeguarding. This includes imposing safeguarding reviews.
The FCA also stated that it had prioritised safeguarding in its work with the Treasury on the repeal and replacement of retained EU law. It will be consulting this year on proposals to close gaps in protection and reduce risks of harm if firms fail. This includes proposals on firms’ systems and controls and improving FCA oversight through improved reporting and independent audit of firms safeguarding arrangements.
So, what should firms expect from a safeguarding review and how should they prepare?
Payments and e-money firms should be ready for an in-depth review of their safeguarding policies, governance, oversight and operations. Below, we have provided a brief overview of some of the expectations for firms with respect to safeguarding. The FCA’s expectations have increased a lot over the last few years, so if you are worried you might be out of date or would like more information or help, contact us – our team will be happy to talk to you.
1. Identification of Funds
Auditors will be expecting to see documentation covering how and when relevant funds arise in your business, including transaction flows.
They will also want to see that you are undertaking regular reviews to ensure that all relevant funds are safeguarded and that you are properly managing the risks of commingling.
If you have networks of agents or distributors, you need to evidence that you have adequate processes to ensure appropriate oversight and that relevant funds are segregated on receipt.
2. Method of Safeguarding
You will need to have documentation within your policy covering the method of safeguarding you have chosen i.e. the segregation method or the insurance or comparable guarantee method. If you have changed the method you use, you may need to evidence that you have notified the FCA of this change.
For firms that are using segregation, details of the method of segregation and appropriate safeguards should also be available.
Accounts opened at third party credit institutions need to reflect that they relate to clients’ assets or relevant funds, and their naming convention needs to include “client”, “safeguarding” or “customer”.
Firms also need to ensure that they have an acknowledgement letter countersigned by the relevant third parties to evidence that they are aware that relevant clients’ funds are held in trust by the firm. If you are unable to obtain such a letter, you need to demonstrate that the third party has no interest in, recourse against or right over the relevant funds or assets in the safeguarding account.
3. Risk Assessment
You should ensure that your framework includes thorough risk assessment of the various aspects of safeguarding, including the choice of safeguarding method and safeguarding partner (for example, the credit-worthiness of the authorised credit institution), internal risk factors and other risks, for example exchange risks or additional risks from the use of agents and distributors.
The due diligence process for third parties, which include authorised credit institutions, custodians or insurance providers, needs to be available and evidenced.
Risk assessments and due diligence of third parties should be reviewed regularly based on your safeguarding policy.
4. Internal and External Reconciliations
Firms need to perform internal and external reconciliations to verify that the amount of funds or assets safeguarded matches their internal records. These need to reflect the amount of relevant funds held and clearly show that excess money is not held, which would give rise to potential commingling.
Reconciliations need to take into account the overall risk your firm is exposed to and should be proportionate to the complexity of the business, volume and value of transactions undertaken. Your justification for the frequency of reconciliations, along with other factors, should be included within your risk assessments.
The frequency and methods of internal and external reconciliations need to be documented within your policies and procedures and you should be able to evidence them operationally. This may include staff interviews as well as documentary evidence including a hard copy of reconciliations which are signed and dated.
You should also document your processes for handling discrepancies found in reconciliations; i.e. identification of the reason for the discrepancy, introduction or removal of funds to eliminate the discrepancy and record keeping in respect of the discrepancy.
5. Governance
You should have documented policies and supporting operational evidence to show your governance of safeguarding procedures and framework. This should include:
- What mechanisms are used for oversight of your policy including systems and management/Board oversight
- How regularly are each of these performed
- Who is responsible
- What management information is provided
- What records are kept
- How you ensure consistent safeguarding for new products and business adaptations
- How you ensure your safeguarding framework adapts to changes in the external and internal business environment
It is also good practice to include your rationale for the above along with details of review processes for your Governance procedures.
6. Communication of Safeguarding to Clients
Firms must communicate how they safeguard funds to their clients, as well as providing a comparison with the FSCS to ensure clients understand the difference. This should include a link to the relevant page on the FCA’s website.
Firms should be prepared to evidence this and how they ensure that it is easily available and signposted to clients. Ensuring that customer service staff are able to deal with queries in respect of safeguarding is also good practice.
7. Personnel and Training
Relevant personnel should be trained appropriately to ensure they understand what is expected of them and the firm in respect of safeguarding. It is good practice for firms to maintain records of safeguarding training for inspection.
Senior management training is particularly beneficial as senior management must take an interest in and understand the processes and risks involved in safeguarding, and be able to challenge those presenting new data, policies or frameworks which may not comply.
Personnel involved in safeguarding procedures may be interviewed during an audit to review their activities and their understanding.
8. Third party reviews and audits
Firms should arrange for an annual audit of safeguarding arrangements. Independent audits or reviews can help firms ensure they are remaining compliant and also help to show a commitment to safeguarding and good practice with respect to relevant client funds. They also help firms to be more prepared for possible independent audit requests from the FCA.
With the increased priority placed on safeguarding by the FCA, it is important that firms take time to ensure that all their documentation, processes and procedures are up to scratch to prevent possible issues or enforcement action from the FCA.
How Neopay can help
Neopay offers a range of cost-effective services to assist e-money and payment firms in ensuring their safeguarding measures remain compliant. We can help with audits, workshops and training, as well as regular advice and review through our Integrated Managed Services.
Contact our team today to find out more about how our tailored solutions can support your business.
