As regulatory expectations keep rising, payments and e-money businesses are coming under ever greater scrutiny from the FCA. Yearly financial crime and safeguarding audits are now standard practice — but what about the rest?
It’s easy to focus on the audits that are mandated on the firms by the law or regulations, like financial crime and safeguarding, and assume that means you’re fully covered. But a strong compliance framework is about more than just ticking boxes. It’s about making sure your governance, risk management, data protection, complaints handling, and other key controls are working together effectively.
To get a better understanding of why a general compliance audit remains so important — and why the FCA would expect firms to provide evidence that they have given it due consideration — we talked to Margita Layne, Consultancy Manager at Neopay, and an experienced compliance specialist. Margita provides her thoughts on why firms should not neglect this vital health check, even though it is not specifically mandated, and how it forms part of an overall compliance strategy.
Margita, why bother with a general compliance audit when the FCA just needs financial crime and safeguarding audits?
It’s true that the FCA sets out explicit expectations on firms to conduct annual financial crime and safeguarding audits. And quite right — they’re key areas for ensuring customer funds are secure and financial crime is deterred. But this is where firms get it wrong: just because the FCA doesn’t mandate a wider compliance audit, doesn’t mean they don’t expect firms to keep their overall compliance framework in good order. Whilst compliance and regulatory audits may not be required as frequently, it would be deemed as a good practice to conduct these at appropriate intervals.
The FCA would certainly ask questions if a company hadn’t audited its systems and controls as a whole. They want to see you addressing risk well across your whole business — not just thinking about financial crime or safeguarding in isolation.
So, it’s not a tick-box exercise?
Right. Many firms naturally focus on financial crime and safeguarding because those are the headline issues. And sometimes they don’t give sufficient attention to the ‘other stuff’ — governance, risk management, data protection, complaints handling, operational resilience, Consumer Duty and so forth. These are the foundations of a firm’s compliance framework.
If you’re not auditing them on a regular basis, you’re running the risk of missing weaknesses that can lead to serious issues further down the line — not only with the FCA but also with your partners and customers.
What common issues do you see when firms skip a general compliance audit?
Good question. The most frequent issue I encounter is that companies get too cozy concentrating on the areas the FCA specifically demands — financial crime and safeguarding — and instead of realising that’s just a starting point, they think that the rest is taken care of. Then when you scratch below the surface, you usually discover problems with governance structures, risk management procedures, or other operational areas, such as financial promotions, information security or Consumer Duty, that haven’t been reviewed in years.
It’s like getting the engine of your car serviced but not checking the brakes — everything might be fine until something goes wrong. A general compliance audit enables you to spot those problems that are not visible at first glance before they cause actual issues, and it shows the FCA that you’re taking a positive, risk-based approach to your compliance.
Are there red flags that would suggest a company will require a general compliance audit sooner rather than later?
Definitely. Fast growth is a large one — when a company grows rapidly, its controls and systems can have a hard time keeping pace. New products or new markets can also bring with them new risks that have not been adequately dealt with. Staff turnover or changes in key compliance roles can lead to gaps in knowledge or oversight.
If any of those ring a bell, it’s a good idea to take a step back and conduct a complete review to ensure everything is still fit for purpose. The last thing you’d want is for the FCA to discover something that could have been picked up sooner.
How frequently would you suggest a firm conducts a general compliance audit?
I always say it’s good practice to do a full compliance review every couple of years, even if you’re not due a specific audit. It’s a chance to take a step back and make sure your systems and controls are working together as they should be.
A general compliance audit isn’t a tick-box exercise — it’s a matter of confidence in your governance, ensuring that your processes are current, and bringing to light any gaps before they become more significant problems. It also shows the FCA that you are serious about compliance and that you are proactive, not reactive.
What role does Neopay play in helping firms get the most out of a general compliance audit?
At Neopay, we’re all about making compliance feel more manageable and meaningful — and that applies just as much to general compliance audits as it does to financial crime or safeguarding.
Our audits aren’t box-ticking exercises. We conduct independent, pragmatic reviews that provide firms with clear, actionable advice they can really use. We don’t try to scare people or drown them in jargon. We collaborate with firms to ensure that they understand the findings and are aware of what needs to be improved.
We also know that putting recommendations into practice can be the hardest part. That is why we provide continuing support — so that you do not have to do it alone. Whether you are planning for an FCA review, addressing feedback, or simply wish to enhance your compliance regime, we are here to assist at every step along the way.
What is the main lesson for firms reading this?
Don’t let the focus on financial crime and safeguarding audits lull you into thinking you’re fully covered. Those are essentials — no question — yet a general compliance audit allows you to view the larger picture. It ensures your whole compliance framework is sound, and that implies less likelihood of surprises when the regulator comes knocking on the door.
At Neopay, we help firms make sense of their audits, with independent, practical reviews that give you real insights and help you strengthen your frameworks. Whether its your financial crime audit, safeguarding audit, or a comprehensive general compliance review, we’re here to make compliance feel less overwhelming — and a lot more manageable.
Contact our team to learn more about our audits and how we can assist your business.
About Margita
Margita Layne brings over a decade of experience in compliance within financial services to her role at Neopay. Previously serving as Head of Compliance and MLRO at an industry-leading e-money firm, as well as holding various compliance and managerial positions at CFD/FX brokerage institutions and asset management companies. Margita’s extensive experience and Master’s Degree in Finance, Banking and Investments enable her to provide exceptional advice and assistance to clients in meeting their regulatory and compliance needs.
