.svg)
Experts tell VIXIO they are surprised the Financial Conduct Authority (FCA) has not gone further in its new letter to payments firms covering safeguarding, money laundering, and environmental, social and governance (ESG) compliance issues. But the days of the softer regulator approach could be over.
The FCA has published its latest Dear CEO letter to the payment and e-money institutions that it supervises.
The letter sets out a variety of problems that it wants firms to address, particularly around governance.
However, so far, the verdict among payments experts VIXIO spoke to is that the areas the FCA is trying to address should be known and expected.
"There is nothing in there that should come as a great surprise to firms,” said Matt Stride, senior consultant at Flawless Money. “Firms have to safeguard funds and this is enshrined in the regulation. Extensive guidance has been put out on this.”
According to the FCA, “common failings” regarding safeguarding have been identified, such as firms not having documented processes for consistently identifying which funds are "relevant funds" (as defined in the regulations) and must be safeguarded.
In addition, the FCA has observed inadequate reconciliation procedures to ensure that the correct sums are protected on an ongoing basis, and a lack of due diligence and acknowledgement of segregation from credit institutions providing safeguarding accounts.
For Stride, however, the FCA has still been quite accommodating. “In comparison, the Central Bank of Ireland was scathing in their Dear CEO letter."
Last year, the Central Bank of Ireland published its own thoughts on payments and e-money firms’ compliance with regulation. As with the FCA, the letter discussed areas including the safeguarding of funds and operational resilience.
Money laundering and sanction screening feature prominently in the FCA letter.
“Our work with firms over the past two years has identified material issues with financial crime systems and controls at PIs and EMIs,” the regulator says.
For example, the FCA highlights failures to carry out and/or to evidence adequate know your customer (KYC) and due diligence, failures to review and update risk assessments, and firms being unable to justify and/or verify why their sanction screening solution does not generate alerts against certain names on the UK’s Office of Financial Sanctions Implementation (OFSI) list.
"Nothing to do with money laundering and sanctions screening should be news,” said Stride. “So perhaps boards aren't taking these things seriously. Risk-based controls have been around for a long time.”
Stride continued that if firms are not doing this stuff, then the board and money laundering reporting officers (MLROs) are setting themselves up for public censures, fines and even jail time.
“To neglect these issues seems to me like businesses are trying to address a competitive environment and their controls aren't matching their appetite. I wouldn't want to be the director of a fintech company with loose AML controls,” he said.
“This must be strange and disappointing for the FCA."
However, the FCA appears to still be taking a softer approach.
“The FCA are being reasonable in their concerns, in fact, I’m a little surprised that they didn’t go further,” said Kathryn Westmore, senior research fellow at the Centre for Financial Crime and Security Studies.
For example, in 2021, the FCA required that the retail banks that it regulates carry out a gap analysis of their AML systems and remediate the gaps.
“I was quite surprised that we didn’t see something similar here given the extensive concerns expressed by the FCA,” she pointed out, adding that the huge growth in the number of payment firms over the last few years has brought with it a lot of risk.
Although there are many good players in the market, there are also a large number of smaller firms that do not necessarily have the resources or funds available to invest in compliance activities.
Payment firms and EMIs have often been seen as one of the weak links in the financial system, Westmore pointed out.
“Some of these firms deliberately choose to place themselves in jurisdictions with less robust oversight or enforcement of AML regulations. I think capacity is a big problem with some of these firms and buy-in from senior management to really prioritise areas of compliance.
“Some of the margins in the sector are really tight and compliance is sometimes seen as a cost that’s not worth it,” Westmore suggested.
ESG
The FCA also addressed environmental, social and governance (ESG) issues, albeit in more general terms.
“The FCA is committed to supporting the financial sector in driving positive change through its ESG strategy, including the transition to net zero,” the letter says.
Firms are advised to familiarise themselves with the FCA’s ESG Strategy and ensure that their firm has appropriate governance arrangements for more complete and careful consideration of material ESG risks and opportunities.
The letter also reminds firms that the FCA has prioritised work on diversity and inclusion. “Diversity and inclusion will remain a core area of focus for us,” the letter says. “We welcome feedback and data which could help us develop policy in this space."
The softer approach is over
Regulators in the UK and across Europe are taking a tougher approach to payments firms.
Lithuania, for example, which had promoted itself as a hub for payments services, now appears to be taking new enforcement actions every week against the firms within its scope.
At EU level too, the European Banking Authority has touted more bank-like rules for payments firms, particularly around issues such as wind down plans.
"There is no doubt that there is much greater scrutiny on the payments sector,” said Alison Donnelly, director at fscom.
According to Donnelly, when these firms came into the regulator’s scope, the FCA did not pay much attention, but now scrutiny is significantly ramping up as the importance of payments to the provision of financial services comes into sharper focus.
This focus translates into a two-tier system, she explained. “Applicants can be dealt with severely at the gateway, which has resulted in a material drop to fewer than 15 authorisations last year.”
“For those already authorised, the FCA does not have the resources to deploy the same scrutiny individually but they are now asking for evidence on an ad hoc basis in a way they haven’t previously.”
There have been two drivers for more regulatory scrutiny, she suggested. “The first of these is the potential for consumer detriment such as that experienced with Wirecard and the collapse of Super Capital.”
There has also been the advent of Brexit, with Donnelly suggesting that cutting ties with EU regulators has offered the FCA the opportunity to exert its power more.
“Now, the FCA is able to flex the regulatory regime,” she said. “For example, they will make their own rules on safeguarding, and there are calls for the new safeguarding regime to be more prescriptive."
With the FCA’s thoughts being out in the open now, after months of speculation, and prior to the new Consumer Duty being implemented, firms will no doubt be wondering whether they are due a visit from the regulator soon on these matters.
The days of a softer approach to payments compliance appear to be over.
