Coronavirus and safeguarding customers’ funds: proposed guidance for payment firms

This short consultation proposes additional temporary guidance to strengthen payment firms’ prudential risk management and arrangements for safeguarding customers’ funds in light of the exceptional circumstances of the coronavirus pandemic (Covid-19).

Our 2020/21 Business Plan explained that payment services are an FCA priority for our supervision and intervention. Payment services providers (PSPs) including payments institutions (PIs) and e-money institutions (EMIs) continue to develop quickly. More firms and new products are entering the market and more consumers and businesses are using PIs and EMIs. We welcome the innovation and competition we are seeing in payment services. But, as with all growing markets, we are also monitoring it closely for any harms to consumers or market integrity it may cause.

Some payment services firms are growing rapidly and many are unprofitable in the early stages, while they try to grow market share. We are also concerned that the pandemic will affect these firms’ financial strength and may affect the availability of their external funding.

Guidance for firms on safeguarding and managing prudential risk is already available in our payment services approach document (Approach Document), but we have found evidence that some firms have not implemented the Electronic Money Regulations 2011 or Payment Services Regulations 2017 as we expect. Examples include commingling of customer and firm funds, firms keeping inaccurate records and accounts, and not having sufficiently effective risk management procedures. So, we are bringing forward a short consultation on temporary guidance to provide additional clarity to help strengthen firms’ prudential risk management and their arrangements for safeguarding customers’ funds to help them meet our authorisation and supervisory expectations in these areas. The proposed guidance also outlines how firms can put in place more robust plans for winding down.

Our proposed guidance should help firms prevent harm to their customers if firms fail, by making the wind-down process as orderly as possible and facilitating the return of customer funds in a timely manner.

Our proposed guidance is set out below. In this consultation, we ask:

  1. ‘Do you agree that we should provide additional guidance on safeguarding, managing prudential risk, and wind-down plans? If not, please explain why.’
  2. ‘Do you agree with our proposed guidance on safeguarding? If not, please explain why.’
  3. ‘Do you agree with our proposed guidance on managing prudential risk? If not, please explain why.’
  4. ‘Do you agree with our proposed guidance on wind-down plans? If not, please explain why.’

Please consider our proposals and send us your comments by 5 June 2020, to the following e-mail address: [email protected]

A proposed acknowledgement letter for safeguarding banks and custodians is at Annex 1.

Process and next steps

Following this consultation, we plan to publish a letter to CEOs of PSPs. We plan to include this guidance as amended given your responses.

We will conduct a full consultation later in the year on changes to our Approach Document, which will likely include a proposal to incorporate in the Approach Document this temporary guidance (subject to any amendments we make in response to feedback). We propose that the temporary guidance will remain in place until the Approach Document is updated following the full consultation later in the year.

Proposed guidance

Safeguarding

Keeping records and accounts and making reconciliations

Paragraphs 10.14 to 10.17 of our payment services approach document (Approach Document) explain that the requirement to safeguard applies to ‘relevant funds’ in both the Electronic Money Regulations 2011 (EMRs) and the Payment Services Regulations (PSRs). Under the EMRs, relevant funds are funds that have been received in exchange for e-money that has been issued. Under the PSRs, relevant funds are: (i) sums received from, or for the benefit of, a payment service user for the execution of a payment transaction, and (ii) sums received from a payment service provider for the execution of a payment transaction on behalf of a payment service user.

Paragraph 10.59 of the Approach Document explains that a firm should keep records and accounts necessary to enable it to identify what relevant funds the firm holds, at any time and without delay. These records should also enable the firm and any third party, such as an insolvency practitioner (IP) or the FCA to distinguish relevant funds from the firms’ own money, and relevant funds held for one customer against those held for another.

As paragraph 10.60 of the Approach Document explains, some permitted forms of safeguarding create the potential for discrepancies that are difficult to avoid. For example, where relevant funds are held in a currency that is different to the currency of the payment transaction. Where there is potential for discrepancies, firms should carry out reconciliations as often as is practicable. In no circumstances would it be acceptable to us for reconciliation to be carried out less than once during each business day. For the avoidance of doubt, we are now clarifying that we expect firms to clearly document this reconciliation process and provide an accompanying rationale. This will help with the distribution of funds if the firm becomes insolvent.

As paragraph 10.66 of the Approach Document sets out, firms should notify us in writing without delay if, in any material respect, they have not or are unable to comply with the safeguarding requirements of the EMRs or Payment PSRs, or if they cannot resolve any reconciliation discrepancies in the way described in paragraph 10.65 of the Approach Document. We are now clarifying that examples of the type of non-compliance we expect to be notified about in accordance with paragraph 10.66 are not keeping up to date records of relevant funds and safeguarding accounts, or where a firm is unable to comply due to the decision by a safeguarding credit institution to close a safeguarding account.

Safeguarding accounts and acknowledgement letters

Paragraph 10.38 of the Approach Document states that the safeguarding account in which the relevant funds or equivalent assets are held must be named in a way that shows it is a safeguarding account (rather than an account used to hold money belonging to the firm). We are clarifying that this means the account name should include the word ‘safeguarding’ or ‘client’. If the credit institution cannot make the necessary designation evident in the name of the account, we expect the payment/e-money institution to provide evidence, such as a letter from the relevant credit institution or custodian, confirming the appropriate designation.

As paragraph 10.40 of our Approach Document explains, only the firm, and no one else, may have any interest in or right over the relevant funds or assets in a safeguarding account, except as provided by regulation 21 of the EMRs or regulation 23 of the PSRs (in our view, these regulations implicitly give e-money holders and payment service users a beneficial interest in the funds in the safeguarding account).

Firms should have an acknowledgement from the safeguarding credit institution or custodian, stating they have no interest in (eg a charge), recourse against, or right (eg a right of set off) over the relevant funds or assets in the safeguarding account. We are now clarifying that this acknowledgement should be in the form of a letter, as set out in Annex 1, and should also state that the firm holds all the relevant funds or assets in the safeguarding account as trustee. We expect firms to ask their safeguarding institution or custodian to sign an acknowledgement letter as soon as practicable. Alternatively, firms should be able to demonstrate that the credit institution or custodian has no such interest in, recourse against, or right over the relevant funds or assets in that account.

We also remind firms that, as paragraph 10.39 of the Approach Document sets out, only relevant funds should be held in the safeguarding account. As paragraph 10.24 of the Approach Document explains, it is important that the asset pool from which to pay the claims of e-money holders or payment service users in priority to other creditors in the event of insolvency is not improperly mixed with funds, assets or proceeds received or held for different purposes. We are now clarifying that this is because mixing these assets may cause delays in returning funds to e-money holders or payment service users if the firm becomes insolvent.

Selecting, appointing and reviewing third parties

Paragraph 10.59 of the Approach Document gives guidance on the steps a firm should take when appointing and periodically reviewing credit institutions, custodians and insurers. It states that firms should exercise due skill, care and diligence when carrying out this task, and gives examples of the factors that firms should take into account. We are now clarifying that firms should carry out the periodic reviews as often as appropriate. In our view, this means they should be carried out whenever a firm believes that anything affecting the appointment decision has materially changed, such as a credit downgrade, and in any event, at least once in each financial year.

When the safeguarding obligation starts

As paragraph 10.57 of our Approach Document explains, firms must have organisational arrangements to minimise the risk of loss of customer funds through fraud, misuse, negligence or poor administration. We are now providing additional guidance in relation to EMIs that issue e-money, and allow customers to use that e-money to make payment transactions, before the customer’s funds are credited to the EMI’s payment account, or are otherwise made available to it. The EMI should not treat relevant funds it is required to safeguard as being available to meet the commitments it has to a card scheme or another third party to settle these payment transactions.

Unallocated funds

In some cases, firms may not be able to identify the customer entitled to the funds it has received, and so cannot issue e-money, or provide a payment service. This could happen where funds are received with an incorrect unique identifier (eg account name/number).

We are now giving guidance to clarify that these funds are not relevant funds, but they should be protected according to Principle 10 of our Principles for Business. This means they should be clearly segregated from both the firm’s own funds and relevant funds, and placed in a separate account. We expect firms to try to identify the customer to whom the funds relate. Once the firm has identified the customer, it should either return the funds to the customer or, if the firm is to provide the payment service or issue the e-money as originally intended, it should treat the funds as relevant funds and safeguard them accordingly.

For the avoidance of doubt, we are clarifying that if a firm issues e-money on low value pre-paid gift cards, where the identity of the ultimate card holder is not known, the funds received from customers are relevant funds, even though the identity of the e-money holder might not be known to the EMI.

Annual audit of compliance with safeguarding requirements

As paragraph 10.58 of the Approach Document sets out, a firm’s auditor is required to tell us if it has become aware in its capacity as an auditor, of a breach of any requirements imposed by or under the PSRs or EMRs that is of material significance to us (regulation 25 of the EMRs and regulation 24 of the PSRs 2017). This includes a breach of the safeguarding requirements and the organisational arrangements requirement. For EMIs, this may be in relation to either or both the issuing of e-money and the provision of unrelated payment services.

In addition, the conditions of authorisation for authorised payment institutions (APIs) and EMIs require them to satisfy us that they have robust governance arrangements. We are now clarifying that, as part of satisfying us that they have such arrangements, we expect that firms which are required to be audited, should arrange specific annual audits of their compliance with the safeguarding requirements under the PSRs/EMRs. We also expect these firms to arrange audits of their compliance with safeguarding arrangements whenever there are any changes to their business model which would materially affect their safeguarding arrangements. Examples of these changes include an e-money issuer providing payment services unrelated to issuing e-money, or using insurance as a method of safeguarding instead of, or in addition to, account segregation.

We are also adding that we expect firms to exercise due skill, care and diligence in selecting and appointing auditors for this purpose. A firm should take account of whether their proposed auditor has sufficient skills, resources and expertise in auditing compliance with the safeguarding requirements under the PSRs/EMRs, taking into account the nature and scale of the firm's business.

Small Payment Institutions

Principle 10 requires all firms, including Small Payment Institutions (SPIs), to arrange adequate protection for clients' assets when they are responsible for them. In our consultation on extending the principles to PIs and EMIs (CP18/21) we made clear that we were not proposing to extend the safeguarding requirements to SPIs, but that they must consider what protections are adequate for the business they are conducting.

We are now adding that SPIs should keep a record of funds received from customers and any accounts held by the SPI into which those funds are paid. SPIs can choose to opt in to the safeguarding regulations in the PSRs. We encourage SPIs to consider safeguarding their customers’ money voluntarily. This additional guidance also applies to small EMIs in respect of payment services unrelated to issuing e-money.

Disclosing information on treatment of funds on insolvency to customers

We are giving additional guidance in relation to the information firms give customers. In particular, firms will need to be careful to avoid giving customers misleading impressions about how much protection they will get from safeguarding requirements. This is both in terms of the services to which the safeguarding requirements apply or by implying that the claims of customers would be paid in priority to the costs of distributing the safeguarded funds. We believe this is necessary in order for firms to comply with the Consumer Protection for Unfair Trading Regulations 2008.

Firms should also avoid suggesting that funds are protected by the Financial Services Compensation Scheme where this is not the case.

Prudential Risk Management

The following guidance is in addition to the guidance on the conditions for authorisation in the Approach Document.

Governance and controls

APIs and EMIs should ensure they have robust governance arrangements, effective procedures, and adequate internal control mechanisms, in accordance with their conditions of authorisation. A firm’s senior management should ensure that the firm regularly reviews its systems and controls, including its governance arrangements. It should also ensure that the firm’s governance functions, procedures and controls appropriately reflect the firm’s business model, its growth and relevant risks.​​​​​​​

Capital adequacy

It is essential that firms accurately calculate their capital requirements and resources on an ongoing basis, and report these correctly to us in regulatory returns, as well as on request from us. A firm’s senior management should ensure that its capital resources are reviewed regularly.

To reduce exposure to intra-group risk, we consider it best practice for firms to deduct any assets representing intra-group receivables from their own funds. However, if there are legally enforceable netting arrangements in place, a firm could deduct only the net receivable amount (i.e. taking into account any intra-group amounts payable by the firm covered by those netting arrangements). This is designed to ensure that there is an adequate level of financial resources within each individual regulated entity at all times to absorb losses. It also reflects the risk that a period of financial stress may affect the ability of other members of the firm’s group to repay any amounts owed. Any such deduction of intra-group balances from own funds should be reflected in a firm’s reporting of its regulatory capital position to the FCA by including the deducted amount in the Capital resources section - field “Deductions from CET1 items” in the FSA056 or FIN060a return (as applicable).​​​​​​​

Liquidity and capital stress testing

Firms should carry out liquidity and capital stress testing to analyse their exposure to severe business disruptions and assess their potential impact, using internal and/or external data and scenario analysis. Firms should use the results of these tests to help ensure they can continue to meet their conditions of authorisation and own funds requirements. In particular, they should use these results to inform their decisions around adequate liquidity and capital resources, as well as identifying any changes and improvements to required systems and controls.​​​​​​​

Risk-management arrangements

As part of their liquidity risk-management procedures, we expect firms to consider their own liquid resources and available funding options to meet their liabilities as they fall due, and whether they need access to committed credit lines to manage their exposures.

To reduce exposure to intra-group risk, we consider it best practice for firms not to include any uncommitted intra-group liquidity facilities when assessing whether they have adequate resources in place to cover the liquidity risk to which they are exposed.​​​​​​​

Wind-down plans

The conditions for authorisation require a firm to satisfy us that they have effective procedures to manage any risks to which they might be exposed. We are now clarifying that, as part of satisfying us that they have such procedures, we require firms to have a wind-down plan to manage their liquidity and resolution risks. The wind-down plan should consider the winding-down of the firm’s business under different scenarios, including a solvent and insolvent scenario. In particular, the wind-down plan should include/address the following:

  1. funding to cover the solvent wind-down of the firm, including the return of all customer funds
  2. realistic triggers to start a solvent wind-down
  3. the need for any counterparties (ie merchants) to find alternative providers 
  4. realistic triggers to seek advice on entering an insolvency process, and
  5. information which would help an administrator or liquidator to quickly identify customer funds and return them as a priority