UK: FCA Outlines Priorities For Payment Firms: Governance And Risk Management In Spotlight

The reverberations of recent bank collapses continue to be felt in the UK, with payment companies at risk of being found by the UK's financial regulator, the Financial Conduct Authority (FCA), to have inadequate risk controls. Despite concurrent compliance pressures on payment firms, such as the new FCA Consumer Duty coming into force as early as 31 July 2023, payment firms are being asked to do more.

The key takeaway from this development is clear: Payment firms within and outside the UK are expected to take active steps to ensure continued compliance with the regulator's expectations.

On 16 March 2023, the FCA sent a 'Dear CEO' letter to approximately 300 payment firms authorised or registered under the Payment Services Regulations 2017 and the Electronic Money Regulations 2011 – including payment institutions, electronic money institutions and registered account information service providers.

The FCA's actions indicate a perceived lack of risk management among payment firms. The FCA's letter centres on the regulator's concerns that payment services firms continue to fail to protect consumers from financial risks, thereby undermining the integrity of the financial system as a whole. The FCA set out its expectation that payment firms take prompt action, and firms may be asked to explain, on request, the actions they have taken to ensure that customers' money is safe, the firm does not compromise financial system integrity and the new FCA Consumer Duty is being implemented robustly.

Key actions coming out of the letter which payment firms should be aware of are:

• Safeguarding customers' money:This should be a firm's top priority. Payment firms must, among other actions detailed in the letter, undertake reconciliations daily (at minimum), improve procedures and enhance record-keeping to support the identification of funds requiring safeguarding.
• Prudential risk management: Firms should ensure that regulatory capital requirements are met at all times, consider holding additional capital, set or review their risk appetite and conduct scenario analysis to assess financial performance in a range of different scenarios.
• Wind-down planning: Firms must have an appropriate wind-down plan and regularly review this plan. Consideration of and reference to the Wind-down Planning Guide produced by the FCA, while not directly applicable to payment firms, is viewed as good practice.
• Ensure AML systems and controls are effective: Firms must conduct regular reviews to assess their anti-money laundering (AML) compliance and remediate any weaknesses identified. In particular, firms must take immediate action to ensure that they are not being used to receive the proceeds of fraud.
• Implementation of the Consumer Duty: Firms must take appropriate action to comply with the new Consumer Duty. Firms should consult the FCA guidance on implementing the Consumer Duty in payment firms.

More broadly, payment firms are required to implement robust governance strategies that align with the FCA's environmental, social and governance (ESG) strategy and ensure consideration of material ESG risks and opportunities.

UK-authorised payment firms, or those registered in the UK, are strongly urged to take the FCA's concerns seriously and implement the changes suggested by the FCA promptly. Payment firms and their boards must be prepared to explain, on request, the actions they have taken. Following the FCA's 2022 to 2025 strategy released last year, earlier and more assertive action can be expected by the FCA when dealing with firms that fail to take necessary compliance actions.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.