FCA Outlines Priorities for Payment Firms Governance and Risk Management in Spotlight

Cooley alert
April 20, 2023

The reverberations of recent bank collapses continue to be felt in the UK, with payment companies at risk of being found by the UK’s financial regulator, the Financial Conduct Authority (FCA), to have inadequate risk controls. Despite concurrent compliance pressures on payment firms, such as the new FCA Consumer Duty coming into force as early as 31 July 2023, payment firms are being asked to do more.

The key takeaway from this development is clear: Payment firms within and outside the UK are expected to take active steps to ensure continued compliance with the regulator’s expectations.

On 16 March 2023, the FCA sent a ‘Dear CEO’ letter to approximately 300 payment firms authorised or registered under the Payment Services Regulations 2017 and the Electronic Money Regulations 2011 – including payment institutions, electronic money institutions and registered account information service providers.

The FCA’s actions indicate a perceived lack of risk management among payment firms. The FCA’s letter centres on the regulator’s concerns that payment services firms continue to fail to protect consumers from financial risks, thereby undermining the integrity of the financial system as a whole. The FCA set out its expectation that payment firms take prompt action, and firms may be asked to explain, on request, the actions they have taken to ensure that customers’ money is safe, the firm does not compromise financial system integrity and the new FCA Consumer Duty is being implemented robustly.

Key actions coming out of the letter which payment firms should be aware of are:

  • Safeguarding customers’ money: This should be a firm’s top priority. Payment firms must, among other actions detailed in the letter, undertake reconciliations daily (at minimum), improve procedures and enhance record-keeping to support the identification of funds requiring safeguarding.
  • Prudential risk management: Firms should ensure that regulatory capital requirements are met at all times, consider holding additional capital, set or review their risk appetite and conduct scenario analysis to assess financial performance in a range of different scenarios.
  • Wind-down planning: Firms must have an appropriate wind-down plan and regularly review this plan. Consideration of and reference to the Wind-down Planning Guide produced by the FCA, while not directly applicable to payment firms, is viewed as good practice.
  • Ensure AML systems and controls are effective: Firms must conduct regular reviews to assess their anti-money laundering (AML) compliance and remediate any weaknesses identified. In particular, firms must take immediate action to ensure that they are not being used to receive the proceeds of fraud.
  • Implementation of the Consumer Duty: Firms must take appropriate action to comply with the new Consumer Duty. Firms should consult the FCA guidance on implementing the Consumer Duty in payment firms.

More broadly, payment firms are required to implement robust governance strategies that align with the FCA’s environmental, social and governance (ESG) strategy and ensure consideration of material ESG risks and opportunities.

UK-authorised payment firms, or those registered in the UK, are strongly urged to take the FCA’s concerns seriously and implement the changes suggested by the FCA promptly. Payment firms and their boards must be prepared to explain, on request, the actions they have taken. Following the FCA’s 2022 to 2025 strategy released last year, earlier and more assertive action can be expected by the FCA when dealing with firms that fail to take necessary compliance actions.

Should you require any assistance in reviewing and/or revising your current governance procedures to better align with the FCA’s stance, please reach out to Cooley’s Yulia Makarova, who will be happy to help.

This content is provided for general informational purposes only, and your access or use of the content does not create an attorney-client relationship between you or your organization and Cooley LLP, Cooley (UK) LLP, or any other affiliated practice or entity (collectively referred to as “Cooley”). By accessing this content, you agree that the information provided does not constitute legal or other professional advice. This content is not a substitute for obtaining legal advice from a qualified attorney licensed in your jurisdiction and you should not act or refrain from acting based on this content. This content may be changed without notice. It is not guaranteed to be complete, correct or up to date, and it may not reflect the most current legal developments. Prior results do not guarantee a similar outcome. Do not send any confidential information to Cooley, as we do not have any duty to keep any information you provide to us confidential. This content may be considered Attorney Advertising and is subject to our legal notices.