What is this about?

The team at TLT set out key themes we believe are likely to be hot topics for payment firms in their ongoing engagement with the FCA. The themes reflect those highlighted by the FCA in its portfolio letter to payments firms, as well as in relation to the issues flagged to payment firms regarding consumer duty compliance. The topics also reflect where we have seen the FCA increasingly focus in its engagement with firms. We suggest what actions firms need to take to stay one step ahead.

Our Head of Financial Regulation, Amanda Hulme says...

"The growth in payments firms and innovation in payments has been welcomed by Government. Payment firms have promoted competition and challenged more established firms to invest in their own capabilities. However, payment firms are now firmly on the regulatory radar. We anticipate that payment firms will increasingly come under scrutiny by the FCA as they will continue to step up their compliance expectations on these businesses. All payment firms need to be assessing their compliance – and ensuring they have robust evidence of compliance – in the key high risk areas."

Where should you be focusing?

  • Ensure you have documented processes to identify which funds are "relevant funds" under the regulations. This can be legally tricky, particularly where there may be multiple payment service providers in a chain providing intermediary payment services. There can also be difficult co-mingling issues, particularly where funds may derive from unregulated or overseas activities too.
  • Review how you carry out reconciliation of funds in safeguarded accounts. You need to be frequently identifying funds owed to you or which relate to non-UK regulated payment activities. Frequent reconciliations are expected – and at least once per day. It is not an answer to keeping too much in the safeguarded account, as the FCA will not be comfortable with the risk caused by co-mingling of funds that are not relevant funds.
  • Make sure you have clear records of which funds relate to which customers, so that in an insolvency event, these funds can be identified and paid back quickly.
  • Review the documented diligence you hold on the credit institution you use to hold the safeguarded account. The FCA expects firms to obtain a standard form of letter from the bank which confirms the bank acknowledges that the funds belong to the customers of the payment service provider and confirms that the bank is not entitled to set-off any sums due to it from the proceeds in the account.
  • Check you are complying with your audit requirements in relation to your safeguarding and ensure you have reported any issues to the FCA.

The FCA is concerned that many payment firms lack some level of financial resilience. The FCA will expect you to have reviewed your liquidity arrangements, including whether you need to hold more than the minimum regulatory capital amount. Are you able to show robust stress testing and scenario planning, including reviewing your risk appetite?

The FCA is concerned that some firms still do not have a wind down plan, but that many of those that are in place are not realistic, lack detail, are not a useful or usable document and do not clearly identify the precise triggers when a wind down scenario would arise. The FCA is also concerned that the costs and cash requirements needed are under-estimated. The FCA encourages firms to consider its Wind-down Planning Guide (even though it does not directly apply to payments and e-money firms). The FCA does ask to see these documents.

  • The FCA is increasingly concerned about the financial crime controls operated by payment firms. In line with its 2024/5 business plan, the FCA's focus is on anti-money laundering (AML), sanctions and fraud and promised to use its significant investment in technology to proactively identify instances of non-compliance. You should regularly review your firm's AML, sanctions and fraud systems and controls to ensure that are commensurate with your risk and are operating effectively. This includes your processes for submitting suspicious activity reports and any third party screening solutions. Ensure you have evidence of your economic crime compliance policies, including effective methodologies that support risk appetite, frequent reviews of risk assessments and systems and control frameworks, particularly in line with business growth.
  • You should also be making good progress in implementing the mandatory reimbursement rules relating to authorised pushed payment fraud which come into force on 7 October 2024. The FCA will be aware of the Payment Systems Regulator letter on 24 May 2024 which stated that whilst many firms are already taking positive steps, there is plenty of work still to be done. In addition, firms need to be focussing on developing their reasonable fraud prevention procedures to be able to defend a charge of failing to prevent fraud when that offence comes into force in early 2025. As we have seen before, the FCA will view any contravention of these provisions as evidence of a lack of effective systems and controls to detect, prevent and deter financial crime.
  • Care also needs to be taken about your processes for freezing accounts when an issue is flagged. Preventing customers using accounts is also of concern if this is happening too frequently as a back up to poor front end controls. Firms will be implementing Confirmation of Payee controls, which will mean that more fraud claims need to be covered by payment firms. The FCA will be keen to see that customer complaints are handled well, and the obstacles are not put in the path of customers looking to claim.

Consider whether your Boards are operating effectively now and how you ensure that they have sufficient oversight over compliance and risks. Are the Board providing sufficient challenge to ensure compliance and do senior management create a compliance culture within the organisation? You may also want to consider whether key individuals in management or compliance roles could benefit from more training or support to augment their levels of experience. You should also look at the diversity of the Board and senior management roles.

If you are a firm that uses agents or distributors, the FCA expects you to oversight their activities for compliance. You should have your processes for review and audit in place, as well as arrangements for periodic compliance assessment and escalation of issues. You should also consider how you ensure compliance with financial promotions requirements. The FCA also expects more transparency around your own relationship with any agents or distributors. These oversight arrangements should be in place for anyone who performs key activities for you, including if you are offering embedded finance or banking services to corporate partners. We expect this to become an increasing focus of regulators.

The FCA will require firms to have identified critical services as part of your compliance and to have put in place contingency plans for any failures by those providers. It is likely more may need to be done here, particularly in relation to the technology infrastructure underpinning payments and e-money businesses. The FCA may have stringent demands for back up plans in relation to cloud based services.

The FCA is concerned that firms are under-reporting. We suspect firms may also not be reporting potential breaches in the way that would be expected by the FCA.

Payment firms often develop products focused on one business need, but quickly expand into other areas or cross sell to other customers. Under the Consumer Duty, you need robust processes to ensure you review the product is suitable for any new target markets. You should have robust documented product governance before new markets or business lines are targeted.

Payment firms are good at targeting customers who are often not as well serviced by mainstream financial services providers. This can mean that these innovations are aiming products at customers who may not utilise mainstream financial services products. These customers may be more vulnerable or may find it harder to find alternative providers. The FCA expects firms to factor that into the product suitability assessment and what action firms are taking to mitigate this risk of harm to vulnerable customers. It is also not just what happens to customers while they are your customer, but what might happen if you look to exit a market or a relationship.

The inclusion agenda is becoming more important and there is an expectation that firms look more to design services that are more inclusive. This may mean ensuring that the way SCA works does not adversely impact more vulnerable customers who may not have smartphones. For example, the FCA will expect firms to implement methods of authentication that do not rely on mobile devices.

You will be expected to show that you have reviewed your charging structure and particularly whether structures could impact vulnerable customers more than others. Consideration must also be given to payment chains where multiple fees may be charged and passed on to customers. Are the fees you are charging potentially adversely impacting customers? In relation to certain payment types that have less consumer protection, can fee levels be justified?

Can you say that the customer will be clear about the product and the role that you play? Is information on charges and the customer's legal protections clear or is there scope for confusion? The FOS is increasingly looking at consumer protection in the context of products involving payment chains. You should be ensuring that it is clear to a customer what the legal position is and how the payment is being managed and if that removes protections the customers would otherwise expect to have. This can be challenging for firms who are looking to embed a more streamlined and quicker transactional process, which will not lend itself to extensive customer communication. There is a risk, for example, that some open banking payment journeys are not clear and transparent to customers.

At a glance...

Publication link

1. Implementing the Consumer Duty in payments firms

2. Portfolio Letter: FCA priorities for payments firms

Published date

1. 21 February 2023

2. 16 March 2023

Who has published it?

Financial Conduct Authority

Publication type

Dear CEO letters

What is it relevant to?

Payments firms

Financial crime

Consumer Duty

Operational resilience

This publication is intended for general guidance and represents our understanding of the relevant law and practice as at July 2024. Specific advice should be sought for specific cases. For more information see our terms & conditions.

Date published

04 July 2024

Get in touch


View all