The FCA’s 2023/24 Priorities for UK Payments: Firms and Investors, Take Note

On March 16, 2023, the UK Financial Conduct Authority (FCA) published its letter Portfolio Letter: FCA priorities for payments firms to the CEOs of UK Payment Institutions (PIs), Electronic Money Institutions (EMIs), and Registered Account Information Service Providers, all of whom it regulates.

The Letter is relevant both to those managing the firms and those looking to establish or invest in them, highlighting areas of regulatory risk that not only a business but any due diligence report will need to address.    

The Letter requires CEOs to identify the messages that are relevant to their firm and take appropriate action to deliver three outcomes:

• Ensure that the firm’s money is safe, noting the requirements to ensure proper compliance with the FCA’s safeguarding rules, ensure effective prudential risk management, and undertake proper wind-down planning – we discuss the actions for firms to take below; 
• Ensure that the firm does not compromise financial system integrity, noting the requirement to properly manage money laundering and sanctions risk and have effective measures for preventing fraud to customers – we discuss the actions for firms to take below; and 
• Meet customers’ needs, including through high quality products and services, competition and innovation, and robust implementation of the FCA Consumer Duty – the FCA’s introduction of its Consumer Duty is a central piece of policy noted in our alert The UK Consumer Duty: Next Steps For Private Fund Managers | Insights & Resources | Goodwin Procter (goodwinlaw.com).

The FCA also notes three “cross-cutting priorities” which underpin the three outcomes:

• Governance and leadership, including oversight of agents and distributors;
• Operational resilience; and
• Regulatory reporting. 

The Letter also notes:

• The requirement for those acquiring “control” in a PI or EMI, ≥10% of the shares or voting power in the PI/EMI or any of their parents, to ensure that they seek FCA approval before the acquisition; and
• Environmental, social, and governance (ESG), and the need for firms to have appropriate governance arrangements for more complete and careful consideration of material ESG risks and opportunities, and diversity and inclusion (D&I), inviting feedback and data to help the FCA develop its D&I policy.       

Keeping Customer Money Safe

The FCA identifies three areas for consideration and the actions that it expects firms to take.

Safeguarding

A firm must safeguard customers’ funds in line with the Payment Services Regulations (PSRs) or Electronic Money Regulations (EMRs) and the relevant FCA guidance, in particular:

• Appropriately document its processes to identify which funds are relevant funds for the purposes of safeguarding;
• Undertake internal and external reconciliations at least once a day to ensure that safeguarded funds are adequate and not excessive;
• Ensure that the accounts in which relevant funds are held (or the insurance policy or comparable guarantee) meet FCA requirements and are supported by the appropriate documentary evidence; and
• Maintain appropriate records to enable the firm or a third party such as an insolvency practitioner to identify the customer to which the funds it holds relate.

Prudential Risk Management

A firm must regularly review its prudential risk management arrangements to ensure, in particular, that it: 

• Meets its regulatory capital requirement at all times; 
• Considers the particular financial risks it faces, based on the business model it operates, and considers how those risks may be heightened by macroeconomic conditions;
• Sets or reviews its risk appetite, including key risk indicators; 
• Forecasts its likely financial performance in a range of plausible scenarios, including stressed scenarios, and uses this analysis to validate the firm’s assessment of adequate capital and liquidity resources; 
• Considers holding additional capital above the minimum requirement under the PSRs or EMRs where that would be prudent based on the firm’s assessment of the risks it faces; and
• Plans well ahead to ensure it has adequate financial resources on an ongoing basis, which may include arranging access to additional resources, such as credit lines, that can be drawn on when needed.

Wind-Down Planning

The FCA expects a firm to ensure that it has an appropriate wind-down plan in place and ensure that it is reviewed regularly and kept up to date so that it continues to meet the FCA’s expectations. Although the FCA Wind-Down Planning Guide, WDPG.pdf (fca.org.uk), does not directly apply as guidance to PIs and EMIs, the FCA states that firms may also refer to it, and the findings of the FCA’s recent thematic review of wind-down plans, TR22/1TR22/1: Observations on wind-down planning: liquidity, triggers & intragroup dependencies (fca.org.uk), as good practice and for information about what to consider when preparing wind-down plans.

Money Laundering, Sanctions, and Fraud 

Money Laundering and Sanctions

The FCA expects a firm to take the following actions: 

• Ensure that the firm’s anti-money laundering systems and controls are effective and commensurate with the risks in the business, including as it grows over time;
• Conduct regular reviews to assess the firm’s compliance with anti-money laundering obligations and sanctions requirements, and to work swiftly to remediate weaknesses identified; and 
• Comply with the firm’s responsibilities under the Proceeds of Crime Act 2002 and Terrorism Act 2000 through accurate and timely submissions of Suspicious Activity Reports (SARs) and to regularly review themes from the firm’s SARs reporting.

Fraud Prevention

The FCA expects a firm to take immediate action to protect its customers against the risk of fraud and to ensure that the firm is not being used to receive the proceeds of fraud. In particular, a firm should ensure that it:

• Reviews its internal risk appetite statements and policies and procedures to ensure that these adequately address the risk of fraud to its customers;
• Regularly reviews its fraud prevention systems and controls to ensure that these are effective; and
• Maintains appropriate customer due diligence controls at onboarding stage and on an ongoing basis to identify and prevent accounts being used to receive proceeds of fraud or financial crime.

To discuss the contents of this alert, please contact the authors or your usual Goodwin contact.