COVID-19 crisis response: a unique guide to help FinTech companies not to fail.
Our clients and friends operating UK Electronic Money Institutions, Payment Institutions, and other regulated FinTech companies expressed concerns on how to conduct their business in this time of distress and hence we decided to provide an overview of the points that should be considered in order to preserve smooth operations and propose a FinTech COVID-19 crisis vaccine.
The turmoil with COVID-19, more widely known as Coronavirus, has touched upon the lives of each person on our planet. The spike in cases linked to this novel virus affected not only the lives of ordinary people, but it also trembled the whole world economy. This pandemic also has implications for the financial sector and may bring upon effects of such magnitude that was not seen for already almost a hundred years. As a consequence of the contraction in economic activity and devaluation of financial markets, the world is facing a recession that is potentially much bigger than the Great Financial Crisis of 2008.
Because of the above-mentioned reasons, regulated entities across the globe became concerned with preserving the usual operations and minimising the impact of the epidemic on their business and regulatory compliance.
COVID-19 crisis response measures
While brave medical personnel are in the front-line fighting COVID-19, companies across the world are extremely busy maintaining normal operations. However, it is quite difficult when you do not know where to start, never had distance working arrangements placed within your institution, and did not encounter any financial turmoil within your business. It is especially relevant for the FinTech sector which is mostly composed of new market entrants that were only established after the Great Financial Crisis which disrupted the financial sector.
Remote working arrangements
It is not a secret that the governments across the globe have implemented measures to restrict travel and ensure social distancing. The same happened in the UK and currently, almost all non-systemically important companies have implemented measures for working remotely.
FinTech companies, in most cases, do not need to have direct contact with their clients. Hence, it is quite easy for them to implement distance working arrangements. Such measures help to preserve the wellbeing of valuable employees by limiting their susceptibility to being infected. Therefore, the first advice would be to remove the requirement from employees to be physically present in the office or attend business meetings.
However, you should note that productivity levels could fall short since some of the employees who need supervision would be left to themselves. It is important to keep the working culture in the company and it would be beneficial to make at least 30 minutes daily briefings a routine. The best way is to use communication channels allowing for video calls (e.g. Skype, GoToMeeting, Zoom, etc.) and instant messaging platforms such (e.g., Slack, Telegram, etc.) online databases (e.g. Airtable) collaboration platforms (eg., Google Docs, Office365, etc.) and planning software (e.g. Basecamp, Trello, etc.). You can also integrate various platforms between themselves via API using Zapier, Automate.io or other similar software to achieve efficiency.
Activating and reviewing disaster recovery, contingency policies and IT security policies
Doubtlessly, all regulated entities have policies governing situations classified as disasters and outlining measures that were already implemented in response to the COVID-19 crisis affecting FinTech companies. However, very often, policies do not account for such extended periods of time as the one which we are currently facing.
According to various estimates, the lock-down and restrictions on travel as well as social distancing will last at least for a couple of months more. Therefore, distance working arrangements, for the time being, should become a new norm. Institutions should review and assess whether all of the functions within their departments are functioning properly and ascertain how they can improve those that are lagging behind.
For instance, sales will be much harder to deliver right now as conference calls may be slightly disrupted by children, pets, or family that are present with the employees working from home. The management should account for such specific situations in order to preserve the professional working environment and provide guidance to their employees on how to conduct conference calls from home. Specifically instructing on measures that would help to maintain concentration and undisrupted discussions, alternatively allowing to delegate the calls between the employees who are a bit more flexible within their current environment.
When employees work from home there is a higher risk of cyber attacks as they usually use personal laptops and not a very secure internet connection. Moreover, we have noticed an increase in social engineering attacks. Such risks should be explained to employees.
It is also extremely important to be in contact with your critical business partners and vendors. You should make an enquiry regarding their contingency and disaster recovery measures. If you have not checked their policies, do it as soon as possible. Additionally, identify the weakest point of failure in your network of vendors and partners and prepare necessary replacement, especially if you rely on their software solutions.
Capital adequacy and access to funding
It is not a secret that financial services are facing a recession, as a consequence of stagnation following COVID-19, which will last at least for a half of a year prior to the economic activity starting to get back to normal. It is especially important for the payment sector whose main service is financial intermediation. The adequacy of financial resources, capital and liquidity are monitored through the regulatory returns submitted to the FCA on a periodic basis.
Furthermore, the FCA specifically expects from firms to have a forward-looking approach to risks which is assessing how these evolve throughout the economic cycle. For example, McKinsey estimates that the worldwide payments revenues will contract by 8-10% in 2020. Therefore FinTech companies should adjust their financial projections by lowering expected revenues by at least 10%, reducing Capex, payroll and general expenses.
Before the COVID-19 crisis, FinTech companies in the hshould consider whether the additional financing and credit facilities are available to them. If there are none, they should take measures to ensure at the earliest point possible that they will have means of procuring such. In times of economic stress, it is of paramount importance to ascertain the prospective means of preserving a strong financial position. If access to additional funding is in place, the company will be in a position to maintain adequate capital resources and prove to the regulatory authority that it will successfully operate regardless of the turmoil in the market.
Addressing liquidity and currency exchange risk
Another important factor is to ensure that companies will have prerequisite liquidity to provide services in an undisrupted manner. Liquidity may be disrupted in several ways, one is a delay with settlement due to the operational disruptions at counterparty firm, another is reduced revenues due to the economic depression. McKinsey has recently published extensive research on the impact of COVID-19, which is a good starting point to assess the impact on company’s revenues and access to funding. While it is hard to predict the operational disruptions or even failure of the counterparty, the regulated entities should run cash flow gap analysis for the following scenarios:
- Non acute liquidity needs. This scenario shall reflect the company’s most likely view of the future, including any expected seasonal or cyclical fluctuations;
- A short-term institution-specific funding crisis;
- A prolonged institution-specific funding crisis;
- A systemic liquidity crisis.
It is recommended to maintain the minimum cash flow cushion as follows:
|Minimum Projected Cash Flow Cushion|
|Liquidity Scenario||0-30 Days||31-60 Days||61-90 Days||91-180 Days|
|Ordinary course of business, non- acute liquidity needs||20%||20%||20%||20%|
|Short-term, institution-specific crisis||10%||10%||10%||5%|
|Prolonged, institution-specific crisis||10%||5%||5%||5%|
At the time of economic depression and operational distress, currency exchange rates are often volatile and unpredictable. This is the time when a company has to start managing their open currency positions on a daily basis in order to prevent any significant losses. For example, a UK firm, with mostly EUR revenue and most of the expenses in pounds should be selling their earned EUR daily in order to prevent significant potential losses. Companies, specialising in currency exchange should review their operations and start managing their currency position with selling/buying currencies for the customers to/from liquidity providers more often than once a day. Arrangements, where currency delivery is scheduled to be settled in more than one day require revision, as regulated entities become more exposed to a liquidity crisis related to the currency exchange during operational disruptions.
Safeguarding requirements for Electronic Money Institutions and Payments Institutions
Proper safeguarding arrangements are essential in order to comply with regulatory obligations and ensure consumer protection and trust. Daily reconciliations of relevant funds that need to be safeguarded may lag because of the delayed settlements and disrupted operations of the company’s counterparties. Therefore, payment and electronic money institutions should implement measures that would ensure smooth operations with minimum disruption.
In order to do so, it is advisable to perform reconciliations at least twice a day and monitor the performance of deducting non-relevant funds. The FCA expects non-relevant funds (the funds which for whichever reason are on accounts of customers, e.g. fees which are due to the institution) to be removed as frequently as possible throughout each day and never should be left overnight. Ideally, such funds should be removed upon receipt but in whichever case not less frequently than at least once a day. The institutions should consider such intricacies and in no way feel safe if they have more than required funds on the customer safeguarding accounts.
Dealing with covenants and contracts
Many companies, not solely those in the financial sector, are facing unprecedented uncertainty about their immediate prospects in an environment that may challenge or disrupt their usual management and governance processes because of COVID-19 crisis for FinTech and pandemic.
FinTech companies should review all their contracts and identify if there are any risk related to financial and other covenants. It is important to speak with your investors and debtors if poor performance or low working capital of the company may trigger certain legal consequences.
The FCA, FRC and PRA issued a joint statement advocating that companies should be more lenient whenever assessing breached covenants that arose because of the disruptions in the market that we are currently facing. Therefore, regulated FinTech companies should not duly penalise and seek performance from the customers that are not timely following up with their obligations, but rather should enter into dialogue and assess their position and prospects. COVID-19 crisis affects not only FinTech companies but also regular business, and it is crucial to preserve relationships for future success. The crisis is temporary but your reputation is not.
Furthermore, the FCA provided temporary relief to the listed companies that need the extra time to complete their audited financial statements an additional 2 months in which publish them. The institutions should be cautious of all such announcements and review the topic dedicated to coronavirus on the website of FCA in order to ensure that they are following with their obligations and are aware of all news on the topic.
Why you should update your policies as soon as possible?
After considering at least all of the abovementioned points, the institutions should take proactive steps to update their internal policies, procedures, and processes. The amendments should discuss a scenario that is catastrophic at a performance and operational level.
It should account for a pandemic that we are currently facing and be consistent with the practices that were implemented in these unprecedented times. The policies must reflect the arrangements that were undertaken and in detail analyse how they are affecting risk exposure of the institution. For instance, home working may be conducted from personal computers of employees, but does the company have effective Bring Your Own Device (BYOD) Policies, installed necessary software, and performed training explaining how to preserve cybersecurity and data protection? If not, it should be done as soon as possible, since the European Banking Authority has recognised cybersecurity threat as one of the main risks for the financial sector.
Even if it is not your fault when your the most important partners and vendors fail, you are still responsible for the operation of your business. Therefore, you can be punished by the FCA when you outsource critical functions of your business and their operation are disrupted. For example, the FCA penalised Raphael & Sons plc after the technology incident happened to the company’s critical partner.
Additionally, the update of the policies, procedures and processes is essential as institutions can be breaching their own internal policies because of the measures aimed at preserving employees and normal operations during the COVID-19 pandemic.
What can happen if your institution fails to implement proper arrangements?
In addition to a bankruptcy risk, there is a risk of a regulatory penalty. The regulators definitely will contact all of the market participants at some point in order to evaluate the impact of the COVID-19 crisis on the supervised FinTech entities. Hence, institutions must ensure that they have in place prerequisite measures which would reveal that during the whole period of time, regardless of the pandemic, there was no disruption to their business and regulatory obligations. If there won’t be properly implemented arrangements, the firm may fail to comply with its obligations and become subject to regulatory action.
For instance, in case that the supervised entity fails to comply with the capital adequacy requirements, they can be ordered to suspend their activities with immediate effect. For instance, in July 2019, payments fintech Ipagoo LLP which according to its founder’s representative was undercapitalised as a consequence of missing out on attracting additional investment, it was ordered to suspend their activity and subsequently entered administration.
Another example would be Glint Pay Services Ltd, which according to the notice published by the FCA in September 2019 was in administration as a consequence of capital inadequacy and was ordered to immediately cease its operations. The firm has in the end secured necessary investment and administration was subsequently discontinued. However, such occurrence still disrupted the operation of the company and brought upon unnecessary reputational damage which will remain a stain for quite a while.
Moreover, in its Sector Views 2020, the FCA has expressed concern that whilst:
“Regulatory changes have enabled many new payment firms to enter the sector and quickly grow their customer base. But consumers can suffer harm if they use products without regulatory protections or these firms fail to comply with regulations.”
Notably, the FCA has stated that only 15-20% of the firms are compliant with all of their regulatory responsibilities. Special concern was noted in terms of failures by regulated entities to properly segregate and safeguard their customer funds, as can be seen from their letter to CEOs of non-bank payment service providers. Hence, you should take into account not solely the capitalisation in mind, but as well whether your segregation practices were conducted in a proper manner and will reconcile with all of the reported numbers, as it is one of the matters that are of high importance to the FCA now.
COVID-19 crisis resilience test for FinTech companies by PSP Lab
In these times of stress, it is important for all firms to carry out their activities with the utmost diligence and maintain proper controls which should not only counter COVID-19 crisis for FinTech but as well ensure adherence to all of the regulatory obligations. We can help if you are already in trouble with the regulator or help to avoid any unpleasant conversations with it.
If you are a FinTech company and you are unsure how to structure your operations in these unprecedented times, you should contact PSP Lab to assist you with these matters without undue delay. We can help you to relieve stress from operations and advice in case of any concerns.
As well, if you believe that arrangements which you have already implemented may not fully correspond with your regulatory responsibilities, PSP Lab can perform an external audit and review whether your firm adheres to its regulatory obligations or help you to become compliant as soon as possible before any regulatory sanctions could be potentially imposed on you. Thereafter, we can adjust policies and procedures in accordance with the identified shortcomings, if any.
PSP Lab can assess the “health” of your business and advice you on anti-crisis arrangements you should put in place to survive and even prosper in the nearest unstable future, you can use the form below to arrange an initial free 30-minute consultation.