Safeguarding requirements for e-money institutions. Top 5 dangerous mistakes.
Safeguarding requirements are essential for E-money Institutions (EMIs and small EMIs) and Payment Institutions (PIs). The requirement to Safeguard customers’ funds emanates from the need of customer protection whenever they are using payment services that are provided by PIs or EMIs. Since these types of institutions have lower capital requirements than conventional banks, they have special requirements that are imposed whenever dealing with funds of e-money/payment service users.
The Financial Conduct Authority of the United Kingdom has reiterated in its publication dated 22nd of May 2020, that since the FinTech market is growing rapidly and many startups are not profitable at the early stages, they should be cautious of the risk of improper safeguarding arrangements. As we have already noted in one of our previous articles, many payment and e-money institutions do not fully comply with their regulatory obligations, specifically safeguarding. But how can a firm successfully fulfil its regulatory requirements in these unsettling times that are underlined by uncertainty? The answer is quite simple, albeit a bit tricky- the institution must fully understand its responsibilities and implement proper internal controls and procedures. In this article, we will provide a brief overview of safeguarding requirements and what PIs and EMIs can do in order not to fail foul while providing their services. Moreover, at the end of the article, you may be able to download our free guide detailing what is safeguarding and how it should be properly implemented.
What are the safeguarding requirements for e-money institutions and other non-bank payment services providers?
Safeguarding requirements mean that “relevant funds” of customers of e-money and payment institutions must be protected by either of two possible options:
- Segregation method- where relevant funds are kept separate from all other funds that payment or e-money institution holds with an authorised credit institution, or BoE, or invest the relevant funds in such secure, liquid assets as the FCA may approve and place those assets in a separate account with an authorised custodian; or
- Insurance or comparable guarantee method- where relevant funds are covered by an insurance policy with an authorised insurer or a comparable guarantee given by an authorised insurer or an authorised credit institution.
Notably, these methods can be also used in tandem and institution can choose to protect certain funds by the latter and other by the means of former. For example, institutions may use both methods whenever funds are already segregated, however, due to the nature of the institution with which they are deposited they are not adhering to the Payment Service Regulations 2017 (PSR 2017) or Electronic Money Regulations 2011 (EMR).
What is meant by relevant funds in the context of safeguarding?
It is essential to define what is considered relevant funds in terms of safeguarding as firms may misunderstand what part they need to safeguard and consequently fail from the onset to satisfy their regulatory obligations. Both PSR 2017 and EMR have “relevant funds” defined, albeit, there are differences in their definition. In this article, we won’t go into technicalities (for them you may read our guide, you will be able to download at the end of this post) but simply will state what in practice is meant by relevant funds.
The relevant funds are funds of the payment service/e-money users against which customers have a claim. They are covering the funds that were received by the payment institution for the benefit or further transactions that would be executed on behalf of their customers. In the case of e-money institutions relevant funds concern funds for which e-money was issued to the customer.
Where mistakes are most commonly made?
As we have already stated above, some mistakes are made by payment and e-money institutions due to a lack of knowledge and can be fairly easily avoided. Below we will outline the most common mistakes and what should be done in order to avoid committing them and comply with safeguarding requirements for e-money institutions and payment institutions.
1. Improper screening of third parties
First and foremost, the institutions may fail whenever choosing third parties that will act as credit institutions, custodians, or insurers. The firms must exercise due skill, care and diligence- meaning that they must assess the risks that are posed by relying on one or the other firm. Furthermore, this obligation continues throughout the whole of the relationship while the institution is relying on such third party to protect its customers’ funds. It is essential to monitor safeguarding counterparties on an ongoing basis and evaluate any new circumstances that could heighten the risks of relying on that counterparty. The monitoring should be undertaken on an ongoing basis and it is important to ascertain financial position, reputation, credit ratings and other aspects of such credit institutions, custodians, or insurers. Apart from it, the planned reviews should be undertaken at least once a year and thoroughly documented to reveal the approach and evaluations that were undertaken by payment or e-money institution when relying on a third party.
2. Incorrect designation and rights of third parties over funds
Another common mistake is the improper designation of the safeguarding accounts. The safeguarding account must explicitly state that funds held thereby belong to customers of the institution. The best practice would be for the name to contain the word ‘safeguarding’ or ‘client’ and the name of the payment or e-money institution. However, this is not always possible because of the technical capabilities of renaming the accounts and/or national legislation of the credit institution/custodian with which the account is held. In such a situation, it is required for the institution to procure the acknowledgment letter stating that the account is held for the benefit of clients, rather than EMI or PI managing it. The FCA has provided a draft letter that can be completed and sent to the counterparty with whom the safeguarding account is held.
Furthermore, it is essential that the safeguarding credit institution or custodian would not have any rights over the relevant funds placed in such accounts. It means that they must be instructed and acknowledge that they don’t have any interest in (e.g. a charge), recourse against, or right (e.g. a right of set-off) over the relevant funds or assets. We will repeat this, no fees may be charged by the safeguarding institution from the funds placed within the safeguarding account.
3. Failing to do reconciliations and keep records
The third common mistake is that payment and e-money institutions often fail to timely segregate relevant funds or commingle them with other funds (e.g. fail to timely charge fees from customers and transfer them to own funds accounts). The firms should carry out reconciliations as often as practicable, but not less than at least once a business day. The FCA stated explicitly, in their communication dated 22nd of May, that funds should not be commingled for longer periods of time and must be removed as soon as it is possible.
The connected mistake of failing to maintain proper reconciliation practices is improper documentation of the relevant funds. The firm may be following with the first, albeit it can still fail to properly document reconciliation practices which will make it impossible to identify customers’ funds at any time and without delay. The records should be kept in such form that they would allow identification not only for the institution itself but for the FCA or insolvency practitioner as well. The importance of this point, the same as with all safeguarding, lies in the rationale of customer protection that must be ensured by safeguarding. Hence, all institutions must have consistent and unambiguous practices for creating records of reconciliation.
4. Failing to allocate funds
In certain instances, the institution may fail to properly identify the beneficiary of the funds that have arrived to it (e.g. incorrectly stated account number). Consequently, the institution in question will not have a possibility to issue e-money or provide payment services. It may deem that the funds in question will not be considered “relevant funds” and hence do not require protection. However, this is a misconception as Principle 10 of FCA’s Principles for Business requires firms to “arrange adequate protection for clients’ assets when it is responsible for them.” Therefore, even though the institution did not timely identify the customer to whom the funds arrived, it still must treat them as relevant funds and protect them following its safeguarding practices. Furthermore, if the institution fails to identify the client for a longer period (one week at most) it should send the funds back to the payer.
5. Review and adjustment of safeguarding practices
Needless to say, compliance with regulatory obligations is an ongoing exercise that must monitor the institutional controls and practices. It is essential to perform audits of controls and governance in terms of safeguarding, both internally and with the help of external auditors. As a best practice, internal audit should be carried out quarterly. It will help to note any inconsistencies at an early stage and remedy them in the shortest time possible. Whereas, the external audit carried out by auditors should be undertaken annually. Furthermore, the occasional audits should be undertaken whenever there is a change in the business practices of e-money or payment institution. For instance, the provision of a new type of service, or change of the safeguarding method.
How PSP Lab can help to follow with the safeguarding requirements?
At PSP Lab we know in practice how safeguarding requirements for e-money institutions and other non-bank payment services providers work. Thanks to many years of experience of working in financial institutions we have accumulated knowledge that is necessary to streamline the processes while adhering to requirements. Reach out to us in order to review and raise the efficiency of your processes related to safeguarding.
Still unsure how safeguarding works and wish to learn more? In this case we offer you to download our guide on safeguarding requirements for payment institutions and e-money institutions.
If you will still have some questions about safeguarding, you may also book a free initial consultation. Stay safe, keep well, and safeguard properly- as it is an essential responsibility of each institution.