As of today, credit institutions, MiFID investment firms, e-money institutions and payment institutions must maintain a register of outsourcing agreements that can be made available to the FCA on request and new arrangements must meet the European Banking Authority (‘EBA’) Guidelines. Existing arrangements must be made compliant by the end of 2020.
Her Majesty’s Treasury published a consultation paper on the UK’s transposition efforts relating to the EU’s 5th Money Laundering Directive (5MLD) earlier this year. The Directive will come into force on 10th January 2020 and contains enhancements to the existing provisions as mandated by the EU’s 4th Money Laundering Directive (4MLD) which was implemented in the UK through the Money Laundering Regulations 2017.
With less than 4 months to go, you should be considering how the proposed changes will impact your business and whether your current approach to financial crime risk management is adequate.
Firing off an email to the wrong recipient can be embarrassing however sending funds to the wrong beneficiary is not only negligent but can also be costly. With £350 million worth of payments misdirected in 2018 alone and £145 million each year going unrecovered; the benefit of implementing a system to check the name on the account as a way of decreasing the volume is clear.
At the beginning of February this year, eight weeks prior to the original 29th March Brexit date, we published a blog entitled “No-deal Brexit – is there a regulatory backstop?” In this blog, we attempted to summarise what firms could expect in the event we crashed out having failed to agree transitional provisions with the EU27. Eight months, four failed votes and one prime minister later we find ourselves in a painfully similar situation eight weeks before the new Brexit date of 31st October. In this blog we will revisit some the issues addressed in our initial blog, and how these may have changed since the time of writing. I write this though at a time of the utmost uncertainty, with legislation proposed to remove the possibility of No Deal, another Prime Minister under threat, and the possibility of a General Election that might yet result in a new referendum. Nevertheless, let’s deal with the here and now…
Under PSD2, payment services providers across the EU are required to provide statistical data on fraud to their respective competent authority.
In the UK, relevant firms are required to collect and submit data on the volume and value of all payment transactions, as well as the volume and value of fraudulent transactions, and provide this to the FCA through Gabriel using the REP017 report; this information is in turn aggregated and shared with the European Banking Authority and the European Central Bank.
Back in January, we released a blog to provide an overview of the FCA’s interim REP017 report to cover the reporting period between 13 January to 31 December 2018. However, since then, the FCA has released an updated and much expanded REP017 report (with most PSPs being switched to a bi-annual reporting period).
As with our last one, this blog aims to give a high-level overview of who REP017 applies to, what transactions it captures and how the data on fraudulent transactions need to be categorised; we will also detail the key changes in approach since then.
Broken down to its most basic level, an audit is a method by which firms seek an external opinion on their policies, procedures, systems and controls. Rather than an exercise in detecting shortcomings and failures, the process of a compliance audit should be viewed as a means of testing an AML/CTF framework to identify opportunities to undertake enhancements as well as highlighting any issues. In essence, the intention is to provide assurance that the firm is operating in an compliant manner within its own specific regulatory framework.
fscom's James Borley features in Thomson Reuters where he discusses the desire among payments firms for a better understanding of the licensing requirements of competent authorities in other European Economic Area (EEA) countries. View the full article below.
On the 4 July 2019, the FCA released a ‘Dear CEO’ letter that addressed both the positive and negative practices of non-bank Payment Service Providers (“PSPs”) as they seek to comply with their obligations to safeguard customers’ funds. The FCA identified a number of failings in the safeguarding processes of the 11 PSPs it reviewed over a six-month period and has set out mandatory actions for PSPs.