Under PSD2, payment services providers across the EU are required to provide statistical data on fraud to their respective competent authority.
In the UK, relevant firms are required to collect and submit data on the volume and value of all payment transactions, as well as the volume and value of fraudulent transactions, and provide this to the FCA through Gabriel using the REP017 report; this information is in turn aggregated and shared with the European Banking Authority and the European Central Bank.
Back in January, we released a blog to provide an overview of the FCA’s interim REP017 report to cover the reporting period between 13 January to 31 December 2018. However, since then, the FCA has released an updated and much expanded REP017 report (with most PSPs being switched to a bi-annual reporting period).
As with our last one, this blog aims to give a high-level overview of who REP017 applies to, what transactions it captures and how the data on fraudulent transactions need to be categorised; we will also detail the key changes in approach since then.
Broken down to its most basic level, an audit is a method by which firms seek an external opinion on their policies, procedures, systems and controls. Rather than an exercise in detecting shortcomings and failures, the process of a compliance audit should be viewed as a means of testing an AML/CTF framework to identify opportunities to undertake enhancements as well as highlighting any issues. In essence, the intention is to provide assurance that the firm is operating in an compliant manner within its own specific regulatory framework.
fscom's James Borley features in Thomson Reuters where he discusses the desire among payments firms for a better understanding of the licensing requirements of competent authorities in other European Economic Area (EEA) countries. View the full article below.
On the 4 July 2019, the FCA released a ‘Dear CEO’ letter that addressed both the positive and negative practices of non-bank Payment Service Providers (“PSPs”) as they seek to comply with their obligations to safeguard customers’ funds. The FCA identified a number of failings in the safeguarding processes of the 11 PSPs it reviewed over a six-month period and has set out mandatory actions for PSPs.
Back in October last year, fscom director Alison Donnelly wrote a blog on the FCA’s consultation on new rules for payment and e-money institutions. As explained in that blog, due to FCA concern with how some e-money and payment institutions have communicated with their customers in the past, certain sections of the FCA Handbook are being applied to payment and e-money institutions.
For the first time, the US Office of Foreign Assets Control (OFAC) has reached out to provide guidance to firms on creating and maintaining an effective sanctions risk mitigation framework. The guidance is primarily based on the essential criteria which OFAC regards as the tools necessary for firms to achieve their business aims, whilst also mitigating the inherent sanctions risks facing them.
In May of this year, the FCA released a ‘Dear CEO’ letter that addressed the failings of principal firms within the investment management sector. The FCA found that investment management firms (“principals”) failed to appropriately control and oversee their Appointed Representatives (ARs). There is an interesting takeaway from this letter for the payment services market regarding the relationship between The Principles for Businesses and agents.
What are you doing to protect your customers from authorised push payment (APP) scams? That is a question payment service providers (PSPs), including payment and e-money institutions, will have to answer following regulatory intervention in the UK to force the industry to tackle the problem following Which?’s supercomplaint in 2017.
FinTechNI, a collaboration between stakeholders in the local FinTech community to spearhead, publicise and promote Northern Ireland as a major FinTech hub, today announced it will host an evening with US-based financial services veteran, Bo Brustkern, on Thursday 13th June 2019, at Catalyst Belfast FinTech Hub.