Payment services: making safeguarding work

Yet safeguarding in practice is hugely problematical. One of the first major barriers to entry into the non-bank payments sector is getting a bank account for the purposes of safeguarding. Without this partnership with an EEA-authorised credit institution (or, following a hard Brexit, certain foreign banks), an applicant for authorisation as a payment institution or e-money institution won’t get across the line. Such a partnership is difficult to secure because of the inherent risk of the sector: there are not many banks that have well-enough defined and embedded systems and controls to onboard partners who are very attractive to criminals precisely because they are very good at being able to move money smoothly and efficiently.

For those that do secure the banking partnership and become authorised (or registered in the case of the small e-money institution), the practical implementation of the safeguarding rules is complex. The rules in the Payment Services Regulations 2017 and the Electronic Money Regulations 2011 are, in themselves, relatively straightforward. The complexity arises from what is omitted. For example, a clear statement of what is meant by the term ‘relevant funds’, when funds become relevant and when they are no longer relevant.

Two years ago, the FCA published for consultation their new, combined approach document, updated for the second Payment Services Directive (PSD2). They took the opportunity to provide further guidance on safeguarding, even though the safeguarding provisions were not altered by PSD2. At the time I wrote a blog that urged readers to respond to the consultation because the FCA had included guidance that effectively meant that:

• payment institutions that pull funds through an acquirer would have to safeguard an equivalent sum during any delayed-settlement period agreed with their acquirer;
• payment and e-money institutions would have to safeguard until the payee’s payment service provider has received the funds, which is problematical because there is rarely any confirmation of receipt and they will have to both safeguard the funds in an account while, at the same time, equivalent funds are being sent to the payee, which is duplication of the funds; and
• in cases where payment and e-money institutions that use another non-bank provider to move money, both institutions will have to safeguard the funds and send equivalent funds to meet their own, separate safeguarding obligations.

I also pointed out that the expectation that there should be no comingling of relevant and non-relevant funds over night is almost impossible to meet because funds can come into the account and e-money can be spent at any time, including during non-business hours.

Unfortunately, the finalised guidance, while somewhat different to the consultation version, still creates the issues above. So, we have been working with the leading international law firm, fieldfisher, to put a paper to the FCA that makes the case for the following.

• That the safeguarding obligations should be understood in the light of the policy intention of protecting consumers’ funds and not the strict interpretation of the wording.
• That push payments made through designated payment systems no longer have to be safeguarded when the transaction is committed because it is irreversible.
• That the safeguarding obligation ends when the payment or e-money institution no longer holds the relevant funds directly or through its agent.
• That holding too much funds in the safeguarding account does not put at risk the statutory protection over those funds.
• That the FCA should join with us to press the government to make the changes necessary to insolvency legislation so that where a chain of payment or e-money institutions are involved, one institution can safeguard the funds for the benefit of the underlying client and that this satisfies the regulatory obligation.

If you would like to read more, please click on the link below to access our report.