Last week, Project Regulator, which I lead on behalf of the Emerging Payments Association, hosted a special briefing on the new payments architecture organised by the inspirational and indefatigable, Anne Pieckielon, Director of Product and Strategy at bacs.
The gateway for PSD2 applications opens today. About 500 authorised payment institutions and e-money institutions and 150 payment initiation and account information service providers are expected to submit applications to the FCA over the next few months in order to be authorised by 13 January (in the case of payment initiation and account information service providers) or re-authorised by 12 July in the case of those firms already authorised.
If you are a CEO, board member or otherwise involved in delivering a business strategy or IT you probably feel like you are walking around with a GDPR (General Data Protection Regulation) gremlin hanging on your back. It’s whispering the words ‘consent’, ‘processing’, ‘big fines’ and lets no forget ‘privacy statement’ into your ears day in, day out and as May 2018 approaches that soft whisper may start to feel like it’s becoming louder and more aggressive. The gremlin is feeding on continuous marketing emails, blogs (but hopefully not mine!) and newsletters arriving in your inbox with the nightmare scenarios for your company if you don’t get a move on and turn your business into a GDPR paradise. Employing their services to do so, of course.
The competence and capability expected of holders of the compliance function has been brought into sharp focus by two final notices issued by the Financial Conduct Authority (FCA) this summer. One holder of the compliance function (the CF10), was fined £75,000 for failing to exercise due skill, care and diligence in performing his compliance oversight role. The other, a would-be compliance officer, had his application for CF10 and the money laundering reporting function (CF11) refused on the grounds of ‘competence and capability’.
We will be explaining everything payment and e-money institutions need to know about getting re-authorised under PSD2 and the impact of MiFID II on fx forward business in two separate briefings on 12 September.
Last year, the FCA sent a 'Dear CEO' letter about ICAAP. For those who don't know, the ICAAP is a process a firm follows to assess the risks it’s facing currently and in the foreseeable future and calculate an amount of capital it should hold as a buffer against those risks.
The letter was a warning that the exercise shouldn't be a quick totting up of sums without any real engagement in the process. It went only to IFPRU investment firms, though BIPRU firms also have to do ICAAPs. Payment and e-money institutions don't have to do an ICAAP but as those who are tackling their re-authorisation application know, PSD2 places strong emphasis on understanding and managing risks.
In six months’ time, the second Payment Services Directive (PSD2) will be implemented in the UK. And while we don’t yet have finalised implementing documents, progress is being made on what the realised directive will look like.
Is your firm prepared for 4MLD?
If not, you only have this weekend to get sorted and while we have had draft versions and a consultation JMLSG guidance in circulation for some time now, the new Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs 2017) are were finally laid before Parliament yesterday, and will come into force on Monday, meeting the 4MLD implementation deadline of 26 June.