For the payments compliance and regulation sector, 2021 has continued at the same frantic pace as 2020, with multiple consultations issued in the first quarter by HM Treasury, the PSR and the FCA.

In this series of blogs, fscom subject matter experts will analyse the changes proposed in the FCA’s CP21/3, issued at the end of January.

CP21/3 has a mixture of purposes:

• making permanent the 2020 temporary guidance on prudential risk management and safeguarding;
• making changes to the UK regime since it’s no longer constrained by the European directives;
• updating the approach document to reflect changes since it was last published in June 2019; and
• updating the approach document and PERG to include guidance issued to sectors but not generally (in respect of the Limited Network Exclusion and the Electronic Communications Exclusion).

Blogs will follow on the proposed changes to strong customer authentication, open banking and the material directed at those in the Temporary Permissions Regime.

I will focus, here, on the other important changes made in the approach document. For the most part, we have until 30 April 2021 to provide feedback with the new approach document to be published shortly thereafter.

The temporary guidance

In July 2020, the FCA published temporary guidance on safeguarding and wind-down planning following a brief consultation. One of the main objectives of this consultation is to make the temporary guidance permanent: chapter 10 is to be updated to accommodate the safeguarding changes (see next section) and chapter 3 for the prudential risk changes (see section further below).

Safeguarding

All of the temporary guidance on safeguarding has been included in chapter 10 of the approach document, including:

• the warning to make sure disclosures about safeguarding are accurate and not misleading;
• the guidance that payment and e-money institutions utilising the segregation method act as trustees of their customers’ funds;
• the wording to be used in the name of the safeguarding account;
• the letter to be signed by the safeguarding partner; and
• the expectation on all e-money institutions and certain payment institutions to have a compliance audit at least annually.

There are some other interesting changes.

• The first paragraph 10.27 is about payments that originate outside the UK (taking for granted that this used to be the EEA) being outside the scope of the safeguarding requirements (and, by extension, regulation). The proposed change further clarifies that the defining circumstance is the location of the PSP rather than the payer or payee.
• The second paragraph 10.27 is about the potential for payment and e-money institutions to corrupt the safeguarding protection by commingling relevant and non-relevant funds. We note the change in thrust; the primary concern is no longer that commingling would result in funds not being returned at all to customers in the event of insolvency. It is, instead, that commingling will delay the return of funds to customers while administrators wrangle over the ownership of the funds. We wonder if this is a positive outcome of the Supercapital case, where the confirmation of the trust status strengthens the position that payment services users will be repaid in priority to other creditors.
• Guidance is given (paragraphs 10.42 and 10.43) on the criteria that non-OECD banks must meet to offer safeguarding accounts. The widening of the pool of potential safeguarding partners is very welcome to those payment and e-money institutions with non-EEA payment corridors but it’s too early to say if this will become common practice.
• For those using the insurance or guarantee method to safeguard, paragraphs 10.63 to 10.66 incorporate the guidance issued to compliance officers in December 2019 on the parameters of the agreement, including, for instance, that the cover must be effective regardless of the circumstances that led to the insolvency, and the risks to be considered ahead of adopting this method of safeguarding.
• It should be noted that the FCA has not proposed altering the expectation that the institution’s risk assessment of the reconciliation process should be included in REP018, despite the EBA’s guidelines changing the emphasis of this requirement to ICT and security risk. We will ask the FCA if this is an oversight or an intentional departure from the EBA guidelines.
• In a nod to the industry surveys that the FCA has issued over the past year in which payment and e-money institutions have been asked to provide, promptly, information on safeguarding and other matters, paragraph 10.78 is to be adjusted to clarify that records should be ‘clear and accurate’ and ready to be provided ‘in a timely manner’.
• The expectation that HM Treasury’s consultation in December 2020 on a special administration regime will result in new powers for the FCA to become involved in any insolvency of a payment or e-money institution is noted in a new paragraph, 10.91, though with no comment on any practical implications this is anticipated on having on institutions, not in insolvency proceedings.

Changes for applicants

As noted above, the prudential risk requirements of the temporary guidance have been incorporated in chapter 3 of the approach document, which results in the expectation that future applicants will provide their wind-down plans and evidence of stress testing as part of their application pack. By implication, existing and future payment and e-money institutions are expected to maintain the plan and arrangements.

Guidance on agents for AISPs

The FCA also proposes addressing the ongoing confusion on who is providing regulated activities in account information services. The proposed guidance introduces the concept of ‘third parties’ as parties that receive the data on behalf of the customer (with the customer’s consent) and who process the data (for example, for a loan agreement or credit reference) but who are not providing account information. This is likely to be welcome clarification for AISPs.

Exclusions from the PSRs and the EMRs

For businesses wishing to avail of the Limited Network Exclusion (LNE) or the Electronic Communication Exclusion (ECE), the perimeter guidance is to be expanded to reflect guidance issued to the telecoms industry in 2019 and further examples of limited networks. The approach document is to include the notification requirements applicable to both have been included (part III of chapter 13).

Updates to reflect rule changes that are already in effect

As you would expect, references to ‘the EEA’ are to be amended ‘the UK’ and the references to legislation are to be updated. EBA guidelines are still relevant because the FCA expects e-money and payment institutions to continue to follow them to the extent that they remain relevant,

The approach document’s chapters 2 and 8 are to be amended with references to the applicability of the Principles for Businesses and the additional rules in BCOBS. Chapter 11 is to be updated to reflect the 2019 adjustment in those eligible to take complaints to the Financial Ombudsman Service (as per DISP 2.7).

If you would like to comment on the proposed changes or need any help to understand or meet the FCA’s expectations, please do not hesitate to get in touch with my colleagues or me.

This post contains a general summary of advice and is not a complete or definitive statement of the law. Specific advice should be obtained where appropriate.