The Brexit saga continues, but what does the FCA expect from you?
One month ahead of the (latest) impending Brexit day, the general feeling among firms remains one of confusion. As it stands, the assurance one can usually take in the statutory process appears to have gone out the window. In the past week, we have seen the Supreme Court rule that PM Boris Johnson’s prorogation of Parliament was an unlawful attempt to subdue the scrutiny Parliament is expected to place on the Executive. Furthermore, the Benn Act was passed by Parliament, prior to the Prime Minister’s attempt to prorogue it, aimed at preventing Government from committing the UK to a No Deal Brexit. While this is now a legal obligation for the Executive, the Prime Minister has publicly said he will ignore it and plans to see that the UK leaves on the 31st of October, “do or die”.
As of today, credit institutions, MiFID investment firms, e-money institutions and payment institutions must maintain a register of outsourcing agreements that can be made available to the FCA on request and new arrangements must meet the European Banking Authority (‘EBA’) Guidelines. Existing arrangements must be made compliant by the end of 2020.
Firing off an email to the wrong recipient can be embarrassing however sending funds to the wrong beneficiary is not only negligent but can also be costly. With £350 million worth of payments misdirected in 2018 alone and £145 million each year going unrecovered; the benefit of implementing a system to check the name on the account as a way of decreasing the volume is clear.
At the beginning of February this year, eight weeks prior to the original 29th March Brexit date, we published a blog entitled “No-deal Brexit – is there a regulatory backstop?” In this blog, we attempted to summarise what firms could expect in the event we crashed out having failed to agree transitional provisions with the EU27. Eight months, four failed votes and one prime minister later we find ourselves in a painfully similar situation eight weeks before the new Brexit date of 31st October. In this blog we will revisit some the issues addressed in our initial blog, and how these may have changed since the time of writing. I write this though at a time of the utmost uncertainty, with legislation proposed to remove the possibility of No Deal, another Prime Minister under threat, and the possibility of a General Election that might yet result in a new referendum. Nevertheless, let’s deal with the here and now…
Under PSD2, payment services providers across the EU are required to provide statistical data on fraud to their respective competent authority.
In the UK, relevant firms are required to collect and submit data on the volume and value of all payment transactions, as well as the volume and value of fraudulent transactions, and provide this to the FCA through Gabriel using the REP017 report; this information is in turn aggregated and shared with the European Banking Authority and the European Central Bank.
Back in January, we released a blog to provide an overview of the FCA’s interim REP017 report to cover the reporting period between 13 January to 31 December 2018. However, since then, the FCA has released an updated and much expanded REP017 report (with most PSPs being switched to a bi-annual reporting period).
As with our last one, this blog aims to give a high-level overview of who REP017 applies to, what transactions it captures and how the data on fraudulent transactions need to be categorised; we will also detail the key changes in approach since then.
Broken down to its most basic level, an audit is a method by which firms seek an external opinion on their policies, procedures, systems and controls. Rather than an exercise in detecting shortcomings and failures, the process of a compliance audit should be viewed as a means of testing an AML/CTF framework to identify opportunities to undertake enhancements as well as highlighting any issues. In essence, the intention is to provide assurance that the firm is operating in an compliant manner within its own specific regulatory framework.
fscom's James Borley features in Thomson Reuters where he discusses the desire among payments firms for a better understanding of the licensing requirements of competent authorities in other European Economic Area (EEA) countries. View the full article below.