The Financial Conduct Authority (FCA) is taking every opportunity to warn payment and e-money institutions over “unacceptable” practices in safeguarding client funds, as well as around risk governance and financial management.
The Brexit saga continues, but what does the FCA expect from you?
One month ahead of the (latest) impending Brexit day, the general feeling among firms remains one of confusion. As it stands, the assurance one can usually take in the statutory process appears to have gone out the window. In the past week, we have seen the Supreme Court rule that PM Boris Johnson’s prorogation of Parliament was an unlawful attempt to subdue the scrutiny Parliament is expected to place on the Executive. Furthermore, the Benn Act was passed by Parliament, prior to the Prime Minister’s attempt to prorogue it, aimed at preventing Government from committing the UK to a No Deal Brexit. While this is now a legal obligation for the Executive, the Prime Minister has publicly said he will ignore it and plans to see that the UK leaves on the 31st of October, “do or die”.
As of today, credit institutions, MiFID investment firms, e-money institutions and payment institutions must maintain a register of outsourcing agreements that can be made available to the FCA on request and new arrangements must meet the European Banking Authority (‘EBA’) Guidelines. Existing arrangements must be made compliant by the end of 2021.
Firing off an email to the wrong recipient can be embarrassing however sending funds to the wrong beneficiary is not only negligent but can also be costly. With £350 million worth of payments misdirected in 2018 alone and £145 million each year going unrecovered; the benefit of implementing a system to check the name on the account as a way of decreasing the volume is clear.
At the beginning of February this year, eight weeks prior to the original 29th March Brexit date, we published a blog entitled “No-deal Brexit – is there a regulatory backstop?” In this blog, we attempted to summarise what firms could expect in the event we crashed out having failed to agree transitional provisions with the EU27. Eight months, four failed votes and one prime minister later we find ourselves in a painfully similar situation eight weeks before the new Brexit date of 31st October. In this blog we will revisit some the issues addressed in our initial blog, and how these may have changed since the time of writing. I write this though at a time of the utmost uncertainty, with legislation proposed to remove the possibility of No Deal, another Prime Minister under threat, and the possibility of a General Election that might yet result in a new referendum. Nevertheless, let’s deal with the here and now…
Under PSD2, payment services providers across the EU are required to provide statistical data on fraud to their respective competent authority.
In the UK, relevant firms are required to collect and submit data on the volume and value of all payment transactions, as well as the volume and value of fraudulent transactions, and provide this to the FCA through Gabriel using the REP017 report; this information is in turn aggregated and shared with the European Banking Authority and the European Central Bank.
Back in January, we released a blog to provide an overview of the FCA’s interim REP017 report to cover the reporting period between 13 January to 31 December 2018. However, since then, the FCA has released an updated and much expanded REP017 report (with most PSPs being switched to a bi-annual reporting period).
As with our last one, this blog aims to give a high-level overview of who REP017 applies to, what transactions it captures and how the data on fraudulent transactions need to be categorised; we will also detail the key changes in approach since then.