The coronavirus pandemic has brought into focus

how precariously our economy is balanced.

This raises some serious concerns for the regulator,

especially when it comes to firms that can cause
real harm to consumers and the wider financial
markets. 

In the last couple of years some fairly large and

complex regulations were introduced, regulations
such as Payment Services Directive 2 (PSDII)
and General Data Protection Regulation (GDPR).

PSDII still has some parts that haven’t fully been

implemented, regulations on Secure Customer
Authentication (SCA) which have been delayed
again. E-Privacy regulations are still being thrashed
out. 

Some firms are still struggling with how to fully

implement GDPR. 

Couple this with updates to Money Laundering

Regulations and you start getting an idea how busy
the last few years have been with it comes to
regulations for all firms. 
This situation can be exacerbated by firms that are
authorised and not fully regulated by the FCA, or
have recently had to get to grips with regulations
and their nuances. Firms such as Payment Services
and Electronic Money. 

Back in July 2019 the FCA issued a “Dear CEO”

letter to payment services firms because it had
concerns regarding compliance with PSR17,
particularly around protection of client funds. 

The results have not been great! 

The FCA in their short consultation stated ‘…we

have found evidence that some firms have not
implemented the Electronic Money Regulations
2011 or Payment Services Regulations 2017 as we
expect. Examples include commingling of customer
and firm funds, firms keeping inaccurate records
and accounts, and not having sufficiently effective
risk management procedures’. 

There is little doubt the proposed guidance on

safeguarding in the short consultation will become
the established guidance. 

It’s worth taking a look at them now and ensuring

what firms must and should do to remain authorised
 and compliant. You can read the short
consultation here.

I’ve summarised some key points below:

• Firms must have dedicated safeguarding accounts

which separate the firms funds from client’s funds
• They must be named as such and explicitly include
wording such as ‘safeguarding’ or ‘client’ account
• Where that’s not possible, the firm is expected to have
this templated letter signed and agreed to by both the
bank and the firm  
• There must be a way of distinguishing funds held from
one client against those from another
• When it comes to firms providing foreign exchange,
daily reconciliation must be carried out with the process
and rationale documented 
• If a firm cannot comply with the above and/or if the
safeguarding account is closed by the banking/financial
institution then this must be notified to the FCA
• Firms are expected to periodically review, annually at
minimum, entities with whom they have safeguarding
accounts 
• The safeguarding of funds must also be against fraud,
misuse, negligence or poor administration
• The firm must ensure that any auditors audit their
compliance with safeguarding requirements and that
they have sufficient skills, resources and expertise to
carry out such an audit 
• The auditor in turn will now have a requirement to
report any breaches of safeguarding requirements to the
regulator
This may well be the penultimate warning shot by
the FCA before they start taking action if firms
continue to breach regulations. 

Payment services firms even got their own shoutout

in the FCA’s 2020/2021 business plan. Specifically
calling out three main outcomes:

• Consumers transact safely with payment firms 

• Payment firms meet their regulatory responsibilities
while competing on quality and value
• Consumers and SMEs have access to a variety of
payments services 
The concern is obvious, if a number of these firms
start going belly up, then clients, which may
include institutional clients as well, will have no
protection. These firms are not with the Financial
Services Compensation Scheme (FSCS).  

One other key thing highlighted in the consultation

paper (CP19/32) but not called out in the short
consultation is cyber security. 

Authorised Push Payment (APP) fraud has been on

the FCA and Payment Services Regulator’s (PSR)
radar for a while. 

As payment services firms haven’t signed up to the

draft voluntary Contingent Reimbursement Model –
where banks pool money and reimburse where APP
fraud was not due to any fault of the customer –
there is no recourse for clients unless they take their
complaint to the Financial Ombudsman Service
(FOS). 

This is on top of Principles of Business (PRIN)

being applicable to Payment Services firms since
August 2019. 

PRIN is the Swiss army for the FCA when it comes

to investigating a firm for possible breaches. 

If payment firms are consistently found breaching

safeguarding of relevant funds, then along with
breach of PSR and PSDII, they would also be
breaching PRIN. Taken together, it would result in
a hefty fine.

This also reflects the journey payment services

have been on when it comes to regulation. Whereas
the focus of the regulator was previously on EMIs,
they are now rapidly recognising the harm payment
services can also do to consumers and financial
markets. 

Die hard fans of PSDII know that Operational and

Security risk was always something of a concern
when it came to payment services firms. 

It’s not a surprise as around 2018 Open Banking

was starting to become a buzzword, with account
initiation services providers (AISP) and payment
initiation services providers (PISP) starting to
become a thing and the rise of challenger banks
seemed to be akin to a banking revolution. 

The EBA issued a final report on guidelines

for Operational and Security risks which would be
incorporated into FCA SUP 16 and regulatory
returns REP018.

If you’ve ever submitted those returns, you will

know that they really make you scrutinise your
business.

The summary of the EBA guidelines were always

around whether a business had been stress tested
against cyberattacks, had a sufficient Business
Continuity Plan (BCP) in place, with PSDII
safeguarding requirements ensuring client funds
were always safe. 
 Reading the guidance, it seems like the spirit of
these rules were always in place, however the FCA
is now starting to provide specific clarity through
its guidance.

Posted by
UshanJune 9, 2020
Posted in
Uncategorized
Tags:
payment services, PSDII, Regulation, safeguarding fundsLeave a comment
on Building operational resilience – the FCA’s second call-out to payment services to safeguard client funds.

Spots, Forwards and the

MiFiDII FX exemption!
When I first started in payment services in foreign
exchange, it took me a while to fully grasp the
difference between spots, forwards and the
exemptions under Markets in Financial Instruments
Directive (MiFiDII). 

There are some key regulations and guidance that

explain how some foreign exchange forwards fall
under the MiFiDII exemption. 

The most useful is the MiFiDII Delegated

Regulation which in Article 10 gives a succinct
definition of what a spot contract is and what
forward contracts fall outside of the definition of
financial instruments. 
Spot contract is a contract for the exchange of one
currency against another settled within two – five
trading days.    

Forward contract is a contract for the exchange of

one currency against another which has its
settlement date set more than five days in the future
and is exempt as a financial instrument if it is for
the purposes of a payment for identifiable goods,
services or direct investment. 

To understand what this means in reality, the

Financial Conduct Authority (FCA) in The
Perimeter Guidance Manual (PERG) gives
examples of when a forward would not be
considered a financial instrument. To read the
examples and more, check out PERG 13.4.

The Payment Services Regulation 2017 (PSR)

gives guidance on what specific information as per
Payment Services Directive II (PSDII) should be
included prior to booking a contract. 

PSR2017 refers to forward contracts as framework

contracts and the required information is
outlined here and for a spot contract, referred to as
a single payment service contract is here.  
Hope you found this useful!

Posted by
UshanJune 6, 2020
Posted in
Uncategorized
Tags:
FX, MiFiDII exemption, payment services, PSDIILeave a comment
on Spots, Forwards and the MiFiDII FX exemption!

Wait, why am I doing this?

This started off as a hobby, now it’s a necessity to
make sure I’m abreast of all those important
regulatory things!

I love blogging. Well, I actually just love writing!

That’s why I enjoy writing policies and procedures
and generally all things related to all the fun
compliance stuff.

I’m currently on furlough. Although the furlough

will end, this whole situation will end, I will need
someway of staying on top of all the regulatory
changes that are happening.

This is very much a “work-in-progress” and in the

spirit of scrums, I’ll take into account any feedback
I receive to shape this space.
Thank you for reading and keep grinding!