The UK Financial Conduct Authority (FCA) Business Plan 2020/2021 (the Business Plan) sets out the FCA’s strategic focus for the next one to three years. It identifies payment services as a key priority.
This Update discusses the aspects of the Business Plan relevant for payment service providers (PSPs), the FCA’s approach to enforcement and the key takeaways for PSPs.
The Business Plan: Key Points for PSPs
The FCA has expressed concern that the current COVID-19 crisis will affect the financial strength of PSPs and consumers’ ability to access cash and payment services. The FCA’s stated aim is to ensure that payments are safe and accessible. To achieve this, the FCA has identified three key outcomes:
- Consumers transact safely with PSPs.
- PSPs meet their regulatory responsibilities.
- Consumers and small to medium-size enterprises (SMEs) have access to a variety of payment services.
Consumers transact safely with PSPs
The FCA expects firms to handle and store data securely and to minimize the impact of fraud and operational failures. The FCA has said it will ensure that PSPs have appropriate systems and controls in place to minimize the occurrence of accounts being used for fraud, money laundering and other financial crimes.
PSPs meet their regulatory responsibilities
The FCA expects PSPs to meet their regulatory responsibilities, including safeguarding customer funds, while continuing to compete on quality and value.
Consumers and SMEs have access to a variety of payment services
The FCA expects consumers and SMEs to have access to a range of payment services. In particular, the FCA is seeking to ensure that certain consumer groups are not excluded and that consumers can make payments using their preferred method (e.g., cash).
FCA Approach to Enforcement
The Business Plan is the latest step in a ratcheting up of supervisory efforts by the FCA affecting the payments sector. In particular, the FCA is starting to take a much more proactive approach to supervising nonbank PSPs, such as electronic money institutions (EMIs) and payment institutions (PIs). In 2019 the FCA carried out a review of EMIs and PIs to assess compliance with safeguarding requirements, which included requests for specific attestations of compliance from senior managers of such firms.
The FCA is also focusing on the financial and operational resilience of nonbank PSPs, including active monitoring of certain PIs and EMIs to ensure they are meeting their regulatory capital requirements. The COVID-19 crisis has brought the issue into sharp focus.
The FCA has also committed to monitor operational incidents and outage times and has stated that it expects these to reduce. Further, the FCA has said it will assess whether PSPs have adequate systems and controls to prevent money laundering, fraud and other financial crimes. The FCA has confirmed that it will monitor these through the regulatory returns PSPs are required to file with it.
Key Takeaways for PSPs
Given the FCA’s renewed focus on the payments sector, PSPs should proactively review and, where necessary, update their compliance policies and procedures, particularly in relation to financial crime. PSPs should also assess their governance and risk management arrangements and ensure these are appropriate for their business models in the current economic climate.
Last, PSPs should be aware of their reporting obligations, in particular in relation to the duty to notify the FCA of major operational or security incidents and the general duty to notify the FCA of any changes of which the FCA would reasonably expect notice, which would generally include material regulatory breaches (even if these were inadvertent).