On 16 March 2023, the FCA published a Dear CEO letter on its priorities for payments firms. The letter was sent to CEOs of firms within the FCA’s payments portfolio, including those authorised or registered under the Payment Services Regulations 2017 (PSRs) and the Electronic Money Regulations 2011 (EMRs).
The letter explains that the FCA is concerned that many payments firms do not have sufficiently robust controls and that, as a result, some firms present an unacceptable risk of harm to their customers and to financial system integrity. It also notes that the risk of customer harm is heightened by the tightening economic conditions and the cost-of-living crisis.
To address these concerns, the letter sets out three outcomes that payments firms should strive towards.
Outcome 1: Ensure that customers’ money is safe
In light of the risk that customer money may not be safe if payments firms fail in a disorderly way, the FCA’s approach to ensure customer money is safe focuses on three priorities:
- Safeguarding: The FCA expects firms to make it a top priority to ensure that their customers’ money is safe. They should ensure that their firm is safeguarding customers’ funds in line with the PSRs or EMRs (as applicable) and the guidance set out in the FCA’s Approach Document. The letter sets out specific actions firms should take in this regard.
- Prudential risk management: The FCA expects firms to regularly review their prudential risk management arrangements, including ensuring they: meet regulatory capital requirements, consider the particular financial risks they face, set or review their risk appetite, forecast likely financial performance in various scenarios, consider holding additional capital and planning their financial resources well ahead on an ongoing basis.
- Wind-down planning: The FCA expects firms to ensure that they have an appropriate wind-down plan in place and ensure that it is reviewed regularly and kept up to date so that it continues to meet the FCA’s expectations.
Outcome 2: Firms should not compromise financial system integrity
The FCA expects firms to ensure that their anti-money laundering (AML) systems and controls are effective and commensurate with the risks in the business, including as it grows over time. Firms should conduct regular reviews to assess their compliance with AML obligations and sanctions requirements, and work swiftly to remediate weaknesses identified.
Furthermore, firms should take immediate action to protect their customers against the risk of fraud and to ensure that the firm is not being used to receive the proceeds of fraud. This includes reviewing internal risk appetite statements and policies and procedures to ensure they adequately address the risk of fraud, regularly reviewing fraud prevention systems and controls, and maintaining appropriate customer due diligence controls at the onboarding stage and on an ongoing basis.
Outcome 3: Ensuring that customers’ needs are met through high quality products and services (implementation of the Consumer Duty)
The FCA expects firms to ensure that customer needs are met through adequate implementation of the FCA’s Consumer Duty. Firms should take appropriate action to ensure that they comply with the Consumer Duty as set out in the FCA’s letter sent to payments firms on 21 February 2023.
Next steps
The FCA expects payments firms to take prompt action to address the risks highlighted in the letter, including the three outcomes outlined above as well as cross-cutting themes relating to robust governance, operational resilience and supporting the environmental, social and governance (ESG) agenda. Firms will be expected to explain, on request, the actions they have taken in response to the letter.