On 15 November 2023, the Prudential Regulation Authority (PRA) published a Dear Chief Financial Officer (CFO) letter setting out the steps firms should consider taking to mitigate risks relating to deposit aggregators (DAs) that they may have relationships with, either now or in the future.

The potential risks associated with the increasing volumes of deposits that are being sourced via DAs were first highlighted in a joint PRA/FCA Dear CEO letter, “Obtaining Deposits via Deposit Aggregators”, in April 2021. The PRA has since sought to enhance its understanding of the size and nature of firms’ relationships with DAs, and as part of this it sent out an information request on the topic to firms in 2022.

As a result, the PRA has learned more about the steps that can be taken to mitigate risks that DAs could pose to the safety and soundness of regulated firms. It sets out in the letter some specific examples of actions that it would encourage CFOs to take, to the extent that their firm’s deposit book relies on funding sourced via DAs. The actions aim to mitigate risks in three main areas:

  • Pay-out risk in relation to the Financial Services Compensation Scheme (FSCS).
  • Liquidity risk.
  • Third party risk.

Ensuring depositor protection

The letter sets out steps that firms could take to mitigate risks that could impact FSCS pay-outs, with the aim of ensuring that the FSCS can respond effectively to the failure of a deposit-taker that uses DAs. Those steps include:

  • Verifying “absolute entitlement” to funds held on trust (via the DA arrangements) for underlying beneficiaries, to ensure they have similar protection to customers who make direct deposits with a deposit-taker.
  • Managing data to permit orderly failure – the DA must be able to provide the FSCS with sufficient and accurate data on ultimate beneficiaries to facilitate swift pay-out.
  • Confirming customer checks (i.e., know your customer and anti-money laundering checks) are performed and evidenced to a sufficient standard.
  • Proactively engaging with DAs to raise awareness of, and promote participation in, voluntary FSCS testing facilities for DAs.

Managing liquidity risk

The PRA reminds CFOs that there is a risk for deposit-takers (notably for small and medium-sized firms) that deposits from a DA may represent a significant portion of their balance sheet and present a concentrated liquidity risk. To address this risk, firms should:

  • Factor potential correlation and concentration risk, in addition to the potential speed of outflows, into their management of liquidity risk and funding needs.
  • Make appropriate assumptions around the correlation and concentration of funding in their internal stress testing to ensure compliance with the PRA’s overall liquidity adequacy rule.
  • Ensure they comply with their responsibilities under the PRA’s Fundamental Rules 3, 4 and 5 to: (i) act in a prudent manner; (ii) at all times maintain adequate financial resources; and (iii) have effective risk strategies and risk management systems.

Outsourcing and third-party risk management

The letter also notes that deposit-takers should manage their arrangements with service providers closely and prudently, consistent with the PRA’s expectations on outsourcing and third-party risk management. This includes considering:

  • How the PRA’s expectations (set out in Supervisory Statement SS2/21 – Outsourcing and third-party risk management) relate to the arrangements firms have with DAs, including the controls the firm should have in place to mitigate risks in relation to third party arrangements.
  • The PRA’s letter to firms earlier in November regarding innovations in the use by deposit-takers of deposits, e-money and regulated stablecoins.

Next steps

CFOs are asked to consider the recommended actions set out in the letter in the context of the arrangements their firm currently has with DAs, or plan to have in the future.