On 3rd February 2025, the FCA issued a Dear CEO letter to firms that fall into the payments supervisory portfolio. The letter sets out the FCA’s supervisory priorities for the sector, aligning those priorities with the Government’s goal for the UK to have a trusted, world-leading payments ecosystem. The FCA acknowledges that there have been notable improvements in the payments sector since the previous letter issued in March 2023, but the regulator also makes clear that there is more work for firms to do. The letter details three key outcomes for firms to focus on:
Outcome 1: Effective competition and innovation to meet customers’ needs, characteristics and objectives
The FCA restates its commitment to encouraging firms to embrace innovation and technological developments that align with the interests of customers. It invites firms to use the tools and support it has made available in this area. The letter acknowledges that Consumer Duty has been implemented by many firms in line with expectations. However, there is a significant proportion of firms in the payments sector that still have a way to go. The FCA outlines its intention to continue to monitor the implementation of the Duty amongst those firms. As part of this, the regulator will consider the clarity of foreign exchange pricing and how well customers are able to understand the price they pay for these services. If this is an area that’s relevant to your business, you should take this opportunity to ensure that your approach to this offer clarity and aligns with the Duty.
Outcome 2: Firms do not compromise financial system integrity
Unsurprisingly, financial crime remains high on the FCA’s agenda. The letter provides a prompt for recipients to ensure that financial crime governance, systems and controls are effective and aligned with the nature, scale and complexity of the business. The letter also highlights the end of the transitional period for implementation of the new rules and guidance on operational resilience and reminds firms that they must have performed the required mapping and testing by 31March 2025.
Outcome 3: Firms keep customers’ money safe
The letter highlights safeguarding as a supervisory priority and acknowledges that the consultation on the changes to the safeguarding regime is now closed with the final interim rules expected to be published mid-2025. in the meantime, firms need to continue to comply with the Payment Services Regulations/Electronic Money Regulations as applicable, and the guidance set out in the FCA’s Approach Document. In particular, the FCA highlight key areas for focus:
- Identification of relevant funds – knowing which funds you are required to safeguard is an essential part of managing the risk of a shortfall. You should map out and review your cash flows to identify relevant funds that require safeguarding. This can be a complicated process for some firms, particularly those doing business globally and the FCA flag that you should take advice if you’re unsure what constitutes relevant funds. Thinking ahead to the proposed new rules, you should also begin to think about liquidity planning for shortfall funding and to cover funds passing through agents, if you have any.
- Books and records – must be maintained accurately and consistently and this is an opportune time for you to review your reconciliation processes to make sure that they are run daily, using the right processes or tools. Whilst the guidance on reconciliations in the FCA’s ‘Our Approach’ document is limited, the consultation paper can provide useful insights into what ‘good’ can look like on this front. You should also make sure that you have the right controls around the timeliness and accuracy of reconciliation completion.
- Reporting adverse audit findings – payments and e-money firms are required to have an annual audit of their compliance with the safeguarding requirements. If the auditor identifies any material adverse findings, the FCA expects to be notified. You should make sure that you have an audit each year and that it is carried out by an appropriately qualified third party. You should also make sure that you have appropriate governance around the output of your safeguarding audits to ensure that any material findings are reported to your Board and that remediation is properly managed. The proposed new rules will bring additional audit requirements to firms, with the audit report sent directly from the auditor to the regulator, so it’s worth making sure you have the right control and governance in place before that comes into force.
- Use of safeguarding insurance – If you are in the 5% of firms that use safeguarding insurance, you need to make sure that your policies are in line with the guidance in the FCA’s Approach Document and that you have back-up plans in place in case you’re unable to renew or the insurance becomes uneconomic to use. Much of the guidance that already exists will become rules under the new safeguarding regime, so it’s worth double checking now that you are able to extend your policy 3 months ahead of its expiry and for the policy to have no restrictions around the prompt payment of a claim.
Hand in hand with the safeguarding supervisory priority is capital adequacy and wind down planning. The FCA is keen to make sure that not only is your customers’ money safe, but also that you are appropriately managing prudential risk on an ongoing basis and that you have effective, documented wind-down plans to minimise customer impact if things go wrong.
Next steps
Throughout the letter, the FCA emphasises the importance of strong governance and leadership across firms in the sector. Weaknesses in these areas are often at the root of regulatory issues. Firms are expected to ensure their governance arrangements provide effective oversight and are proportionate to the scale and complexity of their business. This includes properly overseeing agents and outsourced functions to ensure compliance and minimise risks to customers.
If you are a recipient of the letter, you need to discuss it with your governing body and executive committee. You must proactively consider the outcomes detailed in the letter and how well your firm meets the regulator’s expectations. If work is needed, you should prioritise it and keep records of what you do, so that you can show the FCA how you responded to the letter, if needed.
How Square 4 can help
Square 4 has a market leading team of CASS experts, who have extensive experience working with firms ensuring compliance with safeguarding guidance and CASS requirements. We are well-placed to support you in your work towards compliance with the new CASS 15 rules. We recommend that you start planning this work as soon as possible. While the FCA has not yet finalised the rules, we have good visibility of what they’re likely to look like, so now is the right time to start identifying what gaps you might need to address to achieve compliance. We can help you review and map your existing systems, controls and processes and assess them against the proposed rules to identify gaps. We can also help you to design new or update existing processes to address the gaps identified.
If you need support in any of these areas, email us at hello@square4.com.
