Skip to main content
Perspective:
Perspective
14 Feb 2025
10 minute read

The payments regulatory shift: Are you ready for the safeguarding requirements?

More about the author

Recently, we shared a regulatory update about Chapter 3 of the Financial Institutions Rulebook (known as FIR/03) issued by the Malta Financial Services Authority (MFSA). In this article, the first in our series on FIR/03, focuses on one of the regulation's key aspects - Safeguarding.

The importance of robust safeguarding controls

Financial institutions (FIs) must ringfence client funds received for payments or in exchange for e-money by holding them in segregated, safeguarded accounts. The objective of this measure is to ensure that clients can retrieve their funds from the institution in a timely manner in the event of a failure. Effective safeguarding minimises the risk of shortfalls, delays in identifying consumer entitlements, and costs incurred during insolvency.

Insolvency risk in the payments industry is not negligible. Between Q1 2018 and Q2 2023, 12 payment firms subject to safeguarding practices became insolvent in the UK alone, resulting in significant shortfalls of client funds. This underscores the reason regulators have identified safeguarding of client funds as a priority area in their supervision plans.

Key considerations

The safeguarding section of the regulation has been significantly bolstered, raising the compliance bar and detailing regulator expectations. This includes requirements related to reconciliations, policies, transfers, audit and notification requirements, responsible persons, and credit institutions.

FIs should ensure compliance with the new requirements immediately, as the full extent of the new rule came into force on 15 December 2024. For some institutions, achieving compliance may necessitate changes in systems, processes and operations and this may also impact the level of human resources or automation required. Here are the most critical aspects:

 

1. Safeguarding account

FIs must safeguard client funds in EU credit institutions or branches of third-country credit institutions in Malta. This may be challenging for organisations based outside Europe (e.g., UK) using non-EU credit institutions. FIs should review their arrangements to ensure compliance and notify the MFSA of any changes.

 

2. Reconciliations

The regulator mandates that financial institutions (FIs) regularly perform reconciliations between the balance of clients' funds recorded in their internal systems and the actual balance held in safeguarding accounts with third parties.

In determining the frequency of these reconciliations Fis should consider several factors. This includes the risks faced by the FI, the size and complexity of its business, and the outcomes of periodic reviews performed on the credit institutions used for safeguarding purposes. Risks are generally considered to be greater, where the FIs invest client funds and/or permit merchants to transact in multiple currencies.

Additionally, the regulation mandates that any reconciliation discrepancies (shortfall/surplus) are corrected as soon as practicable and by no later than the same business day.

In meeting the above regulatory expectations, we have noted that the FIs are facing certain challenges as follows:

  • Multiple currency payments: Processing transactions in multiple currencies may increase the complexity of the reconciliation process particularly when the exchange rates applying to incoming and outgoing flows vary.
  • Safeguarding method: Using an indirect method to safeguard client funds adds a layer of complexity to the reconciliation process.
  • Man-power: The reconciliation process can be, a rather labour-intensive activity, particularly when these are complex and the use of automation is limited. This presents a greater challenge when these reconciliations are expected to be performed frequently.
  • Relevant funds identification: It may be technically challenging for FIs to distinguish between relevant funds and funds that are still in transit unless their systems are configured to support it.

 

3. Policies and procedures

FIs must demonstrate they have adequate internal control mechanisms to minimise the risk of loss of relevant funds through fraud, misuse, or negligence. This includes a well-documented and Board-approved safeguarding policy detailing the safeguarding methodology, governance arrangements, critical systems, third-party assessments, and reconciliation methodology.

Additionally, FIs should have a dedicated reconciliation procedure that is detailed and clear, covering data sources, the controls to ensure the accuracy, completeness and integrity of the data used in the reconciliation, actions for reconciliation breaks, and rationale for reconciliation frequencies. FIs must ensure that their policies and procedures accurately reflect current practices.

 

4. Notification, reporting and audit requirements

The regulator has introduced several mechanisms for ongoing monitoring of FIs safeguarding arrangements:

  • FIs must notify the regulator ahead of changes in safeguarding arrangements.
  • FIs must submit the FI return within 30 days after each quarter, including a section on safeguarding.
  • An annual safeguarding audit must be conducted by an independent auditor with the necessary skills and experience.
  • Internal audit functions must promptly inform the authority of any potential breaches of safeguarding requirements.

Recommended actions

  • Ensure reconciliation processes, controls, and systems currently meet the new regulatory requirements.
  • Review and update the safeguarding policy and reconciliation procedures to reflect current practices.
  • Review the frequency of reconciliations and actions for discrepancies to support safeguarding objectives.
  • Demonstrate compliance with safeguarding rules through appropriate documentation.
  • Ensure staff and designated safeguarding personnel have sufficient knowledge, skills, and training on the new FIR/03 requirements.
  • Safeguard client funds with credit institutions within the EU or Malta branches of third-country credit institutions.

How Deloitte can help

Our FinTech team, comprising industry specialists, can help you understand and navigate through the new regulatory expectations. We can support you with:

  • Development or review of safeguarding policy and procedures, including reconciliation methodology.
  • Annual safeguarding audit.
  • Safeguarding readiness assessment for the annual safeguarding audit.
  • Advisory on safeguarding and reconciliation best practices.
  • Training on safeguarding rules and best practices.

Please reach out to our team to discuss how we can assist you.

Webinar: Safeguarding best practices under MFSA FIR/03

10 Apr. 2025  |  Join our FinTech webinar to delve into the regulatory requirements, best practices, and common challenges when safeguarding client funds.

Register today!

Contact us

Ian Coppini

Strategy, Risk & Transactions Advisory leader
+356 2343 2000

Rafael Moreira

Senior Manager
+356 2343 2000

Cheryl Grech

Senior Manager
+356 23432397

Recommendations

Financial Services blog

Anticipating and managing digital and transformative change, productivity, regulatory requirements, open data and customer-centricity. Deloitte Malta's Financial Services blog explores topics such as Banking & Securities, Wealth Management and Investment, Insurance, the Future of Financial Services and more.
Blog

Payments

Deloitte’s payments team serves clients across the entire payments ecosystem with professionals across consulting, tax, risk advisory and audit.
Industry
5 minute read

Financial Markets Regulatory Outlook 2025

Deloitte's EMEA Centre for Regulatory Strategy presents its annual Regulatory Outlook report, which explores how major regulatory trends will affect the financial services (FS) industry across the EU in the year ahead, and how board members and senior executives can anticipate and respond to them effectively.

Banking & Capital Markets | Deloitte Malta

Deloitte Banking & Capital Markets consulting specialists help you to meet customer expectations as the way people and corporations engage with finances changes. 
Industry
5 minute read