The Financial Conduct Authority (“FCA”) has released its hotly anticipated Consultation Paper on safeguarding, sending a clear message to the Payment Services and E-Money industry: safeguarding practices are about to receive a serious upgrade.
Driven by high-profile firm failures that left customers grappling with delays and reduced returns of their funds, the FCA is removing ambiguity and aligning safeguarding practices with the robust framework of the Client Asset Sourcebook (“CASS”), moving the guidance-based safeguarding requirements into a new rules-based chapter in the CASS sourcebook: CASS 15. The new rules are characterised by improved records and reconciliations, enhanced governance, monitoring and reporting, and the implementation of statutory trusts and more robust safeguarding methodologies.
This blog, the first in a Deloitte series being published throughout October and November, will provide an overview of the proposed new rules - with key areas explored in further detail in the subsequent blogs.
The collapse of firms such as Ipagoo LLP and Allied Wallet Ltd highlighted the importance of safeguarding and focussed the attention of the FCA on areas of the regime that required improvement. Instead of being prioritised, customers were left with insolvency practitioners navigating a complex web of unclear processes and inadequate documentation surrounding the handling of their funds. This was compounded by the Court of Appeal in the case of Ipagoo LLP ruling that the Electronic Money Regulations (“EMRs”) do not impose a statutory trust in relation to funds received from electronic money holders. A subsequent court judgement following the insolvency of Allied Wallet Ltd, ruled that the Ipagoo judgement also applied to the Payment Service Regulations. These shortcomings resulted in:
As outlined in the Consultation Paper, 12 Payments Firms that safeguarded relevant funds became insolvent between Q1 2018 and Q2 2023 (c.1.2% of Safeguarding firms) and of those firms “there was an average shortfall of 65% in funds owed to clients”, weighted 80% on average shortfall for E-Money Institutions and 41% for Authorised Payments Institutions.
These examples clearly demonstrate that insolvency in the sector is not just a hypothetical risk and that the importance of adequate safeguarding measures cannot be over-stated.
The implementation of CASS 15 has been proposed under a phased implementation timeframe, here’s what you need to know:
The interim rules are those that will be finalised in the first Policy Statement, expected in H1 2025 and will become effective 6 months after that. Therefore firms will need to be fully compliant with the interim rules before the end of 2025. We recommend firms start planning now!
Reconciliations
The FCA is clarifying its expectation that firms must perform separate internal reconciliations and external reconciliations of relevant funds. Firms will also be required to perform reconciliations more frequently, including mandatory daily reconciliations for all business days, including weekends and bank holidays where the firm is open for business as required for the execution of a payment transaction.
Resolution Packs
The FCA is introducing CASS chapter 10A requiring a mandatory "CASS Resolution Pack” for Safeguarding firms. This comprehensive document will provide insolvency practitioners with a clear roadmap of the firm's safeguarding arrangements, expediting the return of customer funds. This document is of paramount importance, with existing CASS firms frequently receiving FCA visits solely to review the firms’ resolution packs.
Regulatory submissions
Firms will be required to submit monthly “Safeguarding Returns”, similar to the existing CASS Client Money and Asset Returns (“CMARs”), to the FCA. These returns must detail the value of relevant funds and investment assets held, identify the banking and custodian institutions where these assets are held, and outline the segregation and reconciliation methodologies employed. Notifications of any ‘notifiable breaches’ will also need to be included, requiring firms to maintain adequate and robust breach identification and reporting processes.
The FCA is raising the bar for safeguarding audit quality and consistency, with the FCA viewing such reports as a key tool/resource in its monitoring responsibilities. This involves a multi-pronged approach which will closely align Safeguarding with the existing CASS audit regime:
Standardised Formats: safeguarding audit reports will follow a standardised format, ensuring clarity, consistency, and ease of comparison across firms.
Annual Submissions: Auditors will be required to submit their safeguarding audit reports to the FCA annually. This regular reporting provides the FCA with timely insights into industry practices and potential areas of concern, enabling them to more readily identify and intervene in firms that do not meet the required expectations.
Independent Qualified Auditors Only: Safeguarding audits will need to be performed by independent qualified audit firms with proven experience in safeguarding audit quality.
Compliance without materiality: The FCA expects compliance with every detail of the rules with no materiality. This means that a breach of the rules with even the value of a penny for just a few hours would lead to its inclusion on the breaches log appended to the report.
Reasonable vs Limited Assurance: The FCA is proposing to extend the safeguarding audit requirement to ALL Payments Firms, other than payment initiation service providers, Small Payment Institutions (“SPIs”) and credit unions that issue e-money. The audit requirement will apply whether or not a Payments Firm was required to safeguard relevant funds during the period the audit relates to or not. Where the firm did not, the consultation paper introduces the concept of a “Limited Assurance” safeguarding audit – similar to the existing Limited Assurance CASS audit.
Use of Third Parties
The existing FCA Approach Document Chapter 10 requirements already require Safeguarding firms to exercise due skill, care and diligence in selecting and appointing and periodically reviewing credit institutions, custodians and insurers involved in the institution’s safeguarding arrangements. The proposed changes however extend this to include all third parties that provide accounts where relevant funds or assets are either received or deposited, manage relevant assets or provide insurance / comparable guarantees. This is particularly pertinent for firms that are receiving relevant funds through acquirers or accounts used solely to access a payment system (see segregation of relevant funds section below).
Designated safeguarding accounts will also need to be clearly identifiable, with the word ‘safeguarding’ used in the account name wherever possible.
Insurance or Comparable Guarantee
The FCA is, for the foreseeable future at least, allowing the continued use of the insurance or comparable guarantee method. This however comes with greater restrictions on its use including limitations on conditions of pay outs, 3-month planning timeframes pre-expiration of the policy, inclusion of the aggregate value of insurance/guarantee covered relevant funds within the ‘safeguarding resource’ and maintenance of a relevant funds bank account for at least the full term of the policy/guarantee to receive the proceeds following expiration.
The end-state rules will be finalised in the second Policy Statement. No timeframe has been given, but is dependent on HM Treasury repealing the existing safeguarding requirements. Once the policy has been issued, firms will have 12 months to implement the changes.
Statutory Trusts
The cornerstone of the new ‘end-state rules’ is the mandatory use of statutory trusts for holding relevant funds. This legal structure will provide a clear fiduciary relationship between a firm and its clients rather than the current creditor/debtor relationship. This ensures that customer funds are ring-fenced and readily identifiable in case of insolvency rather than just a priority interest for consumers above other creditors. This is designed to significantly strengthen consumer protection and expedite the complete return of funds. Statutory trusts will cover relevant funds/assets held both under the segregation method and also safeguarded via the insurance/comparable guarantee method.
Segregation of Relevant Funds
The FCA’s end-state rules also mandate immediate segregation of customer funds upon receipt. Practically, this means relevant funds must be received directly into a designated safeguarding account. This mirrors the existing ‘normal approach’ to segregation in the CASS rules and minimises the risks surrounding customer funds being commingled with a firm’s own assets. Firms that currently receive relevant funds into non-designated safeguarding accounts, including those offered by EMIs, will be required to switch to designated safeguarding accounts offered by approved providers. Note that firms would be allowed to choose not to apply this immediate segregation requirement in relation to funds received through an acquirer, funds received into accounts used solely to access a payment system, or funds that are received as cash or cheques.
Deloitte will be publishing a series of in-depth articles exploring the implications of these new regulations for the Payment Services and E-money industry in the coming weeks. Please see our next article on enhanced reconciliations to be released shortly.
Deloitte will also be holding a webinar during October 2024 to talk through some of the key challenges posed by the Consultation Paper and how firms should best prepare.
Our specialist CASS and Safeguarding assurance team at Deloitte are here to support and help navigate these upcoming changes. Please contact us to discuss further or request an invitation to the webinar.