The FCA’s proposed changes to the safeguarding rules will have a significant impact on payment institutions (PIs) and electronic money institutions (EMIs). The new rules will be introduced in two phases: the interim-state, expected to come into effect during the first half 2025; and the end-state, which is due to go live during the final 6 months of the year.

The interim rules seek to improve compliance with the existing guidance and will introduce major changes within the existing legal framework. The end-state rules will be embodied in a new chapter in the FCA Client Assets Sourcebook (CASS 15).

In this article, we draw on our extensive experience in CASS matters and expertise in the payment services sector to suggest how management teams can prepare for the upcoming changes.

What affected firms should do in the ‘interim state’

The new rules focus on three main areas: improved record keeping, enhanced monitoring and reporting, and strengthening safeguarding processes. So, what will payments and e-money firms need to work on in time for the implementation of the interim state?

• Improving your books and records

The FCA wants to see accurate books and records – this includes having adequate policies and procedures in place, maintaining records and accounts of relevant funds, and performing both internal and external relevant funds reconciliations at least once a day.

A new section will also be added to the CASS rules which will require payments firms to maintain a resolution pack. This is meant to make it easier for insolvency practitioners to be able to retrieve key information about the firm’s safeguarding arrangements within a short space of time if an insolvency event occurs.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Electronic Payments International.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

• Enhancing your reporting

Firms will be required to have an external audit of their compliance with the safeguarding rules. Importantly, the person carrying out the firm’s safeguarding audit will need to be suitably qualified, and there is a risk that firms may find that their current auditor does not meet this definition.

There will also be a requirement to complete and submit a new monthly safeguarding regulatory return, replacing the questions on safeguarding which are included in the existing regulatory returns.

• Strengthening elements of the safeguarding practices

The main elements to be aware of during the interim state relate to the segregation of relevant funds:

1. firms will need to exercise due skill, care and due diligence when appointing third parties. Some firms currently hold relevant funds in e-wallet accounts in the period from receipt to the end of the day following receipt. Due diligence will be required to be performed on these third parties.
2. there will be an expectation for firms to use the word ‘safeguarding’ when naming accounts for relevant funds held with all third parties, including those accounts held with other payments firms.
3. it will be mandatory to have acknowledgment letters for safeguarding accounts held with banks or custodians.

What firms will need to do in the ‘end state’

For the end-state, payments firms should mainly prepare for the following:

• Improving your books and records

We would encourage firms to update their policies and procedures, resolution packs and other relevant documents to align with the end-state requirements, such as including the statutory trust wording in acknowledgment letters.

• Strengthening -elements of safeguarding practices

In respect of the segregation of relevant funds element, payments firms will be required to:

• receive relevant funds directly into designated safeguarding accounts with a few exceptions for funds received as cash, or received either through a merchant acquirer or into an account held only to participate in a payments system
• update the wording in their acknowledgement letters to refer to the statutory trust over relevant funds and assets
• be allowed to pay own funds into designated safeguarding accounts to prevent a shortfall in relevant funds under a new prudent segregation rule
• be allowed to treat funds as relevant funds where they are unable to identify whether the received funds belong to their customers or to the firms themselves. These funds can be recorded as “unidentified relevant funds”.
• Holding funds under statutory trust

The FCA will be imposing a statutory trust on all relevant funds held by payments firms. Firms will therefore need to ensure that this position is made clear in their acknowledgement letters.

A statutory trust is a trust established automatically by legislation, rather than by an express agreement between parties. Its imposition will strengthen the protection of relevant funds by making it clear that such funds are held for the benefit of the firm’s customers as the principal beneficiaries, with the firm’s role being that of a trustee.

When will firms need to undertake a full CASS audit?

Under the new rules for the interim state, firms need to ensure that a safeguarding audit is carried out by a person eligible to be appointed as a qualified auditor. Where a firm’s safeguarding audit was being carried out by a consultant who is not a qualified auditor for example, the firm will need to appoint one. This requirement will come into effect six months after the interim rules have been published by the FCA.

What will happen to the firms that are not ready?

The FCA has set out some of the actions it will take when the proposed rules are not complied with. For example, the FCA will appoint an auditor for a payments firm where the latter has failed to appoint one within 28 days of being required to do so.

How can firms prepare now and what are the pitfalls?

We encourage affected firms to review the proposed changes, including carrying out a gap analysis to assess how the changes will impact their business. Firms can start by going through the FCA’s consultation paper: CP24/20: Changes to the safeguarding regime for payments and e-money firms.

Firms should also review their safeguarding organisational arrangements and align them with the proposed rules. Relationships and arrangements with third parties involved in the firm’s safeguarding processes (such as credit institutions, custodians, agents and distributors) will need to be looked at.

Several new documents, such as the resolution pack, will also need to be introduced, while a repapering exercise will be required for others such as the acknowledgment letter.

A lot is happening in a short space of time, so it is important for affected firms to get this right. Drawing on trusted advice and support could be invaluable in these circumstances.

Oliver Hawes is a director at PKF Littlejohn