Rules Navigator

Future priorities for payment firms in letter from FCA to CEOs

FCA reception
Photo: FCA

Hameed Shuja, Thomas Hyrkiel

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

Latest Dear CEO letter addresses themes of innovation, competition and security.

The UK’s FCA has written to firms in the payment services sector, setting out its current priorities. The Dear CEO Letter addresses firms such as “Payment Institutions (PIs), Electronic Money Institutions (EMIs), and Registered Account Information Service Providers (RAISPs).”

It starts with a reference to the National Payments Vision, highlighting its importance in creating a trusted and world-class payments ecosystem that serves both the needs of customers as well as service providers. According to the letter, the vision “has three pillars – innovation, competition, and security – and highlights the importance of payments to the UK economy, including as a source of growth.”

The reference to growth at the beginning of the letter is interesting as well as important, with the regulator increasingly using the term in its external communications. That’s because it is facing pressure to cut back on what tne government sees as an unnecessary regulatory burden that derails economic growth.

Exciting potential

“We are excited by the continuing potential for innovation in payments to enhance growth and competition in the UK financial services sector,” the letter reads.

Whilst acknowledging the improvements by firms in the payment sector over the past few years, the FCA has highlighted three key areas which need further improvement. These are:

  1. maintaining effective competition and innovation to meet customers’ needs, characteristics and objectives;
  2. ensuring firms do not compromise financial system integrity;
  3. making sure firms keep customers’ money safe.

Expectations

On the first expected outcome, the FCA has said it still sees “cases where products and services do not consistently deliver good customer outcomes and/or firms not acting in customers’ best interests.”

On innovation, the regulator says it is “happy to speak to firms looking to offer new and innovative products and services.” It also encourages “market participants to attend our Tech and Policy Sprints to share insights with us.”

The letter also says firms “should have adequately considered the requirements of the Consumer Duty and have fully implemented these in a way that is appropriate to your business.

“One sector-specific priority for us in relation to payments is examining the clarity of foreign exchange pricing in payment services. We will be assessing the extent to which firms’ approaches help ensure consumers are able to clearly understand the price they pay for these services.”

System integrity

On the second expectation of maintaining financial system integrity, the FCA has said its two focus areas are “financial crime and operational resilience.”

On financial crime, the FCA says: “Weaknesses in some firms’ governance, oversight, and systems and controls make them a target for bad actors and risks the loss of critical services for customers.

“You should ensure that your firm’s governance arrangements and systems and controls, including reporting mechanisms, are effective and proportionate to the nature, scale, and complexity of your business, and the risks to which it is exposed,” the regulator added. “We expect your approach to compliance and also your approach to ‘on-us’ or intra-firm payment APP fraud to ensure good consumer outcomes, in line with your obligations under the Consumer Duty.”

The FCA has also made it clear to firms it expects them to minimize impact on consumers when they decide to delay a payment in order to mitigate consumer harm.

On the subject of operational resilience, the FCA says it has seen “weaknesses in some firms’ technological resilience, in some cases, coupled with a lack of oversight of change programmes, which has resulted in weakened resilience and/or business interruption.”

“You should ensure that your firm’s governance arrangements and systems and controls, including reporting mechanisms, are effective and proportionate to the nature, scale, and complexity of your business, and the risks to which it is exposed.”

Firms have also been asked to put necessary arrangements in place by the deadline of 31 March 2025, to comply with new rules around requirements to strengthen operational resilience more generally.

Money safety

On the third expectation of keeping customers’ money safe, the FCA told firms to “focus on ensuring adequate governance, oversight, and systems and controls” to reduce harm to customers.

“You should ensure that your firm is safeguarding customers’ funds in line with the Payment Services Regulations 2017/EMRs (as applicable) and guidance set out in our Approach Document,” it said.

Moving on to the subject of prudential risks, the regulator has asked firms to “ensure that your firm meets its regulatory capital requirements at all times, considers and manages the financial risks it faces, and plans well ahead to ensure it has adequate financial resources on an ongoing basis.”

Firms have also been asked to “maintain effective and actionable wind-down plans that include clear triggers to commence an orderly, solvent winding down of your business in different scenarios in line with the guidance in our Approach Document.”

Next steps

The FCA has said it “will seek to deliver proportionate, effective, and agile regulation that protects consumers and markets, and allows for effective competition, innovation, and growth.”

It said Open Banking is a policy priority for it and that it will fulfil its obligations as a regulator in this sector. “We are already working at pace to progress Open Banking, continuing our focus on the development of the Future Entity, the prevention of fraud, consumer protection, as well as our work on premium APIs and the development of the long-term regulatory framework (LTRF).”

Finally, the FCA “will engage with industry, consumer organisations, and other stakeholders on our approach to replacing the Stronger Customer Authentication (SCA), including on the contactless limits.

“We will focus on the outcomes we want to achieve, particularly enabling firms to innovate to reduce fraud and improve customer experience.”

GRIP Comment

The focus on governance, oversight and leadership was one of the things that caught our eye here at GRIP, particularly as the FCA is quite pointed when it says that weaknesses in these areas “are a root cause of many of the regulatory issues we see in the portfolio.”

The list of FCA expectations includes references to adequate systems and controls, but also singles out agents and outsourced functions as needing to fall within the control framework. The regulator is signalling here that, irrespective of the model being used, a “robust and holistic” approach to oversight includes the wider operational perimeter for these firms (and this is relevant to other regulated firms more widely).

And the reitaration of the requirement for UK-authorized payment and electronic money institutions to have a management team based in the UK head office indicates the desire by the regulator to have senior management who can be held accountable locally by the regulator in the case of serious shortcomings being identified.

, , , , , ,

You may also like