FCA warns payment companies to overhaul their financial crime compliance processes

FCA warns payment companies to overhaul their financial crime compliance processes

18 Apr 2023

18 Apr 2023

The Financial Conduct Authority (FCA) recently sent letters to almost 300 payment companies in the UK lambasting them for insufficient protective measures to safeguard consumer funds, lack of transparency in attempts to “greenwash”, and weak compliance processes.

Despite risk and compliance becoming a priority for financial institutions over the last several years, the sharp reminder from FCA highlights gaps in some processes and the need for continual evolution.

Compliance plays a vital role in protecting the vulnerable

Once considered a necessary hindrance for many financial institutions, compliance is now at the forefront of protecting vulnerable members of society and closing loopholes that criminals could potentially exploit. 

However, compliance is a complex puzzle to solve.

UK Financial institutions are contending with evolutions in the market, new legislation, and constant technological and systemic updates—including ISO 20022, upgraded domestic payment rails, and the introduction of digital currencies. These changes are affecting some payment companies’ in their ability to safeguard customer funds and manage strong AML compliance processes. 

The UK is also grappling with a cost of living crisis that has been exacerbated by a myriad of factors, including the ongoing conflict in Ukraine, Brexit, the COVID-19 pandemic, and rapid changes in government policies. Amidst this uncertain landscape, the Financial Conduct Authority (FCA) has raised concerns about the potential for weak compliance processes in payment companies to leave customers vulnerable to financial crime, and even put the companies themselves at risk of failure.

Recent banking turmoil heightens FCAs concerns

The collapse of Silicon Valley Bank (SVB) and takeover of Credit Suisse has created a new and unsettling nervousness across the global finanacial system. This unease in the banking sector adds urgency to the FCA’s warnings as concerns have grown around protecting consumers finances, particularly during periods of uncertainty. 

Understanding the FCA’s expectations

As well as highlighting the troubling market conditions the letter states that “over the past two years, the FCA has seen increasing evidence of financial crime in the payments portfolio. With the ability to provide bank-like services, willingness to service high-risk customers, and weaknesses in some firms’ systems and controls,” making payment Payment Institutions (“PIs”), Electronic Money Institutions (“EMIs”) “a target for bad actors.”

The FCA wrote that they “remain concerned that many payments firms do not have sufficiently robust controls and that, as a result some firms, present an unacceptable risk of harm to their customers and to financial system integrity.” Expectations were outlined in the letter for payment companies as well as a string of recommendations to support payment companies.

There are three core outcomes the FCA expects payment firms to achieve.

Ensure that customer funds are safe

The FCA provided clear strategies for; 

  • Safeguarding customer funds so if a company is to become insolvent that customer funds are returned quickly, 

  • Prudential Risk management so that firms maintain a significant level of liquidity even if they are unprofitable and reliant on external funding for survival, and 

  • Wind-down planning so that if things do start to fall apart there are plans and processes in place as well as predetermined triggers as to when to wind-down.

Ensure that indivdual payment firms do not compromise the financial system integrity

Poor practices, such as a lack of systems, controls, and risk mitigation will not be tolerated by the FCA. They observed common issues, such as failures to carry out adequate KYC/due diligence, reporting backlogs and weak systems and frameworks. This failure to establish robust compliance means financial crime could be allowed to thrive, and fraud could become commonplace, putting the entire financial system at risk.

Ensure customers’ needs are met through high quality products and services, competition and innovation, and robust implementation of the FCA Consumer Duty

The FCA also reminded firms that new products and services needed to be built with the customers’ best interests in mind.

Financial institutions (FI) across the world could benefit from these timely reminders, particularly during uncertain economic times. Whilst it can be tempting for organisations to focus solely on short-term revenue goals it is crucial not to overlook regulatory requirements as compliance is not just a necessary obligation, but a vital component of a stable and prosperous economy, and a well-managed business.

Strong compliance is driven from the top

The FCA highlighted 3 core priorities that underpinned the outcomes, and stressed the importance of ensuring; 

  • good leadership and governance, 

  • operational resilience and 

  • regulatory reporting.

The letter serves as a stark reminder to payment providers to ensure that significant effort is made to improve financial crime compliance processes, and utilise the support available to strengthen current practices.

Financial crime compliance is a complex and challenging area for payment providers to get right. Often they are already aware of their obligations but the challenge is in implementation and maintenance of a robust AML compliance process.

Ensuring compliance is embedded in the culture of the organisation and that accurate and timely reporting is provided to regulators are both fundamental to a healthy organisation and a healthy, solid financial system. In addressing this letter to CEO’s it’s clear that FCA believes that company executives and board members must lead the way if real improvements are to materialise. 

Using Regtech to support a customer first culture of compliance 

Regulatory technology and automation can help payment firms and other reporting entities to avoid some of these pitfalls such as reporting backlogs and poor manual processes.

According to Debra Young, CEO of the Regtech Association,  “Great technology implemented correctly, allows people to elevate to a higher order – enabling creative thinking and risk management and it leaves the machines to do large-scale processing and scanning, providing real-time, rich data sets. It gives the real people the opportunity to reimagine the data better, to look for better regulatory outcomes and creatively consider the impact on their risks.” It also helps alleviate compliance teams from manual tasks and enables them instead to really think about how they can meet the organisation’s obligations and work with product or innovation teams to deliver customer first outcomes.

Regtechs like Identitii help entities improve their regulatory reporting by providing oversight of transaction data, automating manual processes, and minimising the risk of non-compliance.

To find out more about how you can ensure complete and accurate reporting with Identitii, visit here