Even during these challenging times, compliance with the regulations is as important as ever for payment services firms. The advent of PSD2, GDPR and 5MLD has come alongside two other important developments. Firstly, the Financial Conduct Authority (FCA) introduced a dedicated payment supervisory team, and secondly the FCA's 20/21 business plan states that ‘making payments safe and accessible’ is one of their five priorities.
Perhaps the dearth of actual supervision under PSD1 caused a relaxed compliance culture to be embedded across the industry, but this has all changed and, generally, firms need 'step up their game'. Getting compliance wrong is no longer something that you can gamble with. Attempting to outplay or avoid this line of regulation risks substantial regulatory penalties, along with severe reputational damage that could put off investors and potentially result in a detrimental, even terminal, decline in business.
Accountability falls squarely on the shoulders of senior management, albeit responsibility is often delegated to the compliance function. Resources are often stretched, in terms of time, personnel and expertise. There are five good reasons why payments firms are increasingly turning to independent and external verification of their firm’s compliance with regulatory requirements:
1. It's more complicated - have you missed something?
PSD2 significantly expanded the scope of regulation and, as a result, the Payment Services Regulations 2017 (PSRs) demand significant change to policies, systems and controls and procedures. While some aspects may have been addressed through the firm’s authorisation or reauthorisation process, you still face increased reporting and notification requirements, stricter ongoing obligations, and mandatory annual audits.
Some obligations require independent verification, others demand more time and effort. This presents a considerable challenge for your compliance officers and management teams to provide the knowledge and expertise needed to remain compliant, and increasing the risk of missing something important.
2. Reduce risk - bank services and FCA
Obtaining and retaining access to the banking services essential to your business and, as we alluded to earlier, the potential for FCA regulatory intervention will undoubtedly be high on your risk register. Banks are increasingly requiring onerous independent risk audits (although more focussed on AML and financial crime) and closer FCA scrutiny and activity is almost a certainty with the appointment of the very first dedicated payment services supervision team.
3. Take a load off
You can do it, we can help. Not just a long-forgotten jingle from the ‘70s, but an acknowledgement that stretched compliance functions may not get round to reviewing and updating things as often as they’d like. While you/we hope you are compliant, often a fresh, objective pair of eyes (that don’t belong to the regulator!) can honestly and constructively identify areas for improvement and clear plans for remediation.
4. Because you should
If we look specifically at the PSRs, then The FCA actually expects you to conduct ‘regular’ (at least annual) audits of your policies, systems and controls, processes and procedures, including reviewing and updating your compliance manual.
5. Benefit from our expertise, evidence your compliance to the regulator if asked
We’re experts in PSD2 and financial crime prevention, with our Payment Services Practice led by James Borley and John Burns, two of the UK’s leading payment service compliance figures.
We offer a PSD Assurance Review that covers the breadth of the requirements under the PSRs. You can benefit from our experience to help identify gaps in your compliance and provide you with practical helpful advice and solutions. And if the FCA do 'come knocking' you can use our report as an example of your compliance processes. Many firms actually benefit from this service as part of an annual retainer contract that allows them to spread the fee over 12 months and have access to a reliable, specialist payment services compliance partner to deal with unwanted issues such as incident reporting, should they happen.
Make an enquiry
Related resources
All resourcesIdentifying the weaknesses in firms’ transaction reporting governance and control frameworks
Bitesize webinar: Establishing a robust prudential monitoring framework
Operational Resilience: regulatory guidelines for critical third parties aim to avoid systemic disruption
Press Release: Cosegic launches new Consumer Duty audit.