HMRC vs FCA: as money laundering supervisors of payments firms

Posted on: 1 October 2024

Written by: James Borley

No, this is not a legal case that you had missed. However, in this article I will be delving into the shared, but separate, responsibility of both HM Revenue & Customs (‘HMRC’) and the Financial Conduct Authority (‘FCA’) as money laundering supervisors of certain payments firms (under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs) in the context of the Payment Services Regulations (PSRs)). Indeed, the crux of the article is understanding who those ‘certain’ firms are.

What do the regulations say?

Regulations 6(8) and 14(11) of the Payment Services Regulations require that a firm (authorised payment institution and small payment institution, respectively) “must comply with a requirement of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 to be included in a register maintained under those Regulations where such a requirement applies to the applicant.” Specifically, where a firm provides only the payment service of ‘money remittance’, it will need to be registered and supervised under the MLRs by HMRC. Where a firm has any other additional payment service within its permission, registration and supervision under the MLRs falls to the FCA.

This does sometimes provide for both confusion (within FCA, HMRC as well as firms in general) and inconsistency. That said, the FCA does at least reference this at paragraph 3.97 of its Approach Document, where it states, “Where we will be responsible for money laundering supervision of the applicant, no separate registration [under the MLRs] is required. This will be the case for all EMIs and (generally speaking) all PIs (unless the application only relates to the provision of money remittance services) [my emphasis].”

Where does the problem lie?

This whole issue of who is a firm’s MLR supervisor is due largely to the definition of ‘money service business’ (MSB) within the MLRs that includes the MLRs’ activity of ‘money transmission’. Consequently, a number of payment institutions providing the PSRs activity of ‘money remittance’ only, but do not otherwise undertake the activities of an MSB, are nevertheless caught within this scope and subject to registration and supervision by HMRC under the MLRs, in addition to the FCA under the PSRs.

Recently, HM Treasury has been looking at wholesale changes to the PSRs, and a tighter description of MSBs within the MLRs, such that firms that clearly do not otherwise possess any features of an MSB remain under the supervision of the FCA under the MLRs as a payment institution, would be welcomed by the industry. Until then though, firms need to be clear in their understanding of when they need to register (or, indeed, renew) with HMRC under the MLRs.

How can firms manage the issue?

Whilst firms cannot simply ‘opt-in’ to being registered/supervised under the MLRs by one or other body, we have seen some firms try to adapt their business model to do just that. Whilst not quite regulatory arbitrage, in that it doesn’t necessarily “capitalise on loopholes in regulatory systems in order to circumvent unfavourable regulations” (Investopedia), it might be seen as ‘gaming’ the system. But then that feeds into the age-old principle that you can only be licensed for what you are actually doing; the FCA will not (and cannot) grant permission for an activity that won’t be used. In this case, what might be the additional payment service(s) that will bring you into scope of the FCA rather than HMRC? Well, as we have seen, anything in addition to money remittance. It may be that a firm will additionally hold funds on a ‘payment account’ pending completion of a payment instruction. Or it may be that the remittance activity involves the issuing of a ‘payment instrument’.

Fortunately, the FCA’s Perimeter Guidance gives some examples of when each payment service might be being provided. For example, the answer to PERG 15.3 Q20 says “In addition to the issue of physical instruments such as cards, arrangements by way of telephone call with password, or online instruction or a mobile telephone application by which a payment order can be initiated could also amount to issuing payment instruments, depending on the service being provided.” So, a money remittance firm using a payment instrument would be subject to the FCA for MLR supervision.

Firms will likely be faced with this question when first addressing their application to the FCA, as an API or SPI. In addition to asking the firm to confirm which payment services it will carry out, the FCA will also ask the firm, “Has the applicant complied with the registration requirements of the MLRs, where those requirements apply to it? (For example, if the applicant is required to be registered with HMRC under the MLRs, we [the FCA] will need confirmation that this has been done before the applicant can become authorised)”. This allows the firm to confirm if it will be registered/supervised by FCA or HMRC, and to explain its rationale. So far, so good...

However, the form also prompts the firm to “provide a description of the internal control mechanisms the applicant firm has established to comply with its obligations under money laundering and counter terrorism financing legislation” regardless of whether it is subject to HMRC or FCA under the MLRs. In its explanatory text the FCA says, “Every payment service provider must comply with legal requirements to deter and detect financial crime. This includes money laundering and terrorist financing. We expect applicants to show they have appropriate and risk-sensitive policies and procedures for countering the risk that they may be used to further financial crime.”

Requesting such information from ‘money remittance’ only firms is, arguably, beyond the FCA’s focus. There is no invitation for the firm to mark as ‘not applicable’ or otherwise state that the information has been provided to HMRC. If it is for HMRC to assess, register and supervise under the MLRs, why is the FCA entitled to additionally ask for this information as part of its PSRs assessment? Whilst that question is largely rhetorical, I suspect that having visibly of those arrangements informs the FCA as to the likely level of compliance/effectiveness in other areas.

Going forward

This has been the situation since payments regulation was first introduced in 2009. Whereas an overhaul of the PSRs, and the MLRs, may be the ultimate solution to regularising this oddity, we are at least aware that it exists and needs to be properly understood by all those affected by it. If you need any advice or clarification regarding registration/supervision under the PSRs and/or MLRs, please do get in touch.

James Headshot

James Borley

James, our Managing Director for Payment Services, is a highly qualified financial services expert and a familiar name to many in the payments and e-money community.

Contact James

Related resources

All resources
iStock 479324890 Event

Payment Services Regulatory Compliance Forum 2025

iStock 1138124341 Event

Webinar: Operational Resilience – the final countdown

iStock 1065111748 Article

Managing reputational risk

iStock 1138678440 Article

MS24/2.1 Premium Finance Market Study