FCA Payments ‘Dear CEO’ Letter – Back to the Future?

Following hot on the heels of the FCA CEO Nikhil Rathi’s letter to the Chancellor, Rachel Reeves, we see the FCA doubling down on its commitment to growth and commitment in the UK financial sector, as set out in its latest Dear CEO letter.

In this latest Dear CEO letter to the Payments sector, Matthew Long, Director of Payments and Digital Assets, states “We are excited by the continuing potential for innovation in payments to enhance growth and competition in the UK financial services sector. Despite the economic and wider challenges faced by firms, the sector has continued to develop, driven by technological change. We expect this to continue, accelerated by innovative advancements such as Open Banking, Open Finance, and digital currencies.”

New entrants to the sector or, rather, those that try to enter the sector, might however argue that the FCA has at times been disproportionately restrictive in its approach to assessing applications for authorisation or registration. They would cite a consistently low approval rate of 10-20% (depending on the type of licence being sought) as evidence that the FCA may not have settled on a realistic risk appetite. Hence Nikhil Rathi’s challenge to/request of Rachel Reeves to clarify for the FCA what level of risk it should be prepared to accept.

The FCA is bound to follow the relevant parts of the Payment Services Regulations 2017 and Electronic Money Regulations 2011 in assessing whether a firm meets the relevant conditions of authorisation/registration. However, given that much of the relevant sections of the legislation is couched in terms that state that “the Applicant must satisfy the FCA” this does currently leave the FCA with a degree of discretion.

Coming back to the latest Dear CEO letter and, notwithstanding the references to the National Payments Vision, and its three pillars of innovation, competition, and security, we see this as providing the context for the FCA to remind payments firms about the areas that it is most concerned about: in many ways, it is repeating the messages given in its previous Portfolio Letter in March 2023.

Whereas the FCA accepts that improvements have been made, there is still more that the FCA expects firms to do. Certainly, the topics set out in the Portfolio letter in 2023 remain priorities for firms today: safeguarding, prudential risk management, wind down planning, financial crime prevention (including fraud), governance, operational resilience and Consumer Duty. Indeed, the FCA repeats many of these messages.

What is slightly different is the priority outcomes the FCA is trying to get firms to deliver. Let us do a quick compare and contrast:

2023

• Outcome 1: ensure that your customers’ money is safe.
• Outcome 2: ensure that your firm does not compromise financial system integrity.
• Outcome 3: meet your customers’ needs, including through high quality products and services, competition and innovation, and robust implementation of the FCA Consumer Duty.

2025

• Outcome 1: Effective competition and innovation to meet customers’ needs, characteristics and objectives.
• Outcome 2: Firms do not compromise financial system integrity.
• Outcome 3: Firms keep customers’ money safe.

Looks awfully similar, doesn’t it?

But this is not simply a restatement of its 2023 communication. Rather, it is an extension of matters about which the FCA is increasingly interested/concerned, and reflective of developments in the sector since 2023, and forthcoming changes. So, we have specific reference to APP Fraud, with reference to yet another Dear CEO letter on the subject, issued last year.

There is also reference to the FCA’s Consultation Paper on wide-ranging changes proposed to the safeguarding regime. As previously trailed, the FCA states it “will publish final interim rules in mid-2025 and, as set out in our consultation, [firms] should prepare for any changes [they] may need to make to [their] safeguarding arrangements.” But, in the meantime, it’s business as usual, with firms expected to follow the guidance in the Approach Document.

Given the end of the transitional period on 31 March 2025, firms are reminded that they are expected to have identified important business services and set impact tolerances, and tested them, ahead of then. One has only to see the impact of the recent Barclays IT outage on a firm’s customers and, of course, its reputation.

And then there’s the forward look, with the FCA setting the scene for upcoming policy changes. Highlighted here are the further development of Open Banking and Open Finance, and variable recurring payments, as well as changes to Strong Customer Authentication. There is an accompanying request for interaction with the FCA too, such that any future regulatory change is ‘pre-consulted’ on, ahead on any formal consultation paper. So, something of a conciliatory and collaborative tone in this latest Dear CEO letter that hasn’t really been evident previously.

Don’t forget that, at its heart, there is still a ‘big stick’ being waved; and it’s being waved firmly in the direction of the firm’s CEO :“As the Chief Executive Officer, you are responsible for your firm consistently delivering these outcomes. We have set out below what we expect from your firm, and what we intend to do to support each outcome. You should identify the messages in this letter that are relevant to your firm and your conditions of authorisation and/or registration and take appropriate action.”

As ever was the case, the FCA expects “you [the CEO] and your Board to discuss this letter and take necessary steps to deliver on the outcomes we have set. We will be engaging with firms to ensure this is the case.” So, if you don’t have an upcoming Board meeting, do schedule one right away, and make this the main topic for discussion.

If you need any guidance or support in the meantime, please don’t hesitate to get in touch with Cosegic’s Payment Services Team.

Contact us