Changes to the safeguarding regime for payments and e-money firms: Enhanced monitoring and reporting 

Safeguarding audits

Currently, firms are required to arrange a safeguarding audit to assess whether their organisational arrangements are sufficient to enable them to comply with the safeguarding requirements under the Payment Services Regulations 2017 (or the Electronic Money Regulations 2011, if the firm is required to have its financial statements audited under the Companies Act 2006). This means that all companies that exceed the small company thresholds for a statutory audit and all authorised electronic money institutions are required to have a safeguarding audit. Safeguarding audits can currently be performed either by an audit firm or by another independent firm or consultant.

There is no requirement for the person conducting the audit to be qualified, nor is the audit required to be carried out under any specific auditing framework or standard.

The FCA are proposing the following changes:

• Extending the safeguarding requirements to all payment institutions and electronic money firms with the exception of payment initiation service providers, small payment institutions and credit unions that issue e money. The new rules mean that the statutory audit thresholds will no longer be used to determine the need for a safeguarding audit. Further, the scope of firms that will be required to have a safeguarding audit is widened.   

• Firms must appoint an independent, qualified auditor to perform the safeguarding audit. An example of a qualified auditor is a registered auditor.  As well as being qualified, the auditor must be independent of the firm and possess the necessary skills, resources and experience to perform the audit.

• An annual audit report, in a prescribed format, must be submitted by the firm’s auditors to the FCA within four months of the end of the audit period confirming:
  • Whether the firm has maintained adequate systems to comply with the applicable safeguarding requirements
  • Whether the firm is in compliance with those requirements at the end of the audit period
  • Details of any breaches
  • Remedial actions taken by the firm and the circumstances that gave rise to a breach.

There are also proposals for the FCA to appoint an auditor for a firm, should this not be done within 28 days of being required to do so.

A new assurance standard is expected to be released by the Financial Reporting Council (FRC). This will set out its requirements in relation to safeguarding audit engagements. The FRC is the Competent Authority for audit in the UK. A registered auditor will be required to conduct the safeguarding audit in accordance with this standard and specify this in their report. 

FCA safeguarding returns

There will be a requirement to submit a new monthly regulatory safeguarding return. This will include data on:

• the safeguarding audit requirements
• the safeguarding methods used
• amounts of funds safeguarded
• safeguarding reconciliations in the period, the excess or shortfall identified and the adjustment made to rectify these
• the frequency of internal reconciliations
• details of relevant fund bank accounts and relevant assets accounts and notifiable breaches.

How can we help?

PKF Littlejohn are registered auditors. We have been performing safeguarding audits since the requirement was introduced in 2020. Please contact Azhar Rana and Oliver Hawes to discuss how we can help you ensure that your safeguarding audit is in compliance with the proposed regime.

Our specialist Payment Services team advise money remittance, payment processing and electronic money firms across the sector. Our services include statutory audit, financial reporting, regulatory advice and assurance, safeguarding audits, external finance and transactional support, as well as structuring, tax compliance and advice on a range of complex issues.

break

break

Read our series of articles on the upcoming changes to the safeguarding regime for payment services and electronic money firms.