The FCA now requires firms covered by Payment Service Regulations and Electronic Money Regulations to have an ‘Annual Audit of Compliance with Safeguarding Requirements’
16 February 2021
In July 2020, the FCA released some finalised guidance for firms covered by the Payment Service Regulations (PSR) and Electronic Money Regulations (EMR) with respect to Coronavirus. The document set out expectations on how firms under these rules should manage safeguarding customers’ funds, but for the first time included a requirement for these firms to have an ‘Annual Audit of Compliance with Safeguarding Requirements’.
The full guidance can be read here
Auditors already had a responsibility to report to the FCA any breaches they found under the PSR or EMRs which are of material significance to the FCA, but there was no separate client money (CASS) style audit required.
A fresh development
So it is quite an unusual situation that the FCA have asked EMI and PSR firms to have an 'audit' of their safeguarding arrangements, but without any clear guidance on the content of the audit or the format of the report.
It's also a little unclear when this applies from and when the deadline is. We are assuming that it is 4 months after the year end, in line with other similar FCA reporting requirements, and applies to year ends from July 2020.
The FCA uses the term 'audit', which is usually reserved for statutory audits, or CASS audits where there is a specific audit framework, but there is no audit standard by the Financial Reporting Council in this instance.
The FCA guidance requires that the firm is to ask the auditor to provide an opinion addressed to the firm on:
- whether the firm has maintained organisational arrangements adequate to enable it to meet the FCA’s expectations of its compliance with the safeguarding provisions of the EMRs/PSRs (as set out in chapter 10 of our Approach Document), throughout the audit period, and
- whether the firm met those expectations as at the audit period end date.
This is very similar wording to a Reasonable Assurance Client Money (CASS) audit. The approach to the engagement will therefore be similar, and will involve an examination of the various safeguarding provisions during the year and at the end of the period, to ensure the firm has controls in place and has complied with them. At the end of the engagement, the auditor will provide a letter addressed to the firm covering the points mentioned above.
Can we help?
Shipleys works with a number of firms affected by this new requirement and we will be working with our clients on the new safeguarding audit obligation. Please get in touch if you would like further information.
Specific advice should be obtained before taking action, or refraining from taking action, in relation to this summary. If you would like advice or further information, please speak to your usual Shipleys contact.
Copyright © Shipleys LLP 2021