×

Resources

Payment and e-money firms’ safeguarding audits – common questions answered

Resources

Payment and e-money firms’ safeguarding audits – common questions answered

This page was last updated on June 5, 2023
Back in 2021, the Financial Conduct Authority (FCA) stipulated that payment and e-money firms had to undertake a safeguarding audit to comply with the Payment Services and Electronic Money Regulations. This article answers the common questions firms often ask about the audit.

Background

A safeguarding audit is an independent assessment conducted by auditors to verify that a payment or e-money issuing firm has appropriate systems and controls to safeguard customer funds. The audit is designed to:

In particular, the audit assesses whether proper segregation and safeguarding of customer funds comply with the latest regulations. This in turn helps to build trust among customers, regulators, and other stakeholders.

Common questions asked by firms

1. Which firms have to have a safeguarding audit?

Payment and e-money issuing firms have to undertake a safeguarding audit. 

An e-money issuing firm is one that provides electronic money services. These allow customers to store funds electronically and use them for various transactions, such as cashless online purchases or money transfers. E-money providers are also known as Electronic Money Institutions (EMI) and differ from banks in their regulation and operations. 

Payment firms are those regulated by the Payment Systems Regulator (PSR). These firms provide systems that enable the transfer of funds between accounts, for example, when people withdraw money from a cash machine, bank a cheque, pay a deposit on a house or have their salary paid into their account.

2. What key areas are covered in a safeguarding audit for payment and e-money issuing firms?

In making the safeguarding stipulation, the FCA used the term ‘audit’ which is usually reserved for statutory audits, or CASS audits where there is a specific audit framework in place. Interestingly, the FCA has not yet issued an audit standard for this.

Currently, its guidance merely states that the firm is to ask the auditor to provide an opinion addressed to the firm on:

  1. whether the firm has maintained organisational arrangements adequate to enable it to meet the FCA’s expectations of its compliance with the safeguarding provisions of the EMRs/PSRs (as set out in chapter 10 of our Approach Document), throughout the audit period, and
  2. whether the firm met those expectations as at the audit period end date.

The safeguarding audit typically covers areas such as the:

3. How often should a safeguarding audit be conducted and is there a fixed deadline?

While the FCA has still not provided details of the period the assurance opinion should cover, it expects that most firms may wish to align the period with their accounting year-end.

Neither the temporary guidance published in July 2020 nor the consultation in January 2021 set out the timing of the reports – including a deadline for when the reports should be submitted.

Similar to Client Asset (CASS) reports, it may be reasonable to assume the safeguarding audit should be completed within 4 months of the period end date to mirror the CASS regime requirements, with the report itself following a similar format.

The frequency of safeguarding audits may vary based on regulatory requirements and the size of the payment and e-money issuing firm. Typically, a safeguarding audit is conducted on an annual basis. They may, however, be required more frequently depending on the jurisdiction and the firm’s risk profile.

4. Can an e-money issuing firm conduct its own safeguarding audit?

No, a payment or e-money issuing firm cannot conduct its own safeguarding audit. This is because the audit requires independent verification by external auditors to ensure objectivity and provide assurance to the firm’s customers and regulators.

5. What challenges do payment and e-money issuing firms face during safeguarding audits?

The regulatory requirements surrounding safeguarding audits are complex. It’s vital that firms demonstrate proper segregation of funds, and have and maintain secure technology and infrastructure in their operations.  

The audit also has to assess how the business manages its third-party relationships. This needs an experienced and objective viewpoint, but finding auditors with specialised expertise can sometimes be challenging. Once appointed though, these specialists can ensure the business adheres to the accurate reporting and documentation needed to comply with the safeguarding audit.

6. What can payment and e-money issuing firms do to prepare and help the audit run smoothly?

It’s important that firms prioritise understanding the regulatory framework concerning their safeguarding obligations in the UK.  A specialist adviser can help. In particular it is important to:

For a more comprehensive checklist – see this article.

7. What happens if a payment or e-money issuing firm fails a safeguarding audit?

If an e-money issuing firm fails a safeguarding audit, it may face regulatory penalties. As a result of this, it may also face reputational damage and potential loss of customer trust. Remedial actions will be necessary to address the identified deficiencies and bring the firm into compliance.

Can we help?

It’s important for payment and e-money issuing firms to consult with legal and regulatory experts to ensure they comprehensively understand the specific requirements and obligations related to safeguarding audits in their jurisdiction.

At Shipleys, we’ve been helping many payment and e-money issuing businesses comply with the latest regulations. For further information, contact one of our specialists shown on this page.


Specific advice should be obtained before taking action, or refraining from taking action, in relation to this summary. If you would like advice or further information, please speak to your usual Shipleys contact.

Copyright © Shipleys LLP 2023

Current Issues

What to bear in mind when setting up a bank account for your UK subsidiary

Overseas businesses often underestimate what is involved when setting up a bank account for their UK subsidiary. In this interview with Metro Bank, we explain the key issues.

Understanding the tax implications of divorce

Tax may not be uppermost on the minds of a couple getting divorced, but a well-drafted settlement can minimise tax liabilities during the upheaval.

Taxation and Divorce

By planning a divorce settlement carefully, it should be possible to minimise the tax cost of transfers under the divorce settlement