Payment Services firms should prepare for SMCR

As readers will be painfully aware, the Financial Conduct Authorities (FCA’s) focus on payment services and E-money is becoming ever greater. This is in huge contrast to the previous reactive approach and means that firms in the sector are ever more likely to find themselves under regulatory scrutiny, with consequent potential personal impacts on those registered with the FCA as Payment Services Directive (PSD) or E-Money Directive (EMD) individuals.

So, the question that management and Boards of Payment Institutions and E-Money Institutions should be asking themselves is “What can I do to protect me, and the firm, from regulatory action?”

The first thing to say, as anyone who has attended one of our Webinars recently will not be surprised to hear, is that evidencing what you have done to be compliant is absolutely key. For a regulator, the maxim is “If it’s not written down, it didn’t happen". Even if you are in a 2-person firm and work in the same office, if a decision is made on risk, AML, safeguarding or any material matter, it is important that the decision and the reasons behind it are recorded, so that if asked by the FCA the firm can show that a proper process was followed.

The Senior Managers & Certification Regime (SMCR) does not apply to Payment Institutions and E-Money Institutions, but it is likely that some version of it will be brought in for the sector at some point in the not-too-distant future.  In light of this, and the FCA’s focus on governance, we would suggest that acting as if the SMCR regime did apply is a sensible precautionary approach for firms.

SUGGESTED ACTIONS

• Creating a Statement of Responsibilities for each Senior Manager (PSD/EMD Individual) clearly setting out their responsibilities;
• Identifying who is responsible for the “Prescribed responsibilities” which for payments and E-money firms would include Compliance Oversight, MLRO/Nominated Officer, and Safeguarding
• Creating and maintaining a “Management Responsibilities Map” setting out how the responsibilities of senior managers to ensure that all relevant areas are covered
• Adding the SMCR Conduct Rules to the staff manual

FIVE CONDUCT RULES APPLICABLE TO ALL STAFF

1. You must act with integrity
2. You must act with due care, skill and diligence
3. You must be open and cooperative with the FCA, PRA and other regulators
4. You must pay due regard to the interests of customers and treat them fairly
5. You must observe proper standards of market conduct

FOUR ADDITIONAL CONDUCT RULES APPLICABLE TO SENIOR MANAGERS

1. Effective Control: You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively.
2. Regulatory Compliance: You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards
3. Responsible Delegation: You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively of the regulatory system.
4. Disclosure to Regulators : You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice

You will note the repetition “take reasonable steps” in the Senior Manager’s conduct rules. The rule under SMCR is that the FCA may take action against senior managers where:

1. There has been a contravention of a relevant requirement by the Senior Manager’s firm
2. At the time of the contravention or during any part of it, the Senior Manager was responsible for the management of any of the firm’s activities in relation to which the contravention occurred
3. The Senior Manager did not take such steps as a person in their position could reasonably have been expected to take to avoid the contravention occurring or continuing

It is reasonable to assume that the FCA would take a similar approach to taking regulatory action in our sector  Therefore Senior Managers should make sure that they take (and can evidence that they have taken) all reasonable steps to be compliant.

A Payment Institution or EMI following this approach will be able to show the FCA that it has proper governance controls, is able to evidence how it is complying and will be in a good position if/when SMCR is applied to the sector.

If you would like to discuss how this approach could be applied to your firm, please contact me or James Borley.