On 9th July 2021 it will be a year since the FCA published their 'Dear CEO' letter to e-money and payments firms. Within this letter was a requirement for all E-Money Institutions, and any Payments Institution that is required to arrange an audit of its annual accounts under the Companies Act 2006, to appoint a suitably qualified and experienced independent firm to audit their safeguarding arrangements at least once annually. Unfortunately, the FCA's language was not sufficiently tight, with many firms (and, indeed, ourselves) taking this to mean firms had 12 months from the date of the 'Dear CEO' letter to have their safeguarding audit carried out. However, the FCA has since expressed its surprise at how few audits had actually been undertaken and that their expectation was, in fact, that they would be carried out 'as soon as practicable'.
Despite this confusion, the FCA has not yet sought to test compliance of the entire market, but has restricted itself to enquiries of individual firms on a case-by-case basis. But as we are now approaching the 11th hour (or month, at least) since the 'Dear CEO' letter it is plausible that the FCA could yet seek to test the compliance of the entire market.
Although not all firms are required to commission as independent audit of their safeguarding arrangements, we strongly recommend this as good practice. Remember, as a condition of authorisation firms must satisfy the FCA that they have adequate internal control mechanisms including sound administrative, risk management and accounting procedures and that they have taken adequate measures to safeguard customer funds.
It is difficult to see how a firm can do this without undertaking an audit of some sort, and an independent audit is an excellent way of showing the FCA how seriously you take your responsibilities. An independent audit provides you with a document to evidence your compliance with the regulations and helps you to identify areas for improvement or remediation. That's why in our August 2020 article we strongly recommended that all firms, not just those required by regulation, look toward an independent audit at the earliest opportunity.
HOW IT WORKS
Cosegic has undertaken many safeguarding audits for E-Money and Payment Institution clients over the past year. Our audit scope has been designed to meet the FCA’s requirements whilst minimising the burden placed on compliance teams. The scope of our audit has also been shared with the FCA, so you can take comfort that it will cover those issues that the FCA is most interested in, as set in Chapter 10 of the Approach Document.
- We use our specialist online regtech system as part of the audit process. This simplifies matters for you by making it easier to supply the information required for the audit. Compliance Managers or their nominated deputies just have to answer a series of questions and upload relevant documentation, we do the rest.
- We supplement the gathering and review of evidence with sample checking of safeguarding reconciliations at your firm for the previous 12 months, to check the process has been followed and discrepancies identified and addressed.
- We hold discussions with key staff to verify how the stated process works in practice and clarify any points or areas of investigation arising from the audit.
- You receive a detailed Safeguarding Audit Report which contains our opinion on whether your firm has met the FCA’s expectations as at the audit period end date, outlines our findings, identifies any shortcomings, and provides recommendations for action to address them.
Book a Safeguarding Audit