14th February 2023

CBI focuses on Safeguarding deficiencies

The Central Bank of Ireland’s (CBI) most recent ‘Dear CEO’ letter to Payments Institutions (PI’s) and Electronic Money (E-Money) firms was issued on the 20 January 2023. This follows on from their 2022 multi-year strategy which highlighted four core themes. The safeguarding of user funds being the first of these to be addressed. The letter considers the supervisory approach to PI’s and E-Money firms, key findings from engagement with firms over the past months as well as the CBI’s conclusions and expectations.

In this article we look to discuss the key points from the letter, how they are applicable to firms in their approach to the safeguarding of user funds and Protean Risk’s exclusive Safeguarding Insurance policy.

The findings

The CBI look to acknowledge the fact that PI and E-Money firms operate in a diverse and rapidly evolving sector with a range of differing business models being deployed by authorised firms. Whilst welcoming the transparency and competition this brings compared to more ‘traditional’ financial services providers, the CBI is looking to ensure that the risks associated with this innovation are sufficiently managed and mitigated through risk based approaches. The CBI outline the fact that they continue to see examples of firms' growth plans outpacing their compliance and / or safeguarding frameworks and capacity. Most notably their recent engagement with PI and E-Money firms highlighted that one in four firms have "deficiencies in their safeguarding risk management frameworks".

The CBI states that the level of shortfalls found "indicates that some firms do not have robust safeguarding arrangements in place to demonstrate that users funds are managed effectively,

The CBI states that the level of shortfalls found "indicates that some firms do not have robust safeguarding arrangements in place to demonstrate that users’ funds are managed effectively, and protected in accordance with our expectations and obligations under the PSR (Payment Services Regulations) and EMD (Electronic Money Directive)." Key deficiencies being highlighted as:

  • Delays in segregating users’ funds following receipt.
  • Co-mingling of users’ funds and non-users’ funds in safeguarding accounts.
  • Failing to reconcile that the correct amounts are being segregated on a daily basis.
  • Bank accounts where users’ funds are held being incorrectly designated and therefore users’ funds not safeguarded correctly.
  • Failure to maintain adequate insurance policies or comparable guarantees on an ongoing basis, where relevant.
  • Control over the safeguarding account resting outside of the firm, for example with a Group entity.
  • Insufficient oversight of arrangements for managing the safeguarding of users’ funds, for example a lack of policy documentation at the legal entity level (i.e. referable to the Central Bank authorised Payment and E-Money firm) and a lack of effective and regular monitoring and review of safeguarding.
  • Consumer fees/other charges inappropriately taken out of the safeguarding account leading to a potential shortfall of users’ funds.
  • Failure to evidence adequate consideration of the impact of operational changes, including material changes in the business strategy, on safeguarding arrangements.
The expectation

In light of the level of shortcomings that have been identified, the CBI are subsequently requiring all PI and E-Money firms that safeguard user funds to conduct audits of their safeguarding policies and procedures to ensure compliance with the requirements outlined in the PSR/EMD. These being:

  1. Undertaken by an external auditor, and;
  2. For the audit opinion and a Board response to this, to be provided to the CBI by the 31 July 2023.
A solution

With the CBI adopting a no tolerance approach for shortfalls in safeguarding arrangements, they are engaging with firms on a direct basis to address specific issues that have been raised. This, alongside the fact that the audit will review current safeguarding arrangements to ensure they meet the regulatory requirements, will require firms to either take pro-active steps to address areas that have been identified as inadequate or reactive measures to find a compliant solution.

Protean Risk launched the first insurance policy to meet the safeguarding requirements of the PSR/EMD regulations in mid-2019. This is accepted for use by regulators in the United Kingdom, Republic of Ireland and Lithuania. Exclusively offered by Protean Risk, our PSD Bond Safeguarding solution is utilised by a number of PI and E-Money firms to overcome a range of safeguarding challenges. Most simplify providing an alternate means of safeguarding user funds to a more traditional segregated client account, our insurance policy can also be deployed to cover ‘grey areas’ of your safeguarding procedures or to ease capacity / capital where inefficiencies have been identified. Benefits of the policy include:

  • Reductions in operational costs
  • Improvements in capital efficiency
  • Alleviating of regulatory risk – smooths over some of the more challenging aspects of segregation.
  • Simplifies compliance – solves some of the grey areas.
  • Retains flexibility – can move to other options in future.
  • Strengthens consumer protection – transferring risk to insurance underwriters.
  • Enhances regulatory compliance

We’d be happy to discus how our insurance product can look to help with your safeguarding procedures as you work through direct discussions with the CBI or look for remedial actions to specific points raised by auditors. Our insurance product is flexible in its application and is currently being used by clients to assist in complying with the PSR/EMD regulations and to cover a number of the key safeguarding deficiencies identified by the CBI in this ‘Dear CEO’ letter.

To find out more, speak with:

Fergus Bracher, Cert CII
Account Manager

+44 (0)20 3763 5364

Hugo Thorp
Team Leader - Fintech & Payment Services

020 3763 5343