Six steps to effective safeguarding for payment and e-money institutions

Share this post

How can payment and e-money institutions meet regulatory requirements to safeguard consumers’ funds? fscom’s Director Alison Donnelly and Independent Payments Consultant Russell Burke, formerly Payment Authorisation Lead in the Central Bank of Ireland, tackled this key question at a webinar hosted by the Association of Compliance Professionals in Ireland (ACOI) last week.

 

How should payment and e-money institutions in Ireland safeguard customers’ funds?

It’s a condition of authorisation as a payment or e-money institution that firms have in place adequate mechanisms to protect consumer funds through safeguarding. This means doing one of two things to protect the funds that consumers give the firm for payment or e-money services:

  • Segregating them from all other funds and either depositing them in a safeguarded account with an EEA-authorised credit institution or investing them in secure, low-risk assets.
  • Protecting them with an insurance policy or guarantee.

The rules around safeguarding in Ireland flow from the EU’s Payment Services Directives and Electronic Money Directives. They apply to non-bank payment service providers  to give customers confidence that their funds are protected when using this type of firm. This has a wide application because a range of different firms have recently been set up in Ireland’s expanding payment and e-money sector.

The Central Bank announced through its Consumer Protection Outlook last year that it will have a special focus on the sector’s compliance with safeguarding.

 

Six steps to effective safeguarding

The Central Bank will expect payment and e-money institutions to incorporate the following six best practices.

 

  1. Maintain documents outlining well-formed and comprehensive policies and procedures around safeguarding.
  2. Perform a thorough risk assessment of the various aspects of safeguarding, including the choice of safeguarding method and safeguarding partner (for example, the credit-worthiness of the EEA-authorised credit institution).
  3. Undertake a proper reconciliation daily, which is signed, dated, and recorded in hard copy.
  4. Take prompt action to record and fix any differences found in reconciliations using the institution’s own funds.
  5. Senior management must take an interest in and understand the processes and risks involved in safeguarding, and be able to challenge those presenting new data, policies or frameworks which may not comply.
  6. Name safeguarding accounts accurately and clearly to identify that they hold customers’ funds.

 

The costs of ineffective safeguarding

These six steps may sound simple enough but ignoring them can – and does – inflict significant legal, financial, reputational, and strategic damage on financial institutions. In recent years, two national regulators have applied intensive scrutiny around safeguarding which led to enforcement action being taken against five firms:

  • The Bank of Lithuania fined four e-money institutions for safeguarding failures in 2019. These firms had used a chain of payment institutions rather than registered banks to move customers’ funds around. While this offered them lower costs and a more effective service, the Bank ruled that the funds were not held with an appropriate credit institution or bank.
  • The UK’s Financial Conduct Authority has taken enforcement action against one firm to date and issued further warnings on safeguarding. This risk was heightened after multiple financial institutions became insolvent in 2019, raising questions over the safety of apparently safeguarded customer funds.

 

In summary, payment and e-money institutions should ensure they understand their obligations around safeguarding. Equally importantly, they must put in place a plan to mitigate risks, secure customer funds, and meet ever-expanding regulatory requirements.

 

You can read more about safeguarding here. If you would like to discuss how fscom can support you to improve safeguarding in your firm, get in touch

Article by fscom

More To Explore

Membership

Merchant Community Membership

Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.

Welcome

Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?