What does the FCA’s recent Dear CEO letter mean for e-Money and payments institutions?

Share this post

After uncovering a range of issues during recent visits to over 100 e-Money and payments institutions, the FCA published its latest ‘Dear CEO’ letter. The letter took a completely different approach to usual. Instead of focusing on a single area and then pushing for full compliance, the FCA broke down the many facets of a regulated firm and looked at them individually. This change in approach is almost certainly due to the widespread and endemic issues discovered at the EMIs and PIs being far beyond what the FCA had originally anticipated.

The letter ended with a stern warning – “we will act swiftly and decisively if you fail to meet our expectations” – but what are some of the key areas raised and what do they mean for EMIs and PIs? Let’s adopt the FCA’s approach and break down a few of the key areas one by one:


The initial issue raised in the letter is safeguarding, which the FCA describes as ensuring customer funds are protected when a firm becomes insolvent.

But safeguarding is a thorny issue. Not least because the directives have ensured it can apply throughout the European Economic Area (EEA) – despite legal systems varying greatly from state to state. The point at which it applies is understood, but when it ceases is quite opaque. And the obligation to segregate relevant funds, while similar, is clearly different to safeguarding and needs clarity.

However, there’s also a responsibility on the industry to become more proactive around safeguarding client funds, which must happen sooner rather than later if the sector is to bolster confidence.

Prudential Risk Management

The second area discusses the need for adequate financial resource to ensure all firms can pay debts and meet obligations as required.

The need to do stress testing for liquidity and capital for PIs and EMIs is likely create additional burdens to an already heavily burdened industry. However, when a ‘black swan’ event, such as coronavirus, occurs stress testing could prove crucial to the survival of the fintech industry.

Here, the FCA also confirms that wind-down plans – when a firm considers how it may cease regulated activities with minimal adverse impact – should be proportionate to the size of the firm. This must be welcomed with open arms, as it will help firmly establish public confidence.

Financial Crime

The third area of focus is combatting and preventing financial crime. All firms must be conscious that their services could be used to facilitate fraud, money laundering, bribery and corruption and all manner of financial crimes.

As such, firms must ensure their processes are robust enough to survive this ever-changing environment. Careful supervision of EMI Agents is a priority, and ensuring all programme managers are adequately supervised is equally important.

In addition, high risk customers should always be reviewed sensitively and kept to a manageable size in a firm’s portfolio. But it is paramount that the management team regularly reviews the risk appetite in changing circumstances.

Financial promotions and consumer communications

Consumers rely on information promoted on websites and in adverts to make financial decisions about a firm’s products.

However, it’s always been the case that some firms will exploit their FCA regulated status. Unfortunately, this is more prevalent among EMI Agents wanting to use their statue to boost customer confidence. Firms must regularly check their own promotions, and those of their agents and programme managers, to ensure no such claims are made. And firms must treat their customers fairly, complying with industry guidance on unfair terms in consumer contracts.

Concluding thoughts

The FCA also calls out governance and reporting as other key areas firms must tighten their grip on, which speaks to the importance of regulated fintechs strengthening their business processes. There’s no denying that this letter will act as a wake-up call – if the Wirecard crisis hadn’t already, that is.

In the long-term these steps will help rebuild consumer and business confidence in working with fintechs that don’t have a banking license. That is assuming there are no further scandals in the short term while lawmakers turn consultations into policy.

The fintech industry has faced it’s sternest test yet with the global pandemic. The last thing it needs to do now is shoot itself in the foot.

By Gareth Mahoney, Head of Compliance at Moorwand

Find out more about Moorwand at www.moorwand.com


More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?