Safeguarding of funds, particularly in relation to e-money and payment services firms, has been an area of increasing focus for the Financial Conduct Authority (FCA) for a number of years, with this issue being referred to in the FCA’s “top priorities” in their Business Plan for 2020/21.

On 9 July 2020, the FCA published finalised guidance on “Coronavirus and safeguarding customers funds: additional guidance for payment and e-money firms”¹. This document was deemed to have immediate effect. One of the key points of this document was the introduction of a requirement that payment services and electronic money institutions, whose accounts require a statutory audit, will now also be required to undertake an annual audit of their compliance with the safeguarding requirements under the Payment Service Regulations 2017 (PSRs) and Electronic Money Regulations 2011 (EMRs).

What exactly is this audit requirement?

The FCA’s ‘Finalised Guidance’ document states at section 1.20, that such firms are required to have obtained an opinion from an auditor on:

• Whether the firm has maintained organisational arrangements adequate to enable it to meet the FCA’s expectations of its compliance with the safeguarding provisions of the EMRs/ PSRs throughout the period, and
• Whether the firm met those expectations as at the period end date.

What assets are to be safeguarded?

The requirement to safeguard applies to "relevant funds" in both the PSRs 2017 and EMRs 2011. Authorised e-money firms must also separately safeguard relevant funds received in relation to unrelated payment services (such as money remittance).

What areas will the audit look at and what kinds of testing will be performed?

We have developed a fieldwork program comprising of a suite of tests designed to ensure adequate coverage to allow us to opine as required by the FCA, as well as to add value to our clients. The testing will consider the design and implementation, as well as the operating effectiveness of the key controls and processes identified in relation to safeguarding.

The key areas of testing that we would expect to conduct in a safeguarding audit include: 

• Desktop review of key documents
• Review of treatment of mixed funds and co-mingling
• Review and test segregation of funds
• Review and test reconciliations (both “internal” and “external”)
• Review of safeguarding bank accounts
• Review pf Systems and Controls and Governance in relation to safeguarding.

For clients where we also act as statutory auditor, the safeguarding audit will take the form of a separate engagement adjacent to the statutory audit and will include planning, fieldwork and completion stages, as is common with statutory and client assets (“CASS”) audits. Where we deliver both a statutory audit and a safeguarding audit, we will seek to leverage efficiencies wherever possible.

How we can help

Our dedicated Financial Services Audit and Assurance team have a blend of skills and experience that make them ideally positioned to deliver these audits. Our experience extends to acting for FinTech businesses, including payment services, e-money issuers in this area, as well as in relation to providing statutory audit and CASS audits. We also have experience in delivering Client Assets Audits for investment firms and insurance brokers. Many commentators consider the new safeguarding rules to look “like CASS did 10 or so years ago”. We have been on the “CASS journey” with a number of clients and this experience serves us well in relation to safeguarding.

As a member of the PFK international network, we are able to leverage national and international experience and cutting-edge insight in relation to these issues.

If your firm is required to obtain a safeguarding audit opinion, please don’t hesitate to get in touch with myself or a member of our Financial Services specialists to discuss how we can assist.

¹ https://www.fca.org.uk/publication/finalised-guidance/coronavirus-safeguarding-customers-funds-additional-guidance-payment-e-money-firms.pdf