On 4 July 2019 the Financial Conduct Authority (“FCA”) published its findings following a review of the safeguarding arrangements in 11 non-bank payment service providers (“PSPs”). The FCA requires that all non-bank PSPs to self-certify that they are in compliance with the relevant safeguarding requirements by 31 July 2019.

This is the second of two articles on this topic. Part 1 discussed the FCA self-certification requirement and the scope of the safeguarding requirements. Click here to read Part 1.

This Part 2 discusses the specified methods of safeguarding and some related issues. Capitalised terms are as used in Part 1.

How must funds be safeguarded?

There are two safeguarding methods: the segregation method and the insurance method. For convenience, the term “non-bank PSP” is used below to cover both PIs and EMIs that must comply or choose to comply, with the safeguarding requirements.

The segregation method

Under the segregation method, the key requirements are:

  • A non-bank PSP must keep relevant funds segregated from any other funds it holds.

This segregation obligation applies as soon as relevant funds are received by a non-bank PSP and throughout the period in which relevant funds are held by the non-bank PSP. Note that this obligation is independent of the “safeguarding account” requirement. In other words, the non-bank PSP cannot wait till relevant funds are deposited into its “safeguarding account” (see below) to apply segregation.

In circumstances where a non-bank PSP uses e.g. an operational account to receive funds from customers, the segregation obligation is triggered as soon as such funds are received into this operational account which does not necessarily have to be a “safeguarding account” (see below).

Where a non-bank PSP uses its “safeguarding account” to receive relevant funds from customers, then the segregation requirement will be met (provided that the safeguarding account meets the specified requirements).

  • If relevant funds continue to be held at the end of the business day following the calendar day the funds were received, then the funds must be either (i) placed in a separate account at an “authorised credit institution” or the Bank of England or (ii) invested in “secure liquid assets” as approved by the FCA which are then placed in a separate account with an “authorised custodian”.

This separate account is commonly referred to as a “safeguarding account”.

Only relevant funds that are to be held overnight need to be placed in such a safeguarding account. Relevant funds that are not to be held overnight do not need to be placed in such a safeguarding account but, as noted above, such funds remain to be subject to the segregation requirement at all times.

The FCA has said that if a non-bank PSP can prove it will never hold relevant funds overnight, then the PSP does not need to have any such safeguarding accounts.

The term “authorised credit institution” essentially means UK or EU credit institutions. Note that following Brexit (and subject to the Brexit negotiation), “authorised credit institution” includes a UK credit institution and any bank authorised in an OECD member country or any bank authorised in a non-OECD country but meets certain requirements (e.g. minimum net assets of £5million).

The term “authorised custodian” essentially means a UK authorised firm that has the permission to safeguard and administer investments or any MiFID2 investment firm that holds investments in accordance with MiFID2. Following Brexit (and subject to the Brexit negotiation), a MiFID2 investment firm can no longer be an authorised custodian for these purposes.

The authorised credit institution or authorised custodian cannot be with the same group as the non-bank PSP.

The safeguarding account requirements for PI refer to “secure and liquid assets” whereas the corresponding requirements for EMIs refers to “secure, liquid, low risk assets”. The concepts differ slightly under the PSR2017 and EMR2017. However, the FCA adopts a common approach as regards what assets fall within these categories. So in practice, the permitted assets for PIs and EMIs are the same which are in summary: assets that have a 0% risk weighting under the Capital Requirements Directive (e.g. exposures to central governments or central banks) and units in UCITS that only invest in such assets.

  • The key requirements on the safeguarding account are: (i) it must be designated clearly as a safeguarding account and can only be used to hold relevant funds/assets and (ii) no one else may have any interest in or right over relevant funds/assets placed in it.

There are some special provisions for PIs and EMIs that are participants in a “designated system” under the Settlement Finality Regulations (e.g. Faster Payment). For example, the Bank of England in certain circumstances may be granted an interest in or right over the funds.

A non-bank PSP can have more than one safeguarding account. However, for non-bank PSPs within a corporate group, each entity must have its own safeguarding account(s); i.e. there cannot be one single safeguarding account at the group level for all non-bank PSPs within the group.

While the segregation method may appear relatively straightforward, it nonetheless raises fundamental issues with respect to the nature of these requirements, particularly for EMIs. Generally, the segregation method is based on the understanding that the relevant funds are those of the customers and thus need to be separated from the non-bank PSP’s own funds (see Recital 37 of the Second Payment Services Directive and Recital 14 of the Second Electronic Money Directive).

That reasoning seems sound with respect to PIs. PIs essentially receive customer funds to move such funds (as instructed) to recipients, i.e. the funds are never paid to the PI. However, with respect to EMIs, this reasoning struggles.

“Electronic money” is defined in summary as value issued in exchange of funds paid to the EMI. In other words, a customer pays e.g. sterling to the EMI to “purchase” the corresponding value at par. Once paid, the sterling funds should logically become funds of the EMI itself; the customer already gets their purchased value and has a claim (only) against the EMI for at-par redemption. On that basis, it seems odd to require the EMI to segregate funds that should rightly belong to itself.

From a practical and operational perspective, since customers will be using the value (e-money) as a means of payment, the relevant funds (which will almost invariably be held overnight or longer) in the safeguarding account would need to be adjusted/reconciled every time a payment is made using the corresponding value. That seems a challenging task particularly for large EMIs which may see thousands or even hundreds of thousands of transactions on a daily basis.

The segregation method for such e-money float seems to function effectively like a capital requirement for EMIs.

The safeguarding requirement for the e-money float was not included in the original proposal by the European Commission for the Second Electronic Money Directive. It was added by the European Parliament during the legislative process. The European Parliament’s reasoning appeared to be ensuring e-money holders could redeem at par at any given time. If that is the underlying policy, then the insurance method (see below) seems to be the only appropriate method (of the two methods) with respect to such e-money float. However, there are issues with the insurance method as well (see below).

Further, for both PIs and EMIs, it is not entirely clear at what point in time relevant funds should be regarded as having exited from safeguarding. For example, where a non-bank PSP receives a transfer order/instruction at hour T and will be executing the transfer in T+10 minutes, does it mean the PSP can pull the funds out of safeguarding at T or does it mean the PSP can only pull the funds out of safeguarding at T+10 minutes? What about T+1 hour, T+3 hours? These are not mere theoretical scenarios as they can have considerable impact on the PSP’s operational processes and the boundaries of its compliance obligations.

The insurance method

With respect to the insurance method, this requires that:

  • Relevant funds are covered by an insurance policy or a comparable guarantee by an “authorised insurer” or a comparable guarantee by an “authorised credit institution”; and

An “authorised insurer” means essentially a UK or EU authorised insurer. Following Brexit and subject to the Brexit negotiation, an EU authorised insurer will no longer be an authorised insurer for this purpose.

  • The proceeds of the insurance/guarantee must be payable upon insolvency of the PSP and into a safeguarding account (which must meet the requirements as discussed above).

The insurance/guarantee must either cover all relevant funds (i.e. not just relevant funds held overnight) or part of it (if the non-bank PSP chooses to use the insurance method and the segregation method in combination, with the remaining safeguarded under the segregation method). As such, there is no segregation requirement with respect to relevant funds here.

The FCA has explained that a “guarantee” here is not the commonly understood concept under English law (i.e. the guarantor having only secondary liability). A “guarantee” for these purposes is one under which the guarantor must assume primary liability (i.e. payment upon insolvency) and there cannot be other conditions or restrictions attached to such primary liability.

Note that for EMIs that engage in unrelated payment services, the insurance/guarantee proceeds must be paid into two separate safeguarding accounts (one with respect to e-money float and the other for relevant funds with respect to unrelated payment services).

It appears that the dominant method for safeguarding among non-bank PSPs is the segregation method. The apparent difficulty in practice with the insurance method is that the insurance/guarantee as mandated does not appear to be easily obtainable. This seems understandable given the primary liability requirement. One solution may be for the EU to require banks/insurers to provide such insurance/guarantee (which could be compared to the Second Payment Services Directive which requires banks to provide account services to PIs). However, from the European Commission’s report on the Second Electronic Money Directive (dated 25 January 2018), any revision (or possible merger with the Second Payment Services Directive) is for the time being put on hold with the focus now on the Second Payment Services Directive.

Concluding remark

The safeguarding requirements may appear to be relatively straightforward on first sight. They are, however, much nuanced when actually being implemented in practice, particularly for EMIs. This is further compounded by the lack of detailed guidance on how non-bank PSPs should comply with these requirements (in contrast, the client money rules that banks need to comply with are much more detailed). While the FCA cannot be expected to provide guidance with respect to each business model on the market, it would be helpful nonetheless for there to be clarifications on the more fundamental issues that are business model-neutral.

The FCA now requires non-bank PSPs effectively to self-certify that they are in compliance with the applicable safeguarding requirements. Given some of the uncertainties, it remains to be seen how effective such self-certification would be and what next steps the FCA may take in terms of strengthening compliance.