Payments: how to get on top of the FCA’s latest letter

If you work in payments or e-money, your firm may have received a ‘Dear CEO’ letter from the FCA on 16 March. 

In the letter, the regulator notes that it’s pleased with the innovation going on in your sector. However, it’s also concerned that many firms don’t have ‘sufficiently robust controls’ to prevent harm to their customers and the financial system. 

As a result, the FCA sets out a range of outcomes, priorities and actions to take. Your business will need to address these as soon as possible, or could risk fines and sanctions. 

The good news: Duco can help you achieve much of what the FCA’s asking for. Once you’ve read this post, you’ll be clear about:

• What’s in the FCA letter 
• Why it matters for your payments or e-money business
• What you can do to achieve the FCA’s desired outcomes
• How Duco can help you

What’s in the FCA letter?

The FCA sets out three outcomes that it wants you, as a payments firm, to achieve:

1. Ensure that your customers’ money is safe
2. Ensure that your firm does not compromise financial system integrity 
3. Meet your customers’ needs, including through high quality products and service, competition and innovation, and robust implementation of the FCA Consumer Duty

Each of these outcomes are underpinned by priorities, which are themselves underpinned by actions for you to take. There are also three ‘cross-cutting priorities’, which the FCA believes support all of the above outcomes at once. 

Two priorities – one for the first outcome, and one cross-cutting – are very close to our heart at Duco:

1. Safeguarding
2. Operational resilience 

Let’s take a look at what these mean for your business. 

What does the FCA mean by ‘safeguarding’?

‘Safeguarding’ refers to the arrangements that ensure your customers’ funds are returned quickly, in the event of your insolvency. 

The FCA has identified a range of common failings of payments firms in this area, and actions to take. You’ll need to document your processes for identifying which funds are ‘relevant’ as defined in the regulations, and you’ll need to reconcile data for these funds daily. 

What does the FCA mean by ‘operational resilience’?

‘Operational resilience’ refers to your ability to prevent, adapt, respond to, recover and learn from operational disruptions. 

Part of being operationally resilient is reviewing your important business services regularly, to ensure that you remain within your impact tolerances for operational risk.

While reconciliation isn’t an ‘important business service’ by itself, it is a ‘process necessary to the provision of important business services’. For example, enabling customers to withdraw funds may be an ‘important business service’ for your firm – and reconciliation supports that by helping to ensure that those funds are properly safeguarded.  

As a result, you’ll need to ensure that your reconciliation solution is enterprise-grade, reduces operational risk and is ready to tackle an ever-changing environment.  

What can my payments firm do to achieve the FCA outcomes?

Exactly what you’ll need to do depends on how your business is set up. The system that you use to reconcile data will play a key part. And at Duco, we know reconciliation inside-out. Here’s what we think you need to do.

Ensure documented processes

The FCA notes that a key failing in addressing its safeguarding priority is ‘firms not having documented processes for consistently identifying which funds are “relevant funds”’. 

This is something we often see, too. If your reconciliation process – which helps identify those funds – is based on spreadsheets and manual workarounds, you’ll find it hard to justify to a regulator or internal audit. On good days, your process might be adequate. But when the time comes to show documentation, you’ll end up scrambling around in Excel and your inbox to pull together examples of how it runs. 

Reconcile using a no-code platform like Duco, and your non-technical operations and finance teams will be able to build and manage their own automated controls. For every process you create, you’ll be able to download a human-readable PDF to show a regulator exactly how it works and who’s made changes. 

Reconcile daily

The second key safeguarding failing that the FCA notes is ‘inadequate reconciliation procedures to ensure that the correct sums are protected on an ongoing basis’. As a remedy, it mandates internal and external reconciliations at least once a day. 

This might sound like a huge ask if you’re running a manual reconciliation system based on Excel. Particularly when you’ve got external partners – perhaps much larger than you – who’ll provide you with data in any format they please. Getting that data in order for your system is a massive job in itself. 

Use Duco for your reconciliations, and you’ll be able to automate much of the reconciliation process. We can ingest just about any data, from multiple sources, with minimal pre-transformation. Machine learning helps you to more accurately identify data that should match. And you’ll be able to automate workflows, taking the legwork out of your processes. 

Reduce manual intervention

Speaking of automation, it’ll come as no surprise to you to hear that regulators like the FCA prefer low levels of manual intervention in reconciliation.

The reason is clear: manual intervention introduces new sources of risk. Say you have an automated system, but it can’t handle a particular data format. When a person has to edit input files manually or change something else inside the system to account for the quirk, you’ve got people risk. There’s the potential for the person intervening to make mistakes, and a lack of transparency and accountability for the change. 

With Duco, you can build flexible logic that will account for scenarios like this. Your system will no longer need manual intervention, and you’ll have clear logs to show who’s created the logic and any changes made. People risk eliminated.

Balance innovation and regulation

The FCA welcomes the innovative nature of the payments sector. Indeed, its third desired outcome is that you ‘meet your customers’ needs, including through high-quality products and services, competition and innovation.’

Innovation at your firm probably looks like adding groundbreaking new products, or meeting demand in new countries and currencies. And that’s great. But here’s the thing. All of that innovation comes with increased regulatory scrutiny. As your products change, so will the regulatory burden. Expand into new jurisdictions, and you’ll have new regulators to satisfy. 

Legacy reconciliation technology tends to be inflexible, and unable to adapt to changing audit requirements or enforcement practices. The Duco platform, on the other hand, is cloud-based, simple to configure and data source-agnostic. Thanks to its no-code setup and automatic, transparent documentation, you’ll be able to build controls for new products and jurisdictions in days rather than months.

Mitigate operational risk 

“Operational disruptions are inevitable.” The FCA’s words, from their 2022-2025 strategy. What the regulator considers important, as outlined in the second cross-cutting priority of their recent letter, is how you respond to and recover from those disruptions.  

As you’ve probably guessed, we don’t tend to find that legacy reconciliation solutions are very good at adapting to new operational processes, let alone protecting against risk in the first place. Software used anywhere near your critical business services needs to have enterprise-grade reliability, governance and controls. 

Duco can help you mitigate a host of types of operational risk. We’ve seen how you’ll reduce key person risk with no code. On the other side of the coin, granular permissions ensure that no one outside your chosen group can access a system. We’ve seen how you’ll reduce process risk with automated workflows. You’ll be able to protect against system risk, too, thanks to a disaster recovery environment, an SLA mandating 99.8% uptime and a global support team. 

What to do next 

The FCA has said that it expects to see ‘prompt action’ in addressing the risks it highlights in its letter, and progressing toward achieving its outcomes. You should now have an idea of how reconciliation plays a key part in this. To find out how Duco can help you, why not book yourself a live demo with one of our team?