In the fast-paced world of digital finance, eMoney Institutions (EMIs) play a crucial role in facilitating electronic payments and managing digital currencies.
With the rise of online transactions and digital wallets, ensuring the security and integrity of these systems is paramount. This is where the Payment Service Regulations (PSR) safeguarding audit requirements come into play.
What are EMIs?
EMIs are financial entities that are licensed to issue electronic money, store funds electronically, and facilitate electronic payment transactions. They operate in the digital realm, providing services such as prepaid cards, mobile wallets, and online payment platforms.
In recent years EMIs have gained popularity due to their convenience, accessibility, and ability to cater to the needs of the digital economy.
The Importance of PSR / EMI Safeguarding Audit Requirements
PSR/ EMI safeguarding audit requirements are regulations designed to protect consumers and ensure the security of funds held by EMIs. These requirements aim to prevent fraud, mismanagement, and misuse of customer funds.
By mandating regular audits and stringent compliance measures, PSR safeguarding audit requirements help maintain trust and confidence in the electronic payment ecosystem.
Key Components of Safeguarding
There are five key areas of focus when it comes to safeguarding.
1. Safeguarding Requirements
The “Relevant funds” of customers of e-money and payment institutions must be protected by either of two possible options:
Option 1: The Segregation method – this is where relevant funds are:
- Kept separate from all other funds within an authorised credit institution or Bank, or
- Invested in such secure, liquid assets as approved by the FCA and where those assets are placed in a separate account with an authorised custodian.
Option 2: The Insurance or comparable guarantee method – this is where relevant funds are covered by:
- an insurance policy with an authorised insurer, or
- a comparable guarantee, given by an authorised insurer, or
- an authorised credit institution.
These methods can be used in isolation or in tandem.
2. Safeguarding Procedures
EMIs must implement robust safeguarding procedures to securely manage and protect customer funds. This includes employing advanced encryption technologies, multi-factor authentication, and secure data storage practices.
In addition to these, it’s crucial that eMoney firms regularly reconcile their relevant funds to identify discrepancies as and when they arise, and facilitate fast responses to reconcile any variances.
It’s also important to select appropriate credit institutions to minimise the risk of losing customer funds due to said firms failing. Firms using the insurance method should rigorously scrutinise any guarantor behind the insurance policy.
3. Conduct Regular Audits
The PSR mandates EMIs to undergo regular audits conducted by independent third-party auditors. These audits must assess the EMI’s compliance with safeguarding requirements, financial stability, risk management practices, and adherence to regulatory standards.
4. Reporting Requirements:
EMIs are required to submit periodic reports to regulatory authorities detailing their safeguarding measures, financial status, and compliance efforts. Transparency and accountability are essential in maintaining regulatory compliance and trust within the industry.
5. Risk and compliance management
While not distinctly enforced by the current FCA regulations, early adoption of CASS style policies may prove beneficial to the eMoney firms. For example, a breach register would allow the firm to monitor any shortcomings that may be identified. It will also help to spot any consistent patterns.
Compliance and integrity
Ensuring compliance and security compliance with PSR safeguarding audit requirements is not only a legal obligation, but also a critical aspect of maintaining EMIs’ integrity and reputation.
By adhering to these regulations, EMIs demonstrate their commitment to protecting customer funds and upholding the highest standards of security and trust.
To ensure compliance and security, EMIs should:
- Stay updated on regulatory changes and requirements.
- Implement robust internal controls and risk management practices.
- Conduct regular internal audits to identify and address potential vulnerabilities.
- Collaborate with reputable third-party auditors to conduct thorough safeguarding audits.
- Continuously invest in technology and infrastructure to enhance security measures.
See our Payment and E-money firms 8-point checklist to help businesses strengthen their compliance in this area ahead of their audit.
Also read, our answers to common questions around Payment and E-money Safeguarding Audits
Changes ahead – CP24/20
In Autumn 2024, the FCA issued new guidance CP24/20, which impacts E-Money Firms. They also launched a safeguarding consultation, which closed in December 2024. The consultation will guide the final safeguarding rules the FCA intends to implement in stages. In doing so, it will work alongside HM Treasury to transition relevant PSRs and EMRs provisions into the FCA Handbook.
It is anticipated these next steps from the FCA are likely and that the outcome of the consultation will be published in Summer 2025:
- Interim rules and a policy statement will be published in the first half of 2025.
- The interim rules will then be implemented over a six-month period.
- The FCA will publish final rules (end state) for which firms will then have 12 months to implement.
For more details see: Changing the safeguarding regime for payments and e-money firms
CAN WE HELP?
At Shipleys, we’ve been helping many payment and e-money issuing businesses comply with the latest regulations. For further information, contact one of our specialists shown on this page.
Specific advice should be obtained before taking action, or refraining from taking action, in relation to this summary. If you would like advice or further information, please speak to your usual Shipleys contact.
Copyright © Shipleys LLP 2025
Related Resources
An 8-point checklist to help Payment and E-money firms’ safeguarding audit compliance
Payment and e-money firms’ safeguarding audits – common questions answered
