Step 1: Your annual obligations
Anti-money laundering (AML):
The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“the MLRs”) requires an annual assessment of your AML framework. You’ll need to complete a risk assessment for your business, identifying the money laundering and terrorist financing risks facing your business and put in place mitigation plans.
Capital adequacy:
As an FCA regulated business, you’ll need to conduct regular checks on your capital position to ensure that you continue to meet the FCA’s ongoing capital requirements.
Your firm’s minimum initial capital requirements can be found below (unless the FCA has directed you to hold more or less capital):
However, your firm’s ongoing capital (or “own funds”) requirements will vary depending on your business activity and the method the FCA has directed you to apply to calculate your own funds.
Chapter 9 of the FCA’s Payment Services and Electronic Money Approach Document provides more information on capital resources and how to calculate your own funds requirements.
Wind down planning:
If you’re an Authorised Payment Institution (API) or E-money Institution (EMI) you must have a wind-down plan (also known as a “living will”) in place to manage your resolution risks.
Your wind-down plan should account for the different scenarios under which you might need to wind down your business, including a solvent and insolvent wind-down, and how you would do this safely, effectively and with minimal impact on consumers and the market.
For more information on wind-down planning, check out the FCA’s Wind Down Planning Guide.
Business continuity:
Business continuity is a company’s level of readiness and ability to maintain its critical business functions in times of stress or disruption.
The 5 key components included in a good business continuity plan are:
- Identification of risks and potential business impact
- Foreword planning for an effective response.
- Documentation of roles and responsibilities
- Description of how the plan will be communicated.
- Description of ongoing testing and training.
You should conduct an annual assessment of your Business Continuity Plan to ensure that it continues to remain effective.
Safeguarding:
Safeguarding is a big focus for the FCA, and you should conduct an annual review of your client safeguarding arrangements, ensuring that:
All relevant funds are identified and safeguarded upon receipt and;
That this happens within the appropriate timeframes.
If your business is required to have an annual audit of your company’s financial accounts, then you must also arrange an annual external audit of your safeguarding arrangements as set out in the Payment Services Regulations 2017.
Operational resilience:
The FCA define operational resilience as “the ability of financial services firms and the finance services sector to: prevent, adapt, respond to, recover, and learn from operational disruptions.”
In other words, your company’s ability to bounce back. You can review your firms operational resilience by:
- Identifying and mapping your business’s important services
- Setting up your impact tolerances
- Undertaking scenario testing
- Completing a self-assessment
- Preparing internal and external comms plans and templates.
You should review and asses your firm’s Operational Resilience at least annually.
IT Security:
As part of your Operational and Security Risk RegData Return, you’ll need to provide an independent review of your firm’s operational and IT security risks in accordance with European Banking Authority guidance.
This review can be completed by someone within your business who is sufficiently independent and understands the requirements of the regulations, or by an external auditor.
Review your agents (if applicable):
If you have agents or appointed representatives, you should meet with them at least annually to conduct a review and ensure they’re operating in a compliant manner.
Training:
All Payment and e-Money firms should establish an annual training programme for employees, to ensure they perform their duties in a manner consistent with the regulations.