Loading…

Does your payment services firm or electronic money institution require an audit?

Over recent years the payments sector has developed rapidly, as we move towards a ‘digital economy’. The FCA has confirmed that this sector is a priority area and it will act swiftly where firms fail to meet regulatory requirements.

Last updated: 5 January 2021

 

The FCA regulates payment services firms (such as authorised payment institutions (‘APIs’)) and electronic money institutions (‘EMIs’). There are similarities between both of these types of firms and the FCA’s guidance usually covers both together. The Payment Services Regulations (PSRs) and Electronic Money Regulations (EMRs) set out the requirements for when these firms that need to appoint auditors (see below). The requirements in these regulations are broadly similar.

 

A common misconception is that the UK company law requirements are also similar, in respect of statutory audits. These actually differ significantly between each type of entity. We have clarified these differences below.

About the author

Jay Patel

+44 (0) 207 556 1390
patelj@buzzacott.co.uk
LinkedIn

Last updated: 5 January 2021

 

The FCA regulates payment services firms (such as authorised payment institutions (‘APIs’)) and electronic money institutions (‘EMIs’). There are similarities between both of these types of firms and the FCA’s guidance usually covers both together. The Payment Services Regulations (PSRs) and Electronic Money Regulations (EMRs) set out the requirements for when these firms that need to appoint auditors (see below). The requirements in these regulations are broadly similar.

 

A common misconception is that the UK company law requirements are also similar, in respect of statutory audits. These actually differ significantly between each type of entity. We have clarified these differences below.

Payment services firms

Payment services firms (that are not EMIs)

 

Firms regulated under the PSRs are not automatically required, by UK company law, to have an audit. The usual size criteria applies (on a group-wide basis). This article linked provides a useful guide to the size criteria.

Even if the worldwide group is small and an audit would not normally be required, the owners of a firm may decide to request that the firm has its financial statements audited. This scenario is commonplace where a counterparty would like to see audited financial statements before doing business with a company.

There is no requirement for payment services firms to submit financial statements to the FCA. These will need to be submitted in accordance with the normal Companies House deadline. If these financial statements are audited, the PSRs stipulate that the auditor must communicate certain matters to the FCA.

E-money firms

Electronic money institutions

There is less flexibility with electronic money institutions (which have the added permission of issuing Electronic money). UK firms regulated under the EMRs as an electronic money institution are not entitled to take any exemption from audit, regardless of their size.

As with other payment services firms, there is no requirement for an electronic money institution (that does not undertake any other non-regulated business) to submit its audited financial statements to the FCA. If the firm undertakes other non-regulated activity (and therefore becomes a ‘hybrid business’), the audited financial statements need to be submitted to the FCA when they are submitted to Companies House. As with the PSRs, the EMRs stipulate that the auditor must communicate certain matters to the FCA.

Audits of compliance with safeguarding requirements

For APIs and EMIs that hold customers’ funds, there has historically been no requirement for an audit of compliance with safeguarding requirements. However, in its finalised guidance for payment and e-money firms on safeguarding customers’ funds (issued in July 2020), the FCA has explicitly clarified that it expects these firms to arrange an annual audit of compliance with the safeguarding requirements under the PSRs/EMRs, if its financial statements are audited. These audits are similar in nature to CASS audits, completed in accordance with SUP 3.10. These safeguarding audits must be carried out by an audit firm or other independent external firm or consultant. The FCA expects the auditor to provide an opinion addressed to the firm on:

  • whether the firm has maintained organisational arrangements adequate to enable it to meet the FCA’s expectations of its compliance with the safeguarding provisions of the EMRs/PSRs (as set out in chapter 10 of its Approach Document), throughout the audit period, and 
  • whether the firm met those expectations as at the audit period end date.

In its guidance, the FCA has not stated when firms’ first annual audit of compliance is expected. Therefore, we consider this to come into immediate effect.

Get in touch

If you are a payment services firm or e-money firm and would like to discuss your audit and accounting needs, please get in touch via the below form and a member of our specialist team will contact you.

Get in touch
Please complete all required fields above.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
close back
Your search for "..."
did not yield any results.
... results for "..."
Search Tags