The Payments and E-money industry has seen a sharp focus from the FCA - with an acceleration of this focus brought about by the risks associated with COVID. For the majority in this industry, the underlying customers are retail (i.e., you and I) therefore the regulator’s lens tends to be broader and deeper. One of the key avenues through which the FCA effects it’s supervision is through the conduct of external audits of which the results are visible for the FCA to explore.
As the end of another year approaches, audit firms are gearing up for ‘Busy season’ or ‘Audit season’ much to the dread of the junior staff. Across the street, firms being audited find themselves frantically preparing for the scrutiny that awaits, hoping for a stress-free clean audit, if there is such a thing.
Whilst this may be standard practice for finance veterans preparing for their umpteenth annual statutory audit, for Payment and E-money institutions this will only be their second-year audit. The first-year audit would have been high-level, a box-ticking exercise ensuring the institution’s business model and risks are understood. By the time this is captured and understood, the end of the audit appears rapidly curbing the auditor’s inquisition. Much to the delight of audit firms, second-year (and subsequent) audits tend to be more comprehensive, affording time to leverage the knowledge built in the first year to hone into the details and unearth cracks below the surface. For Payment and E-money institutions, this will soon become a reality (if it isn’t already).
To help Payment and E-money institutions, we’ve prepared a few pointers on where the auditor may pay particular attention to:
Whether internal and external reconciliations consume good data.
How the institution has negated risks of commingling its own funds with relevant funds.
Whether EMIs/credit unions provide payment services that are unrelated to the issuance of e-money and how the treatment and segregation may differ.
If the overall risks & controls framework is adequate to provide senior management assurances.
Whether periodic due diligences have been performed and if so, if they have sufficiently captured the key considerations.
Where firms are using the insurance method for segregation, whether the methodology is appropriate.
The appropriateness of the safeguarding governance & oversight framework.
If you would like to discuss any of the above points further or how to prepare for your safeguarding audit, you can contact Zakir Karim.
Kommentare