Having said all that, I think it’s still pretty useful content for those who want to know a bit more about what it is and how it works, so let’s jump in.
Safeguarding is used by Payment Institutions and E-Money Issuers (PIs and EMIs) to protect funds it holds in-trust for the beneficial use of underlying users in the event they were to go into liquidation. It ensures that the funds can only be used to complete the payment as instructed or, should that prove to be impossible (such as if the PI/EMI were to cease operating due to a forced liquidation before the instruction is executed), the funds are returned to the original payer.
There are 2 ways of safeguarding in the UK:
Other jurisdictions also have methodologies such as ‘by Guarantee’ but this type of safeguarding is not used in the UK. In regulatory terms, the PI/EMI is a Payment Services Provider (PSP) and the underlying client is the Payment Services User (PSU). There may also be other PSPs in the payment chain.
The FCA regulates based on good customer outcomes. Rather cleverly, the regulations create outcomes that protect the funds the customer has paid to the PI or EMI. Safeguarding creates a chain of custodial protection whereby:
Similarly, the safeguarding of client funds is a key supervisory priority of the Central Bank of Ireland (CBI). This is important considering the potential for client detriment if a firm has not adequately safeguarded client funds.
Payment Services Regulations (2017) stipulate that PIs / EMIs must have appropriate and well-managed safeguarding arrangements to ensure customer funds are not subject to any other claim and that in the event of insolvency, are returned to the customer in full, and in a timely and orderly way.
This is set out in detail within:
Current PSRs are law in the UK and were transposed into UK law from the 2nd Payment Services Directive (PSD2) in 2017 (hence the date of the legislation). PSRs (2017) replaced PSRs (2007) that were derived from the first PSD (PSD1).
EU directives do not all have to be implemented into law in the same way in each country. It is widely acknowledged that the way the UK regulates is very supportive to PIs / EMIs. Perhaps this is because the UK parliament and regulator actively seek to break monopolistic and anti-competitive behaviours of the large banks. Indeed some of the changes required in PSD2 were already underway in the UK through Open Banking, Banking Reform and various initiatives of bodies such as the Competition & Markets Authority.
In Ireland, authorised payment institutions must adhere to their safeguarding obligations as set out in the Payment Services Regulations (2018).
Banking partners are required to warranty (in a side letter to the usual T&Cs of the account) that the safeguarded funds will not be used to satisfy or offset any other obligation including those obligations imposed on the PI/EMI itself. Directionally, the side letter must come from the bank to the PI. If the PSU’s payment instruction is unable to be complied with, the bank must return the funds to the original source. If this cannot be done by the PI/EMI due to liquidation then it will be overseen and instructed by the insolvency practitioner.
PI/EMIs do not maintain a safeguarding account for each individual customer. Rather, they hold pooled accounts in the name of “[PI name] Client Accounts” in each currency for the purpose of providing payment services.
Individual customers’ funds in safeguarding accounts are identified through its ledger of virtual account numbers and/or virtual reference numbers. These records are used to reconcile credit, debit and balance transactions each day such that (i) the recorded positions for each client individually show what amount of the total balances held is attributable to them; and (ii) the individual amounts recorded in virtual accounts should add up to the total balance held in the real account.
PIs and EMIs also move fees and charges out of the safeguarding account to their own operational account as they are required to do so at least daily.
In PSRs, safeguarding applies to ‘Relevant Funds’ which are defined as sums received:
PIs/EMIs are obliged to safeguard any monies you transact including funds placed into their payment account at the PI/EMI, withdrawals. Safeguarding should start as soon as Relevant Funds have been received. It should continue until the Relevant Funds are paid out to the payee or the payee’s Payment Services Provider.
The FCA and CBI requires both internal and external reconciliation to take place.
Internal reconciliation
The internal reconciliation provides assurance as to the accuracy of internal records with regards to how much should be safeguarded. This is done by comparing:
This enables the firm to check the accuracy of its records by comparing its internal customer balances with its own record of customer funds held in the safeguarding account. This comparison should result, taking account of timing differences, in an exact match.
External reconciliation
In contrast to the internal reconciliation, which is only interested in the record of relevant funds held at the banking providers, the external reconciliation uses the total actual balance held in the safeguarding accounts, including non-relevant funds in the form of fees accrued.
There are some complex / nuanced scenarios that only apply in a limited number of cases and sometimes cause confusion. Descriptions of these situations may be read in isolation and need not be understood by all readers of this article. If you are confused please skip to Differences between payment accounts and bank accounts.
Double safeguarding
The industry is consulting with the FCA on some ambiguity in the wording of the PSRs approach document but as a general set of principles:
Double safeguarding would mean that the client’s funds are segregated AND the PSP also has to use the same amount of its own funds while the client’s money transitions. The ambiguity occurs where there is an intermediary PSP. However, safeguarding is owed to the PSU, not the intermediary PSP.
Furthermore, the intermediary PSP is liable in the event it creates a loss for the first PSP. Double safeguarding is seen by the key industry bodies as an over-zealous interpretation of the safeguarding rules, but expect further clarifications to follow from the regulators.
Multiple PSPs; PSP also acting as PSU
The PI/EMI with accounts directly at the qualifying credit institution may hold safeguarding funds sent by another intermediary PSP. The first PI/EMI might also hold funds for the intermediary PSP as a PSU as well (e.g. fees). In this scenario, safeguarding applies in 2 separate and distinct ways:
These amounts are not considered to be co-mingled as the amount held for the underlying client when they are PSU cannot be used to settle or offset the obligations of the intermediary (whether they are acting as an intermediary PSP or as a PSU).
Funds received for FX
Funds received for foreign exchange are only relevant for safeguarding purposes to the extent that they are received into customer payment accounts. Foreign exchange in and of itself is not an activity covered by the safeguarding requirement. In practice this means that where a client executes an FX transaction, their available balance will fall whilst the FX is undertaken. The proceeds of the FX deal will then land. There may be a small-time delay or lag while the 2 legs of the FX deal settle during which the funds are not safeguarded. During this time the funds are transitioning via the FX liquidity provider. This is described in the FCA’s PSRs approach document and your PI/EMI will be able to update you further.
Generally, PSUs make use of PIs and EMIs because banks do not have the flexibility of product or pricing structure to meet their needs. A client’s account with a PI/EMI is a payment account. The payment account should never be described or thought of as a bank account because PIs / EMIs are not banks. If the PSU wants to deal with a bank then they should open and operate a bank account.
The key differences between payment accounts at a PI / EMI and a bank account are:
Many PSUs using PIs and EMIs, therefore, benefit from lower costs, whilst foregoing little interest and facing very little incremental risk.
PIs / EMIs must undertake an annual audit of compliance with the PSRs 2017 safeguarding requirements. The safeguarding audit provides formal ratification and comfort that the safeguarding process is being followed and that funds are truly protected.
The audit must show that the PI/EMI (i) has an up-to-date safeguarding systems and controls manual, (ii) holds records that demonstrate and explain the rationale behind its safeguarding decisions, and (iii) fully discharges its safeguarding obligations as prescribed by the PSRs.
Failures are never welcomed in the payment industry. If individual failures aren’t fully understood they can stigmatise others in the same industry by association. Assuming you have read this far, I can assume you want to understand the way the payment industry works in more detail than the average person. I, therefore, feel safe describing a couple of examples – the intention is that they are cautionary tales for operators rather than indictments of the industry.
Wirecard
In 2019 and 2020, Wirecard AG illustrated the strength of the regulatory environment in the UK for PSPs by providing an almost perfect (although tragic) counterfactual by highlighting how poor the regulatory environment is in Germany. Both countries were subject to the same EU directive (PSD2) which makes the failure even more shocking.
Premier FX
Premier FX – subject to recent censure (Q1 2021).
These levels of fraud and duplicity are exactly why you should work with a PI/EMI with (i) the scale and structure to separate responsibilities, and (ii) who will actively seek the validation the safeguarding audit provides, not just submit to external review out of a sense of obligation or to ‘tick a box’.