May 272021

FCA Letter to E-Money Institutions: Why All UK Payment Service Providers Should Review Their Marketing Practices Now

Abi Twist, Sara George, Max Charles Savoie and John M. Casanova
, , ,

On May 18, 2021, the UK Financial Conduct Authority (FCA) published a “Dear CEO” letter (the Letter) asking e-money institutions to ensure that their customers understand how their money is protected. The FCA has expressed concern that e-money institutions do not adequately disclose the differences in protections between e-money and bank accounts and that customers are not aware of the differences in protections between e-money services and traditional banking services, in particular that the UK Financial Services Compensation Scheme (FSCS) protection does not apply to e-money accounts.

The FCA has noted that its rules under BCOBS 2.3 require communications made to e-money customers and payment service or e-money promotions to be accurate and not emphasize any potential benefits of a payment service or e-money product (e.g., current account functionality) without also giving a fair and prominent indication of any risks (e.g., lack of FSCS protection). The FCA has stated that omitting this could mean that the information firms give customers is insufficient or even misleading.

The FCA has also expressed concerns that firms are giving a potentially misleading impression to customers about the extent to which products or services are regulated by the FCA. In particular, if a communication or a payment service or e-money promotion names the FCA as the regulator of a firm or other provider and refers to matters the FCA does not regulate, the firm should ensure that the communication makes clear that those matters are not regulated by the FCA (BCOBS 2.3.4G).

Immediate actions for UK e-money institutions

The FCA has requested that e-money institutions

  1. write to their customers within six weeks of the date of the Letter to remind them of how their money is protected through safeguarding and that FSCS protection does not apply
  2. review their financial promotions in light of the BCOBS requirements discussed above
  3. draw the Letter to the attention of the board and ensure that the board has considered the issues raised and approved any actions taken in response

The FCA has stated that it intends to follow up with a sample of firms to assess the action taken.

FCA approach to enforcement

The Letter is the latest step in a ratcheting up of supervisory efforts by the FCA affecting the payments sector. In particular, the FCA is starting to take a much more proactive approach to supervising nonbank payment service providers, such as e-money institutions and payment institutions, in relation to their safeguarding obligations. The FCA has carried out reviews to assess compliance with safeguarding requirements, which included requests for attestations of compliance from senior managers.

In addition, in February 2021, the FCA publicly censured Premier FX Limited for failing to properly safeguard its customers’ money. The FCA also determined that the firm had seriously misled its customers by informing them that it was able to hold their funds indefinitely, that their funds would be held in secure, segregated client accounts, and that their funds would be protected by the FSCS.

Key takeaways for firms

UK e-money institutions

Any UK e-money institution that has not received a copy of the Letter from the FCA should check with the FCA whether it should have. We have heard anecdotally that previous Dear CEO letters have not always been sent to the correct contacts and in some cases were sent to an individual who had left the relevant firm.

UK e-money institutions should raise the Letter to their board and start preparing the communication to their customers, taking into account how it should be tailored to their business and customers (e.g., consumers, corporate customers).

The Letter is not clear on how an e-money institution that provides payment services with a credit line to customers (rather than prefunding) should deal with this request. Such firms may wish to seek clarity from the FCA as to whether they would need to send a communication to those customers and, if so, what it should contain.

All UK payment service providers

All UK payment service providers, including banks, e-money institutions, and payment institutions, should proactively review and, where necessary, update their marketing and customer communication practices and procedures. In particular, a UK payment service provider should ensure that promotions and other material communications to customers about its service are reviewed against the applicable BCOBS rules and the FCA’s Principle 7, which requires firms to communicate information to customers in a way that is clear, fair, and not misleading.

The BCOBS rules apply more extensively in relation to communications to customers that are consumers, microenterprises, or small charities. However, firms that rely on the “corporate opt-out” provisions under the UK Payment Services Regulations 2017 are still subject to requirements under BCOBS in relation to promotions of regulated payments and e-money services.

Lastly, a UK payment service provider that offers regulated and unregulated services — e.g. payments services plus unregulated technical, data processing, or analytics services — must generally make clear in its communications that the FCA does not regulate the latter.

This post is as of the posting date stated above. Sidley Austin LLP assumes no duty to update this post or post about any subsequent developments having a bearing on this post.

Abi Twist

Sara George

London

sara.george@sidley.com

Max Charles Savoie

London

msavoie@sidley.com

John M. Casanova

London

jcasanova@sidley.com

You might also like
EU Formally Adopts Cyber Law for Connected Products

On 12 March 2024, the European Parliament approved the EU Cyber Resilience Act (“CRA”) with a large majority of 517-12 votes in favor of the legislation (with 78 abstentions). The CRA aims to ensure that “products with digital elements” (“PDE”) i.e., connected products such as smart devices, and remote data processing solutions, are resilient against cyber threats and provide key information in relation to their security properties.

Chambers 2024 Global Practice Guides for Data Protection & Privacy and Cybersecurity
The newest editions of the Chambers Global Practice Guides have been published and, once again, Sidley lawyers have contributed to two guides: Data Protection & Privacy 2024 and Cybersecurity 2024. These publications cover important developments across the globe and offer insightful legal commentary for businesses on issues related to data privacy and cybersecurity, such as regulatory enforcement and litigation, global cooperation to combat cybercrime, international agreement on ‘Software Security by Design,’ a global approach to policy on artificial intelligence, and more. Sidley partner Alan Charles Raul is a contributing editor to both guides in addition to authoring the introductions. The UK chapters of Cybersecurity 2024, covering “UK Law and Practice” and “UK Trends and Development” were authored by Sidley lawyers William Long, Francesca Blythe, Denise Kara, and Eleanor Dodding.
Regulatory Update: National Association of Insurance Commissioners Spring 2024 National Meeting

The National Association of Insurance Commissioners (NAIC) held its Spring 2024 National Meeting (Spring Meeting) March 15 through 18, 2024. This Sidley Update summarizes the highlights from this meeting in addition to interim meetings held in lieu of taking place during the Spring Meeting. Highlights include proposed updates to the regulatory review process for affiliated investment management agreements, continued discussion of considerations related to private equity ownership of insurers, and continued development of accounting principles and investment limitations related to certain types of bonds and structured securities.