Report: How Safe is your (E-)Money?

First and foremost, if you have deposited money into a bank, building society or a credit union in the UK, you benefit from the Financial Services Compensation Scheme, up to a maximum of £85,000 per person, per licensed institution. If a covered institution fails, the FSCS will compensate you automatically up to this limit, and aims to do so within 7 days.

However, if you have funds held with an alternative (non-bank) service provider, such as an electronic money (e-money) or payment institution, the FSCS does not apply. (When you transfer funds to one of those institutions, you are doing so on the premise of making a payment, so the funds are not considered to be a qualifying, protected ‘deposit’.) These alternative providers cannot pay interest or use your funds in the course of their own business activities, and must only hold your funds for the purpose of processing your payment transactions.

If one of these alternative providers fails, an insolvency practitioner will be appointed. You are then reliant on whether the firm has effective ‘safeguarding’, investments or insurance to enable your money to be returned to you. That process is unlikely to be quick, and you may not get your money back in full, if either the safeguarding, investments or insurance were inadequate, or the cost of managing the insolvency eats into the funds available (because the firm did not prepare suitably for winding down in an orderly way, as was the case with failed firm Ipagoo).

As of 30 March 2023, according to the Financial Conduct Authority (the industry regulator), there are 254 UK regulated e-money institutions (EMIs) and a further 944 UK regulated payment institutions.

At the end of 2022, the FCA disclosed that there were 75.7 million e-money accounts held by these EMIs, slightly more than the estimated 75.6 million current accounts in the UK [Mintel]. The number of e-money accounts in the UK has more than doubled in two years.

At the end of 2022, the value of customer funds held in e-money accounts stood at £16.3 billion, a figure that has more than trebled in just two years [FCA]. This compares to £241 billion held in non-interest bearing bank deposits [Bank of England].

There were over 2.7 billion e-money transactions in 2022, amounting to almost £630 billion [FCA]. The value transferred has grown more than 2.5 times compared to the £230 billion moved in 2020. This equates to 70% of the volume, and 20% of the value, processed by the FasterPayments system in 2022 [Pay.uk].

The number of these transactions that were reported as fraudulent has decreased over the last two years according to the FCA. Fraudulent transactions fell from 1.4 to 0.6 million transactions, and in value from £270 to £110 million, from 2020 to 2022.  This represents a fall in fraud as a proportion of total transaction value from 0.11% to 0.06%.

The introduction of both the Electronic Money and Payment Services regulations has promoted significant innovation and additional competition in the UK financial services market. UK consumers can now choose from a wide variety of brands when it comes to managing their finances and facilitating payments through digital channels. There are over 1,600 financial technology (or “fintech”) firms in the UK, and the level of investment in the sector was second only to the USA in 2022 [FT Adviser].

By using the e-money regulatory regime for example, a new entrant can establish a brand and customer base by issuing a pre-paid payment card, an accompanying digital app, sort code and account number – despite not being a bank. You can then transfer funds to your account with funds immediately available to spend on the payment card – similar to the current account and debit card functionality offered by a bank. The fast-growing banks Monzo and Kroo took this step-wise approach for example [TechCrunch], before receiving banking licences.

Another popular use of the e-money and payment institution regimes is to facilitate foreign exchange and cross-border payments, such as Wise and Revolut. As these businesses grow, they often evolve to provide services that are similar to banks, by adding payment cards and investments, for example. In some cases, they then seek a banking licence to be able to accept deposits, provide consumer loans and mortgages. Revolut is an obvious example, although its application is yet to be granted [Guardian].

Further uses of e-money include digital wallet providers, travel money and gift card providers. Without a careful study of the fine print associated with a brand’s terms and conditions, consumers may not even realise that they hold e-money with these firms.

The FCA has raised industry specific concerns via a portfolio-wide “Dear CEO” letter on four separate occasions in the last four years, following the publication of its approach to supervising e-money in 2017 [FCA] which has been revised several times since.

In July 2019, following a review of safeguarding arrangements at a small sample of firms, the FCA identified “significant shortcomings” in firms’ safeguarding arrangements and wrote to company CEOs, requiring firms to make a formal attestation that they had “carried out a review of its safeguarding procedures taking into account the guidance”.

Then a year later [July 2020], amidst the COVID-19 pandemic, the FCA again called on payment and e-money company CEOs to “act to prevent harm to your customers”, expressing that it was “concerned that consumers may not understand the lack of protections they have.” The FCA reminded firms of their obligations under the regulations, and drew firms’ attention to “six key areas where non-compliance with these obligations harms consumers.” Top of the list was safeguarding, where the FCA stated that it was “still finding material issues” and following a short consultation process, decided to issue additional safeguarding guidance.

Less than a year later [May 2021] the FCA again wrote to e-money company CEOs, asking them to act to “ensure your customers understand how their money is protected.” In particular, the FCA stated that they were “still concerned that many e-money firms are not adequately disclosing the differences in protections between their services and traditional banking”. The FCA asked firms to “write to your customers within six weeks of the date of this letter to remind them of how their money is protected through safeguarding and that FSCS protection does not apply.”

Recently [March 2023] the FCA again wrote to CEOs setting out their priorities for payment firms, asking firms to take action focused on three outcomes: “(i) ensure that your customers’ money is safe; (ii) ensure that your firm does not compromise financial system integrity; and (iii) meet your customers’ needs, including through high quality products and services, competition and innovation, and robust implementation of the FCA Consumer Duty.” Safeguarding, Prudential Risk management, Wind-down planning, Money Laundering and Fraud were all highlighted as specific priorities, with the FCA setting out its expectations on firms with specific “actions to take”.

Following bank failures in the USA, customers in the UK are clearly turning their attention to the safety and accessibility of their funds. For example, Revolut and Wise have recently updated their information regarding how they safeguard their funds [Revolut, Wise]. Wise stands out for its transparency, disclosing the names of the institutions where funds are held. Revolut makes it clear that you may not get all your money back due to insolvency costs.

Both Revolut and Wise also make the point that they don’t lend out customer funds, unlike banks, and customers do not earn interest on e-money balances. As interest rates rise, this becomes more of an issue for customers, so alternative providers are evolving to add regulatory authorisations and permissions to be able to provide ways for customers to invest their money, outside of the e-money regime, in order to earn a return. In some cases, these invested funds then become protected by the FSCS. Firms must be clear with customers which services are involved and their regulatory status in offering each service, but the situation is becoming increasingly complicated with multiple legal entities and permissions operated under a single, consumer-facing brand.

Given the additional focus placed on e-money and payment institutions by the FCA, and the deteriorating financial climate which may restrict new (often unprofitable) firms from raising further investment, an uptick in business failures is inevitable.

Monneo, a firm now in administration that was regulated as a payment institution in the UK by the FCA, serves as a recent example. The supervisory notice, issued by the FCA placing restrictions on the firm prior to entering administration, identifies that the firm was providing services outside of the permission granted – including clear evidence that “customers are using the accounts to store value over time, in the manner of an e-money account or deposit account.”

Another firm to watch is Railsr, which provides e-money and payments capabilities as a service to other businesses. It previously relied on PayrNet UAB in Lithuania for EU market access, but this business had its license revoked recently by the central bank for a variety of transgressions. Railsr relies on a separate unit, PayrNet Ltd regulated by the FCA, for its UK operations.

There are also reports of “zombie” firms that appear neither dead nor alive, with customers stuck in limbo. In this situation, an e-money institution has refused or been very slow to return customer funds immediately when requested, yet it is not in administration and neither the firm nor the FCA has offered any substantive reason for the delay. In some cases, the suggestion is that the firm has had to make improvements to its anti-money laundering controls, before releasing funds.

The provision of ‘bank-like’ services by non-banks is growing fast and becoming a significant part of the financial services landscape. Enhanced regulatory scrutiny and an economic downturn are unlikely to reverse this trend – therefore the potential for customer harm will remain. Three areas for improvement include:

1. GREATER SECTOR TRANSPARENCY
   The FCA is clearly stepping up its activity, and the firms themselves have a role to play. However, a lack of transparency is a concern. There is limited information in the public domain despite the sector’s size and (Most of the statistics for this report had to be obtained via specific Freedom of Information Act requests to the FCA, for example). The current FCA approach places too much reliance on sampling and self-certification: the FCA asking firms for things to be done to safeguard customers, and firms saying that they have done them without supplying the underlying proof or a universal FCA check that unequivocally demonstrates the same.
2. ENHANCE REGULATORY FOCUS
   The remit, skills and resources at the FCA’s disposal need to be reviewed, improved and clarified with respect to e-money and payment institutions as the sector continues to grow. Banks are supervised by both the Prudential Regulatory Authority (a division of the Bank of England primarily concerned with whether banks are safe institutions and financial markets remain stable), and the Financial Conduct Authority (primarily concerned with day to day conduct and whether customers are treated fairly). For e-money and payment institutions, the FCA is effectively having to perform both the FCA and PRA roles. In addition, few non-bank service providers have a dedicated FCA supervisor, with the FCA prioritising cases of consumer harm (i.e. sorting out failures, rather than preventing them in the first place).
3. IMPROVE CONSUMER PROTECTION
   A further question needs to be asked regarding the future of safeguarding as a protection mechanism instead of FSCS cover, as the lines between banking and ‘bank-like’ services become more blurred from a customer perspective. Now that a wider range of firms can issue payment cards, process direct debits and credit transfers, offer customer-specific sort-codes and account numbers, and hold funds, the onus of understanding which regime their money is held under, and the resulting degree of protection, is becoming too much to ask of consumers. It shouldn’t take a skilled legal practitioner or financial investigator to decipher a firm’s regulatory status and the resulting protection available, let alone whether safeguarding arrangements have somehow been undermined behind the scenes. Financial services have something to learn from the UK travel industry, where “ATOL protected” is a hallmark of confidence that is simple to understand and verify.

If safeguarding continues to be the only form of protection for customers of e-money and payment institutions, then the FCA should obtain clear proof that adequate segregation and reconciliation of customer funds is being performed in every case, the firm can facilitate the immediate return of funds on request during normal business operations, verify that clear and credible orderly wind-down plans (so called “living wills”) are actually maintained to expedite the return of all customer funds if the business fails, and ensure that adequate capital is available to pay for insolvency costs.

The line between bank and non-bank provision of financial services is becoming increasingly blurred due to the significant growth in the number and use of electronic money and payment institutions. While differences in the level of protection exist, consumers need to be adequately warned, with a clearer hallmark of safety that discriminates between banks and non-banks, including transparency into how funds are safeguarded in the case of the latter. Alternatively, e-money and payment institutions should be incorporated within the scope of the FSCS.

The industry needs to work on improving transparency and maintaining trust against a backdrop of an expected increase in enforcement action and business failure. It will have to pay the cost one way or the other. Regardless, the FCA should raise its game to more proactively scrutinise firms to prevent consumer harm.

For those interested, you can request a digital copy through the following link: contact@tfpnet.com