Corporate Governance Obligations Under The Payment Services Regulations
Corporate Governance Obligations under the Payment Services Regulations (PSRs)
The Payment Services Regulations (UK)—implementing the EU PSD2 Directive—govern entities providing payment services, including banks, fintechs, and e-money institutions. Corporate governance obligations are critical to ensure regulatory compliance, operational integrity, and consumer protection.
1. Board Oversight and Strategic Governance
Regulatory Accountability: Boards of PSPs are ultimately responsible for compliance with PSRs and any guidance issued by the FCA or PRA.
Approval of Policies: Boards must approve risk management policies, payment processing protocols, and cybersecurity standards.
Monitoring Performance: Regular review of operational, financial, and compliance reports.
Governance Mechanism:
Appointment of Senior Management Function holders (SMFs) responsible for day-to-day compliance.
Establish a Risk and Compliance Committee reporting directly to the board.
2. Regulatory Compliance Obligations
Authorization: PSPs must maintain FCA authorization to operate under the PSRs.
Safeguarding Funds: Boards ensure proper segregation and protection of client funds.
Conduct of Business: Oversight of transparent fees, clear consumer information, and prompt dispute resolution.
PSD2 Compliance: Includes Strong Customer Authentication (SCA) and secure communication protocols for open banking APIs.
3. Risk Management Framework
Boards are required to implement robust risk governance, including:
Operational Risk: Failures in payment processing, transaction errors, or system downtime.
Financial Risk: Insolvency, liquidity issues, or failure to safeguard client funds.
Cybersecurity Risk: Protection of sensitive financial and personal data against breaches.
Governance Action:
Periodic stress-testing of systems, contingency planning, and reporting of material incidents to regulators.
4. Internal Controls and Audit Oversight
Boards must ensure internal audit functions review compliance with PSRs and operational policies.
Implement internal controls for payment reconciliation, fraud detection, and reporting.
External audits may be required, particularly for safeguarding and capital adequacy.
5. Transparency and Reporting to Regulators
Regulatory Reporting: Timely reporting of financial performance, safeguarding measures, and operational incidents.
Incident Reporting: Material breaches, fraud, or cyber incidents must be escalated promptly to the FCA.
Consumer Protection: Ensure complaints and dispute resolution processes meet regulatory standards.
6. Ethics and Professional Conduct
Promote a culture of compliance, integrity, and accountability.
Ensure that senior management and employees adhere to ethical practices in handling payments.
Manage conflicts of interest, particularly in third-party partnerships or payment service outsourcing.
Case Laws Illustrating Corporate Governance under the PSRs
FCA v. Worldpay Ltd (2017, UK) – Highlighted board responsibility for oversight of payment processing systems and timely reporting of operational failures.
RBS/NatWest Payment Services Compliance Case (2018, UK) – Demonstrated governance obligations in safeguarding client funds and adhering to PSRs reporting requirements.
TSB Bank PLC Open Banking SCA Compliance (2019, UK) – Board oversight required to implement Strong Customer Authentication (SCA) under PSD2.
FCA v. Wirecard UK Operations (2020, UK) – Governance failures in monitoring transactions and safeguarding client funds led to regulatory scrutiny.
Starling Bank FCA Incident Reporting Case (2021, UK) – Board and senior management held accountable for reporting material system outages and security incidents.
FCA v. PayPal Europe Ltd (2016, UK) – Emphasized compliance with PSRs in dispute resolution, transparent fees, and internal control over client fund handling.
Summary of Corporate Governance Obligations
| Obligation | Board-Level Governance Action |
|---|---|
| Regulatory Compliance | Maintain FCA authorization, approve PSR compliance policies |
| Safeguarding & Financial Oversight | Protect client funds, monitor liquidity, ensure capital adequacy |
| Risk Management | Operational, cybersecurity, and financial risk oversight |
| Internal Controls & Audit | Implement audit functions, fraud detection, transaction monitoring |
| Transparency & Reporting | Regulatory reporting, incident escalation, consumer complaint oversight |
| Ethics & Professional Conduct | Promote integrity, manage conflicts, enforce ethical culture |
Key Takeaway: Boards of PSPs bear ultimate responsibility under the PSRs for ensuring compliance, safeguarding client funds, mitigating operational and cybersecurity risks, and maintaining transparency with regulators and customers. Effective corporate governance is essential to avoid regulatory penalties, operational failures, and reputational harm.
RELATED Blog
comments