Home Knowledge Central Bank Safeguarding Notice to PI/EMI Firms on audit requirements

Central Bank Safeguarding Notice to PI/EMI Firms on audit requirements

May 30, 2023
Louise McNabola
Partner
Louise McNabola
Partner
Shane Kelleher

On 25 May 2023, the Central Bank of Ireland (Central Bank) issued a Safeguarding Notice (the Safeguarding Notice) to Payment Institutions (PIs) and Electronic Money Institutions (EMIs) on safeguarding audit requirements under the Payment Services Regulations (PSR)/Electronic Money Regulations (EMR).

 

Background

The Central Bank first flagged the safeguarding audit requirements for PIs and EMIs authorised in Ireland in a Dear CEO letter dated 20 January 2023 (the Dear CEO Letter).

Please see our briefing here for further information on the Dear CEO Letter, which highlighted weaknesses and risks within PIs and EMIs and specified that an audit of compliance with the safeguarding requirements under the PSR/EMR (as appropriate) should be carried out by an audit firm.

The Dear CEO Letter also provided that safeguarding audit reports must capture whether the firm maintains adequate organisational arrangements to meet safeguarding requirements under PSR/EMR on an ongoing basis and cover specific areas of review and assurance set out therein.

The Safeguarding Notice

The Safeguarding Notice was published following discussions between the Central Bank and Chartered Accountants Ireland (CAI) on the appropriate engagement and format for safeguarding audits. The CAI will issue guidance to their members on this topic in due course.

The Safeguarding Notice provides more detailed guidance for firms in relation to the description of aspects of their organisational arrangements (the Description) in place on 31 December 2022 to secure their compliance with the relevant safeguarding requirements under the PSR/EMR.

The Description should include details of processes and controls in place around the governance and oversight of compliance with safeguarding rules including:

  • A detailed description of the firm’s safeguarding framework, including oversight arrangements by the Board of Directors, details of reporting lines, and implementation of the three lines of defence.
  • The process implemented by a firm to identify which of its services could potentially give rise to the firm holding “user funds”.
  • Details of the IT systems used to meet safeguarding obligations.
  • The processes and controls:
    • to consistently identify (i) which funds are “user funds” which must be safeguarded and (ii) when such funds cease to be “user funds”;
    • to appoint an appropriate third-party bank for safeguarding, including initial and ongoing due diligence, terms and conditions to ensure that the accounts are appropriately segregated from the assets of the regulated firm and third party bank;
    • to (i) limit access to safeguarding accounts, (ii) prevent co-mingling, and (iii) ensure daily reconciliations are performed and reviewed;
    • to identify potential or actual breaches of safeguarding requirements;
    • for insurance policy/comparable guarantee;
    • to ensure the liquidity of safeguarding arrangements facilitates redemption of e-money at any time and the timely execution of payment transactions;
    • to ensure that user funds are not invested in liquid asses with Central Bank approval to do so.

Assertion by the Board of Directors

A firm’s assertion, approved by its Board of Directors, should state that in all material respects:

  • the Description is fairly presented.
  • the controls and processes included in the Description were operating as described at the reference date.

Auditor Assurance and Attestation

The auditor must perform a reasonable assurance attestation engagement (conducted per ISAE 3000 requirements) concerning the firm’s assertion.

This review engagement by the auditor will include consideration of:

  • the firm’s description of relevant arrangements,
  • analysis of information provided by the firm,
  • meetings with management and
  • consideration of any gaps or deficiencies identified by the firm or the auditor based on their professional experience and judgment.

The auditor must prepare a report describing the work performed and their professional view of the relevant arrangements.  The Safeguarding Notice provides that the auditors should express their conclusion in a positive form as to whether, in their opinion, the description prepared by the firm is fairly presented based on the same criteria used by directors to make the assertion set out above and whether the processes and controls as set out in the description at the reference date are fairly presented.

However, this engagement with an auditor will not provide assurance on whether the arrangements are appropriately designed to comply with the safeguarding requirements of the PSR/EMR.

Gaps in processes and controls identified

The firm should consider and formally document any gaps identified in its processes and controls relating to organisational arrangements in place at the reference date that could impact compliance with the safeguarding requirements of PSR/EMR.

Deadline

Each firm should submit a report to the Central Bank by 31 October 2023 (which is an extension of the original deadline of 31 July 2023 as set out in the Dear CEO letter).

How can William Fry assist you?

William Fry has experience in guiding firms in relation to the regulatory landscape relating to safeguarding of user funds, and our team is available to support you in a review and assessment of compliance of safeguarding arrangements with respect to the PSR/EMR.

Recommended Insights

See all
Article and Insights
4
Apr 2024
Legal News Podcast – April 24
We discuss how the new FDI screening regime is likely to operate, and consider the...
WF_author_blank
Consultant
Julie Murray
Article and Insights
7
Mar 2024
Legal News Podcast – March 24
We discuss some interesting developments in mandatory retirement ages in Ireland a...
WF_author_blank
Knowledge Lawyer
Gail Nohilly
Article and Insights
7
Feb 2024
Legal News Podcast – Feb 24
Listen to our Legal News Podcast where we discuss the approval by the Irish High C...
WF_author_blank
Knowledge Lawyer
Aisling Doran
Article and Insights
3
Jan 2024
Legal News – Jan 24
Welcome to our January 2024 edition of Legal News, where we continue to provide yo...
Article and Insights
7
Dec 2023
Legal News Podcast – Dec 23
Listen to our Legal News Podcast where our knowledge lawyers discuss the recent de...
WF_author_blank
Consultant
Julie Murray
Article and Insights
3
Nov 2023
Legal News Podcast – Nov 23
Listen to our Legal News Podcast where our knowledge lawyers look at the dismissal...
WF_author_blank
Knowledge Lawyer
Jane Balfe
Article and Insights
1
Nov 2023
MICA Update: Joint ESMA and EBA Guidelines on Suitability Assessments
We look at the joint Consultation Paper from ESMA and the EBA on two sets of draft...
WF_author_blank
Partner
Shane Kelleher
Article and Insights
4
Oct 2023
Legal News Podcast – Oct 23
Listen to our Legal News Podcast where our knowledge lawyers discuss some interest...
WF_author_blank
Knowledge Lawyer
Aisling Doran
Article and Insights
19
Sep 2023
SFDR: Overhaul Proposed by the Commission
Commission consultation on a wide-ranging set of SFDR issues and revisions is open...
WF_author_blank
Consultant
Patricia Taylor
Article and Insights
8
Sep 2023
Legal News Podcast – Sep 23
Listen to our Legal News Podcast where our knowledge lawyers discuss some interest...
WF_author_blank
Consultant
Julie Murray
prev
next
See all