How to Prepare for an FCA Safeguarding Audit

If you work for an e-money institution, are licenced by the Financial Conduct Authority (FCA) or looking to launch a new payments product, you may have a few questions when it comes to safeguarding audits: 

• The lack of guidelines from the FCA means you’re not sure if you’re doing the safeguarding reconciliation and reporting right and want an experienced third party to share their opinion and expertise.
• You’re about to launch a new product and have to demonstrate proof of meeting safeguarding obligations without any data yet.
• You’ve been doing manual reconciliation via spreadsheets but it takes up a lot of time, leads to human error and is hard to manage.

The biggest challenge with safeguarding reconciliations and audits is that manual reconciliation drains significant time and resources, while elevating risk of errors. Persistent issues with manual reconciliation are what led our founder, Aaron Holmes, to start Kani as a technology solution to automate and optimise the data management processes that feed into safeguarding.

In this article, we’ll be covering:

• What you need to know about FCA safeguarding audits
• How to prepare for a safeguarding audit
• How Kani helps with safeguarding reconciliations and reports
• Why it makes sense to use a specialised tool rather than build your own
• How this company used Kani to meet the obligations of the Spanish regulator

Note: are you looking for a tool to help with safeguarding? Book a demo to see what the Kani platform looks like in practice. 

What you need to know about FCA safeguarding audits

Safeguarding requirements are set by the FCA to ensure customer funds are protected if a Payment Service Provider (PSP) becomes insolvent.

Guidance on safeguarding was first launched in 2019 specifically for firms covered by the Payment Service Regulations (PSR) and Electronic Money Regulations (EMR). The FCA outlined that in-scope organisations must arrange annual audits of their compliance in line with safeguarding requirements. 

Safeguarding requirements decree that any customer funds your company holds must be safely stored and that you have sufficient ringfenced funds in your company account to cover customer funding and any liabilities.

Here is a brief summary of the FCA’s guidance on safeguarding:  

• The FCA wants proof that your company funds can cover liabilities now, but they also want proof that you could cover them at any specific time and date in the past.
• If there were any issues with reconciliations in the past, they want proof that you were able to resolve them.
• The FCA expects businesses to perform an independent annual safeguarding audit.
• The FCA has not issued a regulatory audit standard for safeguarding. This means that so far, they only require an independent auditor to sign off that the firm’s safeguarding provisions meet the FCA’s expectations of payment compliance.
• Authorised e-money businesses must also safeguard the relevant funds related to different payment services such as money remittance.

Make sure to read through the FCA’s website to get a full understanding of what the requirements are.

How to prepare for a safeguarding audit

Most companies come to us looking for support with safeguarding because they have one main question: How can we make sure we’re taking the right approach?

We work regularly with Electronic Money Institutions and fintech companies that go through safeguarding audits, and here are some tips to ensure you’re ready for an audit:

• Have someone on the team with experience. This is one of the key factors to ensure your reconciliation and reporting meet requirements. Having no one on your team with experience will be seen as a red flag by the FCA and they may ask for more information. If you don’t have someone on your team with experience, your options are to utilise a third-party tool with the right functionality or spend the required time researching and understanding requirements.
• Read through the FCA’s documents in great detail. Since there is no prescriptive FCA guidance, it’s best to educate yourself by reading through all the documents. Specifically, you want to read through the FCA’s approach document, the Payment Services Regulations 2017 and the Electronic Money Regulations 2011.
• Get an experienced third party to review your set-up. This could be an external consultant, accountancy firm, specialised technology provider or auditors who have experience with safeguarding and the FCA. 
• Document everything. Everything you do with regards to safeguarding should be documented, including any changes to files, updates in personnel and change in technology providers. 
• Keep important files in easy-to-access places. You want to make it easy to access the right information within the audit period in case the regulator gets in touch with you. This includes banking arrangements, records of client funds, reconciliation processes and policy documents.
• Use a tool that centralises your data. One of the challenges with manual safeguarding reconciliation is ineffective or inefficient data gathering processes leading to reports with missing key information (e.g. reconciliation anomalies). This often creates gaps in your funds and reconciliation procedures, which can cause issues with the regulator. Having a centralised tool that automatically gathers and standardises your data can resolve this.

How Kani helps with safeguarding reconciliations and reports

Aaron, our CEO, founded Kani because his team was spending too much time and resources on manual reconciliation, and he knew that the right type of tool could help save a lot of time while enabling more accurate and up to date reports. 

Kani Payments is a platform that helps payment businesses manage, reconcile and report on their financial data. Here’s how Kani ensures a robust safeguarding framework and hassle-free audit process:  

View and access all your automatically standardised data from one dashboard, providing easy visibility into fund availability

As an EMI, one of the key challenges with manual reconciliation is managing data from many different types of files in various different formats. Reconciling an XML and CSV file with different currency formats and naming conventions can be very difficult in Excel.

Kani takes all your data from as many sources as required, standardises it and then presents it in a user-friendly dashboard. We are pre-integrated with 20+ payment processors including Thredd, FIS, Marqeta and many more (and if one of your processors is not listed, we can set up that integration relatively quickly). 

You can then view all this from one dashboard, allowing you to quickly see if there are enough funds to cover liabilities, the breakdown of each bank account and how it compares month over month.

 

The dashboard is hierarchical, which means that you get a high-level view of your safeguarding accounts via the main dashboard, but can click through on each individual report to drill down into individual transactions. This gives you full visibility of safeguarding status while still being able to dig deep into the underlying data.

Maintain an audit trail with sign-off capabilities, making it easier to manage version control 

Another big issue with manual reconciliation is lack of version control. If one person makes a change in a spreadsheet, it’s very hard to keep track and maintain an audit trail if something goes wrong. You also don’t have sign-off capabilities in Excel, which is why some regulators require companies to print off reconciliations daily and complete a wet signature to ensure the final version.

With the Kani platform, you can see reconciliation anomalies at a glance. If one comes up, you can go through the audit trail and check the underlying data to ensure bank receipts match what’s on the ledger:

 

As you can see in the screenshot above, £50k was not reconciled and marked as a difference. As a user, you can then click through that number to see what is and isn’t included in that figure. You’ll see the individual transactions that make up the £50k, and can easily identify root cause issues.

 

Kani comes complete with sign-off capabilities. Once a reconciliation or report is complete, a senior leader can provide an electronic signature:

 

If there is a change that happens after a reconciliation or report is signed off, the platform flags it immediately.

The audit trail, alerts and drill-down capabilities make it easier to assess what’s wrong if a transaction is not reconciled, almost as soon as the issue arises. The sign-off capabilities also enable the user to create a final version, which can then be shared with the regulator.

Set up automations to save time, and use a variety of user access enabling greater transparency with the regulator 

Manual reconciliation takes so much time and resources because it’s exactly that: manual. Printing out a report, sending a snapshot via email and digging into the data via Excel takes up a lot of time, leads to many errors and is often an unnecessary headache because of the reliance on people rather than technology. 

With Kani, you can set up various processes and automations to minimise the number of manual tasks and reclaim that time for your team. For example, businesses already use Kani to: 

• Set up workflows with automated alerts for variance within the reconciliation.
• Automatically alert platform users assigned as case managers to investigate a variance.
• Check that all the right data sources have been ingested every day, and send an alert if any are missing.
• Run the reconciliation and schedule weekly reports to senior management via email (or even Slack!)
• Schedule a snapshot of the reconciliation to specific people who may not even be on the Kani platform.

Kani is built to enable user-specific permissions. For example, you can give certain members on your team read-only access, which is especially helpful when auditors need to check your reconciliation and reporting processes.

Access safeguarding and payments expertise, and use ready-made templates to save time and resources

Preparing for a safeguarding audit can be frustrating when it’s unclear what information to include in a report, how to prove compliance to the FCA and how to make it easy to manage for your team. 

Many across the Kani Payments team have genuine operational experience from the payments industry, with several coming from a payment institution. This means that if at any point you aren’t sure about the reconciliation you’ve put together, what a specific anomaly means or what to include in the report, you can reach out to our friendly team! 

The platform also offers predetermined templates and dashboards that you can set up immediately after ingesting data. These work as a great starting point for the reports you want to put together, so you don’t need additional expertise to understand what you should and shouldn’t include. You will always have the option to set them up from scratch if you prefer.

Our payments expertise combined with our predetermined templates means you can set your company up for safeguarding success, ensuring you have the best processes in place and are well-positioned for a stress-free audit.

Why it makes sense to use a specialised tool rather than build your own

Deciding whether to use a specialised third-party tool or build a solution in-house will likely be a key question for your safeguarding arrangements. As a company that has built a tool and also worked with third-party tools in the past, we firmly believe it makes more business sense to implement a dedicated solution with the right functionalities (that’s why we built one!). 

Here are some of the downsides to building your own reconciliation tool: 

• It takes a lot of time to build, often 3 – 6 months or even more.
• Just because you have engineers on your team, doesn’t mean they know how to build a safeguarding reconciliation tool. Ideally, they would need the right expertise on payment systems and auditing compliance. Without expertise it can take even longer to build the right platform. 
• Without the necessary skills, it’s easier for the build to go wrong and for mistakes to happen, leading to missing funds or anomalies in the reconciliation.
• Since the FCA is not prescriptive on the regulatory requirements for safeguarding, engineers without financial service experience might not know what to include in the system.
• More time spent on building a custom system means less time spent working on customer workflows and your main product.
• Many engineering teams underestimate how many resources it takes to maintain a system once it’s built. For example, the FCA can change the rules at any time and it’s important that systems have the flexibility to accommodate them.

Many companies underestimate the intricacies of building an effective platform. For example, when reconciling multi-currency transactions, settlement payments are typically made in the base currency rather than transaction currency. This means your reconciliation tool needs to process multiple currencies while also applying FX rate tables. 

When does it make more sense to build your own tool? While not optimal for all, some enterprise companies choose to build in-house. However, we find that homegrown solutions only work for businesses with the right specialised reconciliation knowledge and IT resources. It also makes more sense when the company wants more control and has the sufficient resources to update their system to meet changing requirements.  

Access our paper where we go into more depth about the debate of buy vs build: Guide: Buy vs Build

How a payment company used Kani to meet the obligations of the Spanish regulator

One of our customers was asked by the Spanish regulator to show proof of safeguarded funds available twice per day. The regulator didn’t share what the specific requirements were or what the proof of funds should look like. They just wanted proof that client assets were reconciled and correct. 

Typically, this would have been done by an employee coming in twice per day within a 12-hour timeframe, likely at 6 am and 6 pm.  

With the Kani platform, this isn’t an issue. They had the option to either run the reconciliation manually, or set up an automation where Kani was to run safeguarding reconciliations twice per day, at 12 am and 12 pm, and automatically send a snapshot to a senior leader. It was easy to set up and didn’t require anyone coming into the office outside of working hours, saving time, money and resources. 

FCA safeguarding audit: Use Kani to help with reporting and reconciliation

The easiest way to manage safeguarding is to move away from manual reconciliation. Using spreadsheets leads to human errors, decreases operational efficiency and limits the control you have of your financial data.

With the Kani platform, you can feel confident about your safeguarding process with our pre-configured transaction reporting templates, payment expertise, time-saving automations and dashboards that give you a holistic view of reconciliation status at all times. 

Want to see the platform live? Book a demo now.