Does your payment services firm or electronic money institution require an audit?

Payment services firms (that are not EMIs)

Firms regulated under the PSRs are not automatically required, by UK company law, to have an audit. The usual size criteria applies (on a group-wide basis). This article linked provides a useful guide to the size criteria.

Even if the worldwide group is small and an audit would not normally be required, the owners of a firm may decide to request that the firm has its financial statements audited. This scenario is commonplace where a counterparty would like to see audited financial statements before doing business with a company.

There is no requirement for payment services firms to submit financial statements to the FCA. These will need to be submitted in accordance with the normal Companies House deadline. If these financial statements are audited, the PSRs stipulate that the auditor must communicate certain matters to the FCA.

Electronic money institutions

There is less flexibility with electronic money institutions (which have the added permission of issuing Electronic money). UK firms regulated under the EMRs as an electronic money institution are not entitled to take any exemption from audit, regardless of their size.

As with other payment services firms, there is no requirement for an electronic money institution (that does not undertake any other non-regulated business) to submit its audited financial statements to the FCA. If the firm undertakes other non-regulated activity (and therefore becomes a ‘hybrid business’), the audited financial statements need to be submitted to the FCA when they are submitted to Companies House. As with the PSRs, the EMRs stipulate that the auditor must communicate certain matters to the FCA.

Audits of compliance with safeguarding requirements

For APIs and EMIs that hold customers’ funds, there has historically been no requirement for an audit of compliance with safeguarding requirements. However, in its finalised guidance for payment and e-money firms on safeguarding customers’ funds (issued in July 2020), the FCA has explicitly clarified that it expects these firms to arrange an annual audit of compliance with the safeguarding requirements under the PSRs/EMRs, if its financial statements are audited. These audits are similar in nature to CASS audits, completed in accordance with SUP 3.10. These safeguarding audits must be carried out by an audit firm or other independent external firm or consultant. The FCA expects the auditor to provide an opinion addressed to the firm on:

• whether the firm has maintained organisational arrangements adequate to enable it to meet the FCA’s expectations of its compliance with the safeguarding provisions of the EMRs/PSRs (as set out in chapter 10 of its Approach Document), throughout the audit period, and 
• whether the firm met those expectations as at the audit period end date.

In its guidance, the FCA has not stated when firms’ first annual audit of compliance is expected. Therefore, we consider this to come into immediate effect.

Get in touch

If you are a payment services firm or e-money firm and would like to discuss your audit and accounting needs, please get in touch via the below form and a member of our specialist team will contact you.