Central Bank demands special audits for ‘fintech’ payments firms

One in five companies in the sector found to be filing inaccurate regulatory returns in the last 12 months

The Central Bank of Ireland

Jon Ihle

January 31 2023 02:30 AM

Dozens of fintechs are being forced to submit special audits to the Central Bank after a review of the sector found "significant deficiencies” in how some firms safeguard customer money.

Firms including e-commerce giants Stripe, Facebook and Google and point-of-sale service providers such as AIB Merchant Services, Square and Sum Up received letters from the Central Bank instructing them to undertake the audits.

PFS, the company behind Perx rewards cards, and Kerry fintech Fexco also received letters, along with money transfer giant Western Union and crypto platform Coinbase.

The Central Bank did not disclose which firms were found to be deficient.

The audits are part of a crackdown on payments and electronic money companies following a year of “intense supervision” of the sector looking at risk management, anti-money laundering compliance and customer protection.

The Central Bank found evidence some firms are failing to segregate customer funds, mixing company money with customer money, and not properly reconciling daily account balances. In some cases, the lax safeguards led to shortfalls in client accounts.

Regulators have warned chief executives that if they don’t fix the problems, they could face enforcement action, which can include steep fines, or be forced into costly risk mitigation programmes under the supervision of the Central Bank.

“We continue to see examples of firms’ strategic ambitions outpacing their frameworks and capacity,” wrote Mary-Elizabeth McMunn, the Central Bank’s director of credit institutions supervision, in a letter to the heads of all the companies in the sector this month.

“Firms are not fully considering the entire suite of financial and non-financial risks they face, including new and emerging risk, particularly in the context of a rapidly changing environment.”

The ‘Dear CEO’ letter outlines a litany of failures and numerous compliance and governance weaknesses that were uncovered in a recent assessment of the sector.

One in five firms were found to be filing inaccurate regulatory returns in the last 12 months and a quarter reported that their own customer protection frameworks were inadequate.

As a result, the Central Bank is now requiring all firms in the sector to obtain specific audits in the next six months proving they are appropriately safeguarding customer money.

The companies caught in the net range from point-of-sale service providers such as AIB Merchant Services and Sum Up to e-commerce enablers like Google Payments and Square. PFS, the company behind Perx rewards cards, and Kerry fintech Fexco also received letters, along with money transfer giant Western Union and crypto platform Coinbase.

The audits, which are likely to be expensive and intrusive, must be carried out by a recognised auditing firm with the specialist skills to deal with the scale and complexity of each firm’s business model.

Stripe, whose CEO Patrick Collison is said to be mulling a stock market flotation of the company, made a submission to the Department of Finance’s Retail Banking Review last year calling for a level playing field for financial regulation across the EU.

The submission, which suggested that the Central Bank needed to catch up with more progressive jurisdictions, warned Irish firms might engage in “regulatory arbitrage” byforum shopping for the most amenable regulators.