The FCA “Dear CEO” Letter

Did you receive and action the “Dear CEO” letter from the FCA, dated 9th July 2020? We hope so.

The communication, was targeted at all organisations, and especially new and smaller businesses, was entitled:

‘Portfolio strategy letter for payment services firms and e-money issuers – We expect you to act to prevent harm to your customers.’  

It explained that the FCA expected every UK regulated business to take appropriate action and be ready to explain what they did when the FCA makes contact with individual organisations.

Directors and the boards must be able to demonstrate compliance with FCA requirements and what actions the board has taken to ensure its customers are adequately protected in the areas that they highlighted. Failing to meet FCA requirements or breaching a Principle could lead to FCA disciplinary sanctions.

We should all be concerned about the FCA letter, not least as the FCA highlights its concerns and the main areas in which it sees failings. It is clear from the letter that there are real issues with respect to customers not being sufficiently protected. These concerns have increased with increasing business failures, compounded by Covid-19, but also as the ‘new breed’ of authorised firms ‘let into the fold’ to try and boost innovation and competition have started to fail because their business practices and resilience may be as wanting as their compliance and customer protection.

We urge everyone to refresh themselves with the contents of the FCA letter and to check in particular that the requirements on protecting customer funds (safeguarding arrangements), governance and oversight as well as records management and reporting are all in place. And evidenced.

But as the FCA explains, financial promotions and customer communication, combatting financial crime and even prudential risk management all fall strongly within the remit of the issues that the FCA expects us to be able to answer to; and for which the FCA may start to take action if insufficient progress is made.

We talk to people widely across the payments sector and are astounded by the inability of newly licenced businesses to understand and adhere to regulatory requirements. They do apply to everyone and we do need to know what we are doing. If we have any sort of licence, then we cannot defend ourselves to the FCA with claims of being unaware of the requirements.

And the bigger we get, especially when we have a market presence, and even more so whilst if we are in a ‘cash-burn’ / funded stage of development, the more likely it is that we need to operate to the FCA requirements. Increasingly safeguarding, governance and financial crime strategies have become more critical. The FCA are actively monitoring non-compliance cases, whether reported anonymously to them or through formal/informal reporting from other oversight bodies; which are all becoming more common: especially with people within organisations that fear prosecution personally when companies do not follow ‘the rules’.

And it is clear that the FCA is now on the hunt, as we have discovered are other regulators that we have talked to. We know well, that there are other National Competent Authorities around the EU also now starting to take strong action, especially those that have been criticised for their previous laxness in recent years and in their own oversight responsibilities.

We have come to a juncture now where major financial institutions, which incorrectly believe that ‘the requirements do not apply to them’ or which flout the regulatory requirements, e.g. Wirecard, can now quickly end up failing, and lead to the company officials being either arrested or ‘on the run’. BaFin in Germany have been bitten and other EU regulators do not want that to happen to them.

When we perform ‘health checks’ upon financial services firms, we see more and more severe regulatory issues; which lead to significant actions being taken before they act to get ‘on-track’, or worse still, find their actions to be too little and too late and start them going down the route of regulator penalties, sanctions, operating restrictions or license removal. Or worse in the case of criminal negligence or intent.

You have been helped a lot with the ‘tip-off’ from the FCA. The FCA will ‘not take prisoners’. Or maybe they will!

About Kevin Smith

With over 25 years in the payments business, Kevin is a trusted and experienced practitioner and thought leader in payments, technology, issuance, acceptance and acquiring.

About Bill Trueman

Bill Trueman is a professional banker and a payments and risk specialist, with over 25 years of experience. He headed-up risk functions and special investigations in Lloyds Bank issuing and acquiring; acquiring and processing at First Data, and then for insurance risks at RBS / Direct Line.

About Riskskill

Riskskill is a leading Europe-based payments and risk management consultancy. is a global GARS Reviewer for Visa. For more information visit website at

For further information, please contact: Bill Trueman or Kevin Smith at

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s