Our compliance monitoring team has published its monitoring framework, which includes our insights into compliance, how firms can expect us to act (or react) when faced with possible non- or poor compliance, and how we expect firms to act. Senior manager Mark Thynne gives an overview of the framework and how we’ll use it.
The PSR’s new compliance monitoring framework explains how we’ll monitor compliance and identify non-compliance.
It’s essential that firms comply with our regulations if they’re going be effective in achieving their aims.
If compliance levels are high, it will give our regulations their best chance of making the improvements we want to see for payment systems and their users.
Our regulation supports innovation and growth by supporting competition and trust in our payments systems; we also recognise that dealing with compliance concerns by the regulator can be burdensome, and that is why we emphasise in the monitoring framework that our approach will be both data led and proportionate.
Why we need a framework
The last few years have been busy for the PSR, with several important new regulations coming into force, including the card acquiring market review remedies, the expansion of confirmation of payee and the APP reimbursement requirements.
These have increased the need for us to know whether firms are following these regulations and managing non-compliance if we find it.
Without a baseline of good compliance, it will always be difficult to understand whether regulations are meeting their stated aim, and if not, why.
The compliance part of ‘compliance monitoring’ means both keeping an eye on how firms are complying with our regulations and working with them to improve.
These are both ongoing processes, particularly where we have concerns about a firm’s compliance.
We will want to understand its progress to becoming compliant or getting back into compliance and will continue to monitor until we are satisfied that a firm is doing what it should be.
We’ll hold off from using our enforcement powers except for the most serious cases of non-compliance, or where firms continue to get it wrong, despite the opportunity to improve their compliance.
How we'll work with you
We aim for transparent and reciprocal communication with firms.
We place great store in firms being open and honest with us and believe that such a relationship means we can trust a firm when it tells us if it is facing compliance challenges, but that it has a plan to sort things out.
In return, we will be open and transparent with firms. We’re clear on our expectations, using the knowledge we gain from our work to share best practice, and being accessible.
Of course, there are sensible limits to this. We are quite rightly cautious with confidential firm information, and there may be occasions where we think sharing internal policy or thresholds may prejudice our work.
We also cannot take the place of your own compliance department or legal advisor.
However, we will be willing to discuss and engage with you on compliance issues and take a pragmatic and proportionate approach.
Putting things right
We believe that firms are usually better placed to understand the steps they need to take to become compliant.
In most cases, your resources are better spent on getting things right, rather than engaging in lengthy correspondence with the regulator or fighting expensive proceedings.
We also value firms working hard to mitigate non-compliance.
A realistic plan that aligns resources to get compliant as quickly as possible, and taking steps to limit the impact of non-compliance all give us comfort that a negative impact of poor compliance are being minimised.
That said, when we make new regulations, we’ll have carefully considered the best way for firms to comply. When we’re prescriptive about an approach, there will be good reasons for that.
Although we’ll always welcome genuine efforts to mitigate the impact of non-compliance, firms’ response should always be to follow the regulations as they are written.
We’ll sometimes need to support our regulatory messages by sending a clear message about our expectations. There can be real and serious consequences of not getting things right.
Enforcement investigations allow us an opportunity to really delve into how a compliance failure occurred and what the consequences were.
What went wrong here? What should other firms do to avoid a similar sanction?
We will be led by evidence and data. We’ll rely on data we receive from firms (as part of regulatory reporting) or from payment system operators.
We may also consider data from other regulators when deciding where to focus our efforts.
This could include complaints data from the Financial Ombudsman Service or information from the FCA which could indicate that a firm has poor systems and controls.
Next steps
We hope that nothing in this document is a surprise. Many of the concepts are guided by how the PSR already interacts with firms.
Much of our thinking about how we prioritise compliance issues aligns with published exemptions and extensions guidance (July 2024).
The monitoring framework is a culmination of a lot of thought and discussion, the experience we have gained in the last 18 months, and honest and meaningful input from our industry stakeholders.
Thank you to everyone who has helped.
Next, we’re planning changes to our Process and Procedures Guide, which hasn’t had a significant overhaul since 2020.
This is partly to update our enforcement processes, and to offer more details on the process of our new compliance monitoring function.
We will also be publishing a similar document to the Monitoring Framework regarding our Enforcement work. Please look out for opportunities to contribute to both later in 2025.
We welcome any further comments on our monitoring framework. You can contact us (or for any other compliance matter on): compliancemonitoring@psr.org.uk