.svg)
The UK’s Financial Conduct Authority’s (FCA) February Dear CEO letter to payments and e-money firms made clear that the regulator wants to see improved compliance with its flagship policy, the Consumer Duty.
In Summer 2024, during a webinar to coincide with the one year anniversary of the Consumer Duty’s implementation, Therese Chambers, director of enforcement and market oversight, gave a warning to the firms that the FCA supervises.
She said that if the FCA sees a problem, it will call it out. “We’ll ask you to fix it, and if you don’t fix it, I might be knocking on your door.”
The regulator’s most recent Dear CEO letter to payments and e-money firms suggested that those knocks at the door may be coming sooner rather than later.
In February, the FCA issued a “Dear CEO” letter outlining its supervision priorities for payments and e-money firms, and a key area for the regulator appears to be adherence with the policy, ensuring that firms embed Consumer Duty principles into their work.
This follows on from previous Dear CEO letters, which prioritised issues such as safeguarding of funds – a compliance area now being overhauled by the FCA through two stages of changes.
“The priorities have been re-ordered from the 2023 Dear CEO letter, which isn’t unexpected given that there is a ‘plan in place’ to ‘fix’ safeguarding with the consultation paper, so keeping customers’ money safe has been made outcome three,” said Alison Donnelly, director at fscom.
“The Consumer Duty outcome is now the first outcome and this is where ‘effective competition’ and ‘innovation’ have been added."
Ready to take action
In its February 2025 letter, the FCA stated “you should have adequately considered the requirements of the Consumer Duty and have fully implemented these in a way that is appropriate to your business.”
The regulator warned that “we will continue to monitor firms’ implementation of the Consumer Duty, support firms through remediation of any deficiencies, and take appropriate action against firms consistently failing to meet standards and/or demonstrate reasonable steps to ensure remediation.”
According to Max Savoie, partner at Sidley Austin, “the fact that the Consumer Duty is at the top of the FCA’s list is telling”.
“I expect there will be a ramping up of supervisory action here, given that the relevant rules have now been in force for some time,” he told Vixio.
Mila Pencheva, senior associate at Taylor Wessing, suggested that key areas for payments firms to focus on “would be prioritisation and substantive implementation, agent oversight and robust governance, and enhancing customer protection through improving compliance with the price and value, customer understanding and customer support outcomes."
Savoie, meanwhile, said the FCA likely believes firms have had enough time to meet these requirements, and said that the regulator’s various communications on its expectations have put the market on notice.
“The fact that the FCA has specifically called out foreign exchange pricing in payment services suggests it already has broad concerns about market practice.
“This is probably more about exchange rates than fees, and I expect the FCA will be focused on how firms determine and disclose such rates,” he said.
Considering this area has been directly called out, any payment service provider (PSP) that is offering services that involve settling or making available a different currency from the funding currency of a transaction to a consumer, micro-enterprise or small charity “should be alive to this”, Savoie said.
Pencheva agreed, warning that “providers whose services involve FX should assess how their pricing is set out, ensure that it is compliant with any specific legislative requirements and then consider if they can go over and above to enhance customer understanding to comply with the Consumer Duty."
What else is covered?
The FCA’s Dear CEO letter also emphasised financial crime prevention, requiring stronger governance, anti-fraud controls and compliance with the Payment Systems Regulator’s (PSR) fraud rules.
It stressed that firms must meet safeguarding obligations, with new rules expected mid-2025.
In addition, the regulator has mandated operational resilience measures, with a March 31, 2025 deadline for firms to identify key business services and set impact tolerances.
The FCA also used the letter to reaffirm plans to revoke elements of strong customer authentication (SCA), committing to engagement with stakeholders on its replacement, as well as on contactless limits.
"The FCA's concerns would not be surprising for firms in the UK. A lot of the topics have featured prominently in ongoing FCA publications and commentary,” said Pencheva, adding that many themes also featured prominently in the 2023 Dear CEO letter to payment firms.
“The new letter is more of re-focusing of minds, given all the developments since then, and potentially pointing towards enforcement if areas of non-compliance remain."
