Dozens of fintechs are being forced to submit special audits to the central bank after a review of the sector found “significant deficiencies” in how some firms protect customers’ money.
irms including e-commerce giants Stripe, Facebook and Google and point-of-sale providers such as AIB Merchant Services, Square and Sum Up received letters from the central bank instructing them to carry out the audits.
PFS, the company behind Perx rewards cards, and Kerry fintech Fexco also received letters, along with money transfer giant Western Union and crypto platform Coinbase.
The central bank did not disclose which firms were found to be deficient.
The inspections are part of a crackdown on payments and electronic money companies after a year of “intense oversight” of the sector looking at risk management, anti-money laundering compliance and customer protection.
The central bank found evidence that some firms fail to segregate customer funds, mix company money with customer money and fail to reconcile daily account balances properly. In some cases, the lax security measures led to a lack of customer accounts.
Regulators have warned CEOs that if they don’t fix the problems, they could face enforcement, which could include hefty fines, or be forced into costly risk-reduction programs overseen by the central bank.
“We continue to see examples of companies’ strategic ambitions exceeding their scope and capacity,” Mary-Elizabeth McMunn, the central bank’s director of credit institution supervision, wrote in a letter to the heads of all companies in the sector this month.
“Companies are not fully assessing the full range of financial and non-financial risks they face, including new and emerging risks, particularly in the context of a rapidly changing environment.”
The “Dear CEO” letter outlines a number of failings and many weaknesses in compliance and governance that were uncovered in a recent assessment of the sector.
One in five firms have provided inaccurate regulatory reports in the past 12 months, and a quarter reported that their own customer protection frameworks were inadequate.
As a result, the central bank is now requiring all firms in the sector to obtain specific audits over the next six months that prove they are properly safeguarding customers’ money.
The companies caught up in the web range from point-of-sale providers such as AIB Merchant Services and Sum Up to e-commerce enablers such as Google Payments and Square. PFS, the company behind Perx rewards cards, and Kerry fintech Fexco also received letters, along with money transfer giant Western Union and crypto platform Coinbase.
The audits, which are likely to be costly and intrusive, must be carried out by a reputable audit firm with specialist expertise to handle the scale and complexity of each firm’s business model.
Stripe, whose chief executive Patrick Collison is said to be considering an IPO, made a submission to the Ministry of Finance’s Retail Banking Review last year calling for a level playing field for financial regulation across the EU.
The submission, which suggested the central bank needed to catch up with more progressive jurisdictions, warned Irish firms could be engaging in “regulatory arbitrage” by forum shopping the most receptive regulators.
