The CBI highlights the following as the five key areas where deficiencies have been identified:
- Safeguarding
- Governance, risk management, conduct & culture
- Business model, strategy and financial resilience
- Operational resilience and outsourcing
- Anti-money laundering and countering the financing of terrorism
The CBI specifically called out significant issues in the area of safeguarding, and now firms in this sector who are required to safeguard users’ funds are required to obtain a specific audit by an audit firm, such as the firm’s external auditors, of their compliance with the safeguarding requirements under PSR/EMR. The required audit opinion, along with a board response on the outcome of the audit, is required to be submitted to the CBI by 31 July 2023.
How is Mazars supporting our clients?
Within our payment and e-money clients, we provide a range of services, including outsourced and co-sourced internal audit and regulatory consultancy services to boards and second line of defence functions. Our team of industry experts (in the areas of conduct and prudential risks), former regulators and consultants are well-placed to assist you in the following areas:
Impact assessment and action plan development – we regularly work with our clients to assess the impact of regulatory requirements on their business and develop credible and tangible impact assessment and action plans.
Safeguarding audit – leveraging our extensive assurance experience in safeguarding customer funds, external audit and internal audit services in relation to safeguarding, we are well placed to undertake this external audit for payment and e-money firms.
Subject matter expertise – we have a range of subject matter experts that can assist you with specific technical aspects of matters raised in the 'Dear CEO' letter, including corporate governance and culture, anti-money laundering and countering the financing of terrorism, outsourcing, risk management frameworks(including outsourcing risk, operational risk, compliance risk and technology risk) and risk appetite statements.
'Dear CEO' letter action plan assurance – due to our extensive experience of undertaking third-party assurance reviews under the guise of internal audit reviews and regulatory third-party assurance reviews, we are well placed to provide your firm with robust and factually accurate assurance reviews that assess adherence with the areas articulated in the 'Dear CEO' letter.