Agent and Distributor Due Diligence for Payment Firms: FCA Requirements

The Principal-Agent Model

Payment institutions (PIs) and electronic money institutions (EMIs) frequently use agents and distributors to extend their distribution network and deliver payment services to customers. Under the Payment Services Regulations 2017 (PSRs) and Electronic Money Regulations 2011 (EMRs), a principal firm may appoint agents to provide payment services on its behalf, and EMIs may appoint distributors to distribute and redeem electronic money.

However, the regulatory model is clear: the principal firm bears full responsibility for the regulatory compliance of its agents and distributors. The FCA treats agent and distributor activities as activities of the principal firm. This means that failures by agents — whether in AML compliance, customer treatment, data protection or financial promotions — are attributable to the principal firm and may result in enforcement action against it.

FCA Requirements for Agent Appointment

Before appointing an agent, the PSRs require the principal firm to:

• Conduct sufficient due diligence to ensure the agent is fit and proper to act on its behalf
• Ensure the agent has adequate AML/CTF controls
• Register the agent with the FCA before the agent commences any regulated activities
• Maintain an up-to-date register of all agents
• Take adequate measures to ensure agents comply with the firm's policies and procedures

Pre-Appointment Due Diligence

Comprehensive pre-appointment DD should cover the following areas:

Corporate and ownership checks. Verify the agent's legal identity, corporate status, ownership structure and beneficial ownership. Obtain certified copies of incorporation documents, shareholder registers and identification for key individuals.

Financial stability. Assess the agent's financial position through review of recent financial statements, bank references and credit checks. An agent in financial difficulty presents heightened risk of fraud, misappropriation of funds or sudden cessation of services.

Competence and experience. Evaluate the agent's experience in providing the specific payment services it will offer on behalf of the principal. Assess the competence of key staff, including their understanding of regulatory requirements.

AML/CTF capability. Assess the agent's AML/CTF arrangements, including whether it has:

• Adequate customer identification and verification procedures
• Transaction monitoring capability appropriate to its activity
• SAR reporting awareness and escalation procedures
• AML training arrangements for relevant staff
• A nominated individual responsible for AML compliance

Regulatory history. Check whether the agent or its principals have any adverse regulatory history, including enforcement actions, refusals of authorisation, criminal convictions or involvement in financial crime.

Systems and controls. Evaluate the agent's operational systems, including IT infrastructure, data security, business continuity arrangements and complaint handling capability.

References. Obtain professional and commercial references, particularly from other regulated firms the agent has worked with.

Risk Assessment

Following the DD exercise, the principal firm should conduct a formal risk assessment of the proposed agent, considering factors such as:

• The type and volume of payment services the agent will provide
• The jurisdictions in which the agent will operate
• The customer segments the agent will serve (retail, SME, corporate)
• The agent's AML/CTF risk profile
• The agent's experience and track record
• Any issues identified during DD

The risk assessment should result in a risk rating (high, medium, low) that determines the level of ongoing monitoring the agent will receive. Higher-risk agents require more intensive oversight.

FCA Registration

Agents must be registered with the FCA before commencing any regulated payment service activities. The principal firm submits the agent registration application through the FCA's Connect system. The application includes:

• Details of the agent (name, address, legal form)
• The payment services the agent will provide
• Details of key individuals at the agent
• Confirmation that DD has been conducted
• Confirmation that the agent has adequate AML arrangements

The FCA may request additional information or object to the registration. Until registration is confirmed, the agent must not provide regulated payment services on behalf of the principal.

Contractual Framework

The relationship between the principal and agent should be governed by a comprehensive written agreement covering:

• The specific services the agent is authorised to provide
• Compliance obligations, including adherence to the principal's policies and procedures
• AML/CTF requirements and the agent's obligations regarding CDD and SAR escalation
• Training requirements and the agent's obligation to ensure staff competence
• Data protection obligations
• Complaint handling procedures
• Reporting requirements to the principal
• Audit rights — the principal's right to inspect the agent's records and operations
• Termination provisions, including immediate termination for compliance breaches
• Indemnification and liability arrangements

Ongoing Monitoring

Pre-appointment DD is necessary but not sufficient. The PSRs require principal firms to maintain ongoing oversight of their agents. An effective monitoring programme should include:

Transaction monitoring. Monitor agent transaction volumes, values and patterns for anomalies that may indicate fraud, money laundering or operational problems. Set thresholds and alerts for unusual activity.

Complaint monitoring. Track complaints related to agent activities. A pattern of complaints about a specific agent may indicate training, competence or conduct issues.

Periodic reviews. Conduct periodic compliance reviews of agents — at least annually for standard-risk agents and more frequently for high-risk agents. Reviews should cover CDD file quality, transaction monitoring effectiveness, staff training records and adherence to the principal's policies.

Mystery shopping. For customer-facing agents, consider periodic mystery shopping exercises to assess the quality of customer interactions, the accuracy of information provided and adherence to sales practices.

Financial monitoring. Monitor the agent's financial health through periodic financial reviews. A deterioration in the agent's financial position may indicate increased risk.

AML reporting. Review the agent's SAR referral activity. An agent that never escalates suspicious activity despite processing significant volumes may indicate inadequate AML awareness.

Agent Failures and Consequences

When agent failures occur, the principal firm must:

• Investigate the failure promptly and thoroughly
• Determine the root cause and the extent of customer impact
• Report material failures to the FCA
• Implement remediation measures, which may include additional training, enhanced monitoring, suspension of activities or termination of the agent relationship
• Consider whether affected customers need to be contacted or compensated

The FCA has taken enforcement action against principal firms for failures by their agents, including inadequate agent DD, insufficient monitoring and failure to act on known agent compliance weaknesses. In several cases, fines imposed on the principal firm have been substantial.

Regulatory Outlook

The FCA has signalled increasing scrutiny of agent and distributor networks, particularly in the money remittance and e-money distribution sectors. Firms with large or geographically dispersed agent networks should expect enhanced supervisory attention. Investing in robust DD, contractual frameworks and ongoing monitoring is essential both for regulatory compliance and for protecting the firm's reputation and customers.