Dormant Account Management for Payment Institutions: A Regulatory Deep Dive

Dormant account management is an essential aspect of operational compliance for payment institutions operating within the UK. The Financial Conduct Authority (FCA) expects firms to have clear, robust policies and procedures in place to identify, manage, and ultimately reunite customers with funds held in accounts that have become dormant. This comprehensive article delves into the regulatory landscape, best practices, and practical considerations for UK payment institutions.

Why is Dormant Account Management so Important for Payment Institutions?

Dormant account management is crucial for payment institutions to uphold consumer protection, prevent financial crime, and ensure operational integrity. The FCA consistently emphasises the importance of treating customers fairly, as outlined in Principle 6 of the FCA Principles for Businesses. When an account becomes dormant, the firm retains a responsibility to safeguard the customer’s funds and, where possible, facilitate their return. Negligent handling of dormant accounts can lead to significant customer detriment, attracting regulatory scrutiny, potential fines, and damage to a firm’s reputation. Furthermore, dormant accounts can present risks related to financial crime, particularly if they are exploited by bad actors for money laundering or terrorist financing. Firms must ensure their dormant account processes integrate seamlessly with their broader Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) frameworks, as stipulated by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs 2017). A well-defined dormant account policy demonstrates a firm’s commitment to excellent customer outcomes and robust risk management.

What Constitutes a 'Dormant Account' for a Payment Institution?

A ‘dormant account’ for a payment institution typically refers to an account where there has been no customer-initiated activity for a specified period, as defined by the firm’s internal policy. While there is no universally prescribed dormancy period for payment institutions set out in UK legislation, the Payment Services Regulations 2017 (PSRs 2017), particularly in relation to requirements for safeguarding and information, implicitly drive the need for careful management. Common dormancy periods observed across the financial services sector range from 12 months to 5 years, depending on the account type, product, and inherent risk. Firms must establish a clear definition within their policies, considering factors such as:

• Transaction Activity: Lack of debits, credits, or other financial transactions initiated by the customer.
• Login Activity: Absence of customer logins to online portals or mobile applications.
• Correspondence: Unresponsiveness to firm-initiated communications.

It is vital that the threshold for dormancy is clearly communicated to customers in the firm’s terms and conditions or service agreements. For instance, an e-money institution might define dormancy as 24 consecutive months without any ‘use of the payment instrument’, as per Regulation 22 (Requirement for a customer to use an e-money payment instrument) of the Electronic Money Regulations 2011 (EMRs 2011) for e-money accounts. However, even for payment accounts, a firm will need to establish its own reasonable period, often taking cues from common industry practice and FCA expectations concerning consumer protection.

What are the Regulatory Requirements for Managing Dormant Accounts?

UK payment institutions must adhere to a range of regulatory requirements when managing dormant accounts, primarily stemming from the PSRs 2017, EMRs 2011, and the MLRs 2017. While direct prescriptive rules specifically on 'dormant accounts' are limited, the overarching principles and obligations mandate a proactive approach:

• Safeguarding Requirements (PSRs 2017, EMRs 2011): Firms are obligated to safeguard relevant funds received from payment service users or e-money holders, typically by holding them in a segregated account at an authorised credit institution. This safeguarding obligation continues even if an account becomes dormant. Funds must remain ring-fenced and accessible.
• Information Requirements (PSRs 2017): Regulation 40 (Information for payment service users before being bound by a framework contract) and Regulation 43 (Information for payment service users during a framework contract) necessitate clear communication about terms and conditions, including any clauses relating to dormancy, fees, and account closure.
• Anti-Money Laundering and Counter-Terrorist Financing (MLRs 2017): Firms must maintain up-to-date customer due diligence (CDD) information. Dormant accounts can pose elevated AML/CTF risks, requiring enhanced monitoring or review, particularly if there are sudden, unexpected transactions after a long period of inactivity. Where customer contact details are out of date, this complicates ongoing CDD.
• FCA Principle 6 (Customers' interests): Firms must pay due regard to the interests of their customers and treat them fairly. This principle underpins the need for reasonable steps to contact customers before imposing charges or closing accounts due to dormancy.
• Data Protection (UK GDPR): Personal data held for dormant accounts must still be managed in accordance with UK GDPR. Firms must consider the lawful basis for processing, data retention periods, and the security of stored data.
• Unclaimed Assets Register: While the Dormant Bank and Building Society Accounts Act 2008 primarily applies to banks and building societies, the spirit of reuniting customers with their funds is a broader regulatory expectation. Payment institutions, while not directly subject to this Act, may consider the ethical implications of holding onto dormant funds indefinitely.

Failure to comply with these principles and regulations can lead to enforcement action, including fines, public censures, and restrictions on operations.

What are the Best Practices for Effective Dormant Account Management?

Effective dormant account management involves a structured approach that prioritises customer communication and regulatory adherence. Key best practices include:

• Clear Policy Development: Establish a comprehensive internal policy covering all aspects of dormant account management, including:
• Proactive Customer Communication: Regularly engage with customers whose accounts are approaching dormancy or have become dormant.
• Robust Customer Due Diligence (CDD) and Verification: When a customer seeks to reactivate a dormant account or withdraw funds, robust CDD processes are essential. This may involve:
• Fair and Transparent Fee Structures: If a firm charges maintenance fees for dormant accounts, these must be:
• Secure Funds Handling and Repatriation:
• Comprehensive Record-Keeping: Maintain detailed records of all dormant accounts, including:
• Regular Review and Training: Periodically review dormant account policies and procedures to ensure they remain effective and compliant with evolving regulatory expectations. Provide staff with regular training on these policies to ensure consistent application.

How Can Technology Assist in Managing Dormant Accounts?

Technology plays a pivotal role in streamlining and enhancing dormant account management, improving efficiency, and ensuring compliance. Payment institutions should leverage technological solutions to automate key elements of the process:

• Automated Identification: Implement systems that automatically flag accounts meeting the dormancy criteria (e.g., no activity for 'X' months). This reduces human error and ensures timely identification.
• Automated Communication Workflows: Utilise CRM systems and communication platforms to trigger automated pre-dormancy and dormancy notifications via integrated email, SMS, and even print mail services. These systems can track delivery status and customer responses.
• Data Analytics: Employ data analytics to identify patterns in dormant accounts, such as common dormancy durations, reasons for non-response, or demographics of customers with dormant accounts. This can inform communication strategies and policy refinements. For example, knowing that older customers respond better to postal mail can adjust contact methods.
• KYC/AML System Integration: Integrate dormant account management with Know Your Customer (KYC) and Anti-Money Laundering (AML) systems. When an account is reactivated, the system can automatically trigger updated CDD requirements, linking to identity verification services to streamline the process.
• Secure Archiving and Audit Trails: Digital systems can securely archive dormant account records, correspondence, and transaction histories, providing an immutable audit trail crucial for regulatory reporting and internal reviews. This ensures compliance with data retention requirements under MLRs 2017 and UK GDPR.
• Customer Self-Service Portals: Develop secure online portals where customers can verify their identity, update contact details, reactivate their accounts, or initiate fund withdrawal requests, subject to robust security checks. These portals can reduce customer service workload and empower customers.
• Fraud Detection Tools: Use advanced fraud detection algorithms to monitor dormant accounts for suspicious activity, such as unusual login attempts or transfer requests, which could indicate account takeover attempts.

By integrating these technological solutions, payment institutions can create a highly efficient, secure, and compliant dormant account management framework, freeing up resources and reducing operational risks.

What Happens to Funds in Unclaimed Dormant Accounts?

The ultimate fate of funds in truly unclaimed dormant accounts can vary, though payment institutions generally face different expectations than traditional banks. For banks and building societies under the Dormant Bank and Building Society Accounts Act 2008, unclaimed funds (after 15 years of dormancy) are transferred to Reclaim Fund Ltd (RFL), which then distributes money to good causes via the Big Lottery Fund, whilst ensuring the original customer retains the right to reclaim their funds at any time.

For payment institutions and e-money institutions, the situation is less clear-cut as they are not subject to the 2008 Act. Key considerations include:

• Safeguarding Requirements: Until funds are legitimately returned to the customer, they remain subject to safeguarding requirements under PSRs 2017 or EMRs 2011. This means they must remain segregated and protected.
• No Absolute Right to Escheatment: Payment institutions generally do not have an automatic right to 'escheat' (take ownership of) unclaimed funds, especially given their role as facilitators of payments rather than deposit-takers.
• Contractual Terms: A firm’s terms and conditions might stipulate what happens to unclaimed funds after an extended period and numerous unsuccessful attempts to contact the customer, but these clauses must be fair and transparent under consumer protection law.
• Voluntary Donation to Charity: Some payment institutions, after fulfilling all due diligence requirements and extensive efforts to contact customers over a very long period (e.g., 5-7+ years), may choose to donate funds to a registered charity. This decision should involve legal counsel to ensure there is no breach of trust or regulatory obligation, and that a clear policy and process are followed, making it clear that funds can still be reclaimed by the customer. This approach aligns with the spirit of the Dormant Accounts Act, even if not directly mandated.
• Permanent Liability: In many cases, absent explicit legal provisions allowing escheatment, payment institutions may simply hold onto dormant funds indefinitely, maintaining a permanent liability to the customer while ensuring safeguarding. This can create long-term administrative burdens, highlighting the importance of robust initial contact efforts.

The FCA expects firms to use their best endeavours to reunite customers with their funds. Any policy regarding the ultimate disposal of unclaimed funds should be developed in consultation with legal and compliance experts, ensuring it is transparent, fair, and defensible from a regulatory perspective.

Conclusion

Managing dormant accounts effectively is a cornerstone of regulatory compliance and good customer treatment for UK payment institutions. By establishing clear policies, leveraging technology for proactive engagement, and adhering strictly to safeguarding, AML, and consumer protection regulations, firms can mitigate risks, maintain their reputation, and ensure fair outcomes for all customers. Firms are encouraged to review their existing dormant account frameworks regularly, ensuring they are robust, fit for purpose, and aligned with the evolving expectations of the FCA and broader industry best practices. Remaining vigilant and proactive in this area is not just a regulatory obligation, but a fundamental aspect of responsible business conduct in the payment services industry.

### Further Resources: - FCA: Payments and e-money - Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 - The Payment Services Regulations 2017