Navigating EMI Distribution Networks and Agent Management in the UK

The Regulatory Framework for EMI Agent Networks The primary regulatory framework governing Electronic Money Institutions’ (EMIs’) distribution networks and agents in the UK is the **Electronic Money Regulations 2011** (EMRs 2011), as amended. Specifically, Regulation 34 of the EMRs 2011 permits an EMI to issue electronic money through a person acting on its behalf. This provision establishes the legal basis for an EMI to appoint agents to distribute its electronic money products and services. The Financial Conduct Authority (FCA), as the UK’s prudential and conduct regulator for EMIs, provides further guidance on these arrangements, emphasising the EMI’s overarching responsibility for its agents’ actions. The EMRs 2011 transpose the second Electronic Money Directive (2EMD) into UK law, setting out stringent requirements designed to protect consumers and maintain market integrity.

An EMI appointing an agent effectively outsources a critical part of its regulated activity. Therefore, the FCA expects the EMI to retain full responsibility for ensuring that its agents comply with the EMRs 2011 and other relevant legislation, including the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs 2017). This includes ensuring agents adhere to customer due diligence (CDD) procedures, anti-money laundering (AML) policies, and safeguarding requirements. The regulatory expectation is clear: the EMI remains accountable, irrespective of the contractual arrangements in place with its agents. This strict liability principle underscores the importance of thorough due diligence, rigorous monitoring, and comprehensive training for all agents within the network. For a broader overview of EMI licensing, refer to our article on Obtaining an EMI Licence in the UK.

Essential Due Diligence and Onboarding Procedures for Agents Thorough due diligence is paramount when onboarding new agents into an EMI’s distribution network. An EMI must conduct comprehensive checks on prospective agents to assess their suitability, capability, and integrity, thereby mitigating regulatory, financial, and reputational risks. The FCA’s guidance, particularly its Perimeter Guidance (PERG 15.6.5G), highlights the need for robust assessments.

The due diligence process should encompass several key areas: - Financial Standing: Assess the agent’s financial stability and resources to ensure it can effectively manage its operations and meet any financial commitments to the EMI. This might involve reviewing financial statements, credit reports, and business plans. - Operational Capability: Evaluate the agent’s infrastructure, systems, and personnel to determine its ability to deliver the EMI’s services compliantly and efficiently. This includes assessing IT security, data protection measures, and customer service capabilities. - Regulatory and Compliance Framework: Verify that the agent has appropriate policies, procedures, and controls in place to comply with relevant regulations, including AML, data protection (GDPR), and consumer protection rules. This involves reviewing existing compliance manuals, training records, and internal audit reports. - Reputational Assessment: Conduct background checks, media searches, and public record reviews to ascertain the agent’s reputation and identify any past regulatory breaches, criminal convictions, or adverse media attention. - Management and Ownership: Identify and scrutinise the agent’s key individuals, including directors, senior management, and significant shareholders, conducting fit and proper assessments akin to those for an authorised firm’s own personnel.

Once an agent is onboarded, the EMI must ensure that an appropriate agent registration or notification process is followed with the FCA, as required by Regulation 34(3) of the EMRs 2011. This typically involves submitting details about the agent and the services it will provide. The EMI must also ensure that comprehensive contractual agreements are in place, clearly defining the roles, responsibilities, liabilities, and remuneration of both parties. These agreements should explicitly state the agent’s obligation to adhere to the EMI’s policies and regulatory requirements. Failure to conduct adequate due diligence or to register agents correctly can lead to significant regulatory enforcement actions.

Safeguarding Customer Funds Within Agent Networks Safeguarding of customer funds is a cornerstone of EMI regulation, as stipulated in Regulation 21 of the EMRs 2011. The EMI is ultimately responsible for safeguarding relevant funds, even when those funds are initially received or held by an agent. This responsibility cannot be delegated. The EMRs 2011 provide two main methods of safeguarding: - **Segregation**: Funds are placed in a separate bank account from the EMI’s own operational funds, with explicit designation as “customer funds” or “safeguarded funds”. This account must be held at an authorised credit institution or the Bank of England. - **Insurance/Guarantee**: Funds are covered by an insurance policy or comparable guarantee from an insurance company or credit institution, protecting customers in the event of the EMI’s insolvency.

When an agent is involved in the collection or holding of customer funds, the EMI must establish robust controls to ensure these funds are safeguarded effectively and promptly transferred to the EMI’s designated safeguarding account. - Clear Procedures: The EMI must implement clear, written procedures for agents to follow when handling customer funds, including instructions on how and when to transfer funds to the EMI. - Regular Reconciliation: The EMI should conduct regular, at least daily, reconciliation of funds collected by agents against its own records and segregated accounts. Any discrepancies must be investigated and resolved immediately. - Segregated Agent Accounts: While agents are not EMIs themselves, it is often prudent for EMIs to require agents to use separate, designated accounts for customer funds, even if temporarily, before transferring them to the EMI’s safeguarding account. This minimises the risk of commingling. - Contingency Planning: EMIs must have clear contingency plans in place for situations where an agent becomes insolvent or defaults, ensuring customer funds remain protected.

The FCA published “Approach to Payment and E-Money Institutions” which reiterates the critical nature of safeguarding and the EMI’s responsibility. Any failure in safeguarding, even at the agent level, can result in severe penalties for the EMI, including fines, restrictions, or even revocation of its authorisation. For more insights on this, refer to our article on EMI Safeguarding Fundamentals.

Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) Controls Extending robust Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) controls throughout the agent network is a critical regulatory obligation for EMIs under the **Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017** (MLRs 2017). The EMI is ultimately responsible for ensuring that its agents comply with the MLRs 2017, just as it would for its own direct operations.

Key aspects of AML/CTF controls within agent networks include: - Risk Assessment: The EMI must conduct a thorough business-wide risk assessment that specifically considers the AML/CTF risks posed by its agent network, including geographical risks, product risks, customer risks, and delivery channel risks associated with agents. This assessment should be regularly updated. - Agent-Specific Policies and Procedures: The EMI must develop and implement bespoke AML/CTF policies and procedures that agents are required to follow. These should cover: - Customer Due Diligence (CDD): Agents must conduct appropriate levels of CDD, including simplified due diligence (SDD), standard CDD, and enhanced due diligence (EDD), based on the EMI’s risk-based approach. This includes identity verification, beneficial ownership identification, and ongoing monitoring. - Transaction Monitoring: Agents must be equipped to monitor transactions for suspicious activity and report any red flags to the EMI’s Money Laundering Reporting Officer (MLRO). - Sanctions Screening: Agents must conduct sanctions screening against relevant lists (e.g., HM Treasury, OFSI) for all customers and transactions. - Record Keeping: Agents must maintain accurate and comprehensive records of all CDD performed, transactions processed, and suspicious activity reports (SARs) submitted to the EMI. - Training: Comprehensive and ongoing AML/CTF training must be provided to all agent staff involved in handling electronic money services. This training should cover the EMI’s specific policies, regulatory obligations, and methods for identifying and reporting suspicious activity. - Oversight and Monitoring: The EMI must implement a robust framework for monitoring agent compliance, including regular audits, site visits, and performance reviews. Any breaches or deficiencies identified must be addressed promptly. - Reporting: Agents must have clear channels for reporting suspicious activity to the EMI’s MLRO, who is then responsible for assessing and, if necessary, submitting Suspicious Activity Reports (SARs) to the National Crime Agency (NCA).

Failure to adequately extend AML/CTF controls to the agent network is a significant regulatory failing and can lead to substantial fines, reputational damage, and loss of authorisation. The FCA has a strong focus on effective AML systems and controls across entire business models, including distribution networks.

Ongoing Monitoring, Auditing, and Governance of Agent Networks Effective ongoing monitoring, regular auditing, and robust governance are indispensable for ensuring an EMI’s distribution network remains compliant and operates efficiently. The **Senior Managers and Certification Regime (SMCR)**, although primarily applicable to solo-regulated firms at its most extensive, still influences the FCA’s expectations regarding accountability and governance within EMIs, particularly for those individuals with responsibility for agent networks.

Key elements of ongoing oversight include: - Performance Monitoring: Regularly assess agents’ operational performance against agreed Service Level Agreements (SLAs), key performance indicators (KPIs), and regulatory requirements. This includes metrics such as transaction volumes, error rates, customer complaint handling, and adherence to safeguarding protocols. - Compliance Audits: Conduct periodic, independent audits of agents’ operations to verify adherence to the EMI’s policies, procedures, and regulatory obligations. These audits should cover financial controls, safeguarding, AML/CTF measures, data protection, and customer service standards. Audits can be both remote and on-site. - Risk Management Framework: Maintain an overarching risk management framework that specifically identifies, assesses, monitors, and mitigates risks associated with the agent network. This includes operational risk, compliance risk, reputational risk, and financial risk. - Regular Reviews and Reporting: Establish a schedule for regular reviews of agent relationships, including performance reviews, compliance reviews, and contractual reviews. Senior management and the board should receive regular reports on the performance and compliance status of the agent network, highlighting any key risks or issues. - Training and Support: Provide ongoing training and support to agents, ensuring they are kept abreast of any changes in regulatory requirements, internal policies, or product offerings. This continuous professional development is crucial for maintaining compliance standards. - Complaint Handling: Ensure that agents have clear procedures for handling customer complaints and that these complaints are escalated to the EMI in a timely and effective manner. The EMI remains responsible for ensuring fair and prompt resolution of customer complaints. - Contractual Management: Proactively manage contractual agreements with agents, including renewal processes, amendments, and termination procedures, ensuring they remain fit for purpose and reflect current regulatory expectations and business needs.

The FCA expects EMIs to demonstrate proactive and preventative oversight. Any identified shortcomings in an agent’s operations or compliance must be promptly addressed, with clear action plans and remedial measures implemented. Failure to do so can indicate systemic control weaknesses at the EMI level, attracting regulatory scrutiny.

Regulatory Reporting and Communication with the FCA Accurate and timely regulatory reporting is essential for EMIs, and this extends to activities conducted through their agent networks. The **FCA’s supervision strategy** for EMIs places a strong emphasis on firms understanding and managing their risks, including those arising from outsourced activities and agent relationships.

Key aspects of regulatory reporting and communication with the FCA include: - Agent Notification: As per Regulation 34(3) of the EMRs 2011, EMIs must notify the FCA of their intention to appoint an agent that will perform payment services or issue electronic money. This notification must include details of the agent and the services it intends to provide. The FCA maintains a Register of Payment and E-money Institutions, which includes details of registered agents. - Financial Reporting: EMIs must submit regular financial reports to the FCA, including details of e-money issued, transaction volumes, and safeguarding balances. These reports must accurately reflect the aggregated activities of the EMI and its agents. - AML/CTF Reporting: Beyond Suspicious Activity Reports (SARs) to the NCA, EMIs are also subject to broader AML/CTF reporting requirements to the FCA, such as annual financial crime reports. The data from agent networks will be crucial inputs into these reports. - Breach Reporting: EMIs have a regulatory obligation to notify the FCA of any significant breaches, whether they occur at the EMI or agent level. This includes actual or potential breaches of regulatory requirements, safeguarding failures, or significant operational disruptions that could impact customers. - Material Changes: The EMI must inform the FCA of any material changes to its business model, ownership, key personnel, or agent network. For example, the appointment of a significant new agent or a substantial change in an agent’s services would typically require notification. - Ad Hoc Information Requests: The FCA may make ad hoc requests for information regarding an EMI’s agent network, including details of agents, their activities, compliance arrangements, and risk assessments. EMIs must be prepared to provide this information promptly and accurately. - Prudential Returns: Though EMIs are not subject to the same capital requirements as banks, they do have prudential reporting obligations, and the scale and nature of their agent network can influence the FCA’s assessment of their operational solvency and risk profile.

Maintaining open and transparent communication with the FCA is vital. Proactive engagement with the regulator on issues pertinent to the agent network demonstrates good governance and a commitment to compliance. Failure to comply with regulatory reporting obligations can lead to enforcement action, particularly if information provided is inaccurate or misleading, underlining the importance of strong internal data collection and reporting mechanisms.

Future Trends and Best Practices in Agent Management The landscape of EMI distribution networks is continually evolving, driven by technological advancements, changing consumer expectations, and increasing regulatory scrutiny. Adopting future trends and best practices is crucial for EMIs to maintain a competitive edge and ensure ongoing regulatory compliance.

Key trends and best practices include: - Leveraging Technology for Oversight: Employing RegTech solutions for enhanced agent monitoring, compliance checks, and data analytics. This can include automated transaction monitoring systems that cover agent-initiated payments, AI-powered tools for identifying suspicious patterns, and digital platforms for managing agent onboarding and training. Such technology can significantly improve the efficiency and effectiveness of oversight. - Data-Driven Risk Management: Utilising data analytics to gain deeper insights into agent performance, customer behaviour, and emerging risks. This allows for more targeted interventions and a dynamic, risk-based approach to agent management. For example, identifying agents with higher complaint volumes or higher rates of suspicious transactions. - Standardisation and Scalability: Developing highly standardised and scalable processes for agent onboarding, training, and ongoing management. This is critical for EMIs looking to expand their networks efficiently while maintaining consistent compliance standards. - ESG (Environmental, Social, and Governance) Considerations: Incorporating ESG factors into agent due diligence and ongoing monitoring. This includes assessing an agent’s ethical practices, labour standards, and data privacy policies, reflecting a broader shift in regulatory and societal expectations for responsible business conduct. - Enhanced Cyber Security Measures: As agents often interact directly with customers and handle sensitive data, ensuring robust cyber security protocols are in place across the entire network is paramount. This includes regular security audits, mandatory cyber security training for agent staff, and clear incident response plans. - Collaborative Compliance Models: Fostering a culture of collaborative compliance where the EMI acts as a partner to its agents, providing ongoing support, training, and resources to help them meet regulatory obligations, rather than solely adopting a punitive oversight model. - Focus on Consumer Duty: With the introduction of the FCA’s Consumer Duty, EMIs must ensure their agent networks deliver outcomes that meet the higher standards of care for retail customers. This extends to product design, pricing, communication, and customer support provided through agents. Refer to our Consumer Duty guidance for more details.

By embracing these best practices, EMIs can build resilient, compliant, and efficient distribution networks that support their growth objectives while effectively managing regulatory risks and upholding consumer protection standards. The proactive adoption of these measures will position EMIs favourably in the eyes of the regulator and enhance their overall market credibility.