UK response to Wirecard insolvency highlights the importance of operational resilience

The Financial Conduct Authority’s decision to temporarily curtail Wirecard’s UK business had a knock-on effect for the fintech firms which rely on its services. As those firms sought to resume services as quickly as possible, there are lessons to be learned for the fintech sector and its approach to operational resilience.

The FCA’s immediate response to Wirecard

The news of German payments provider Wirecard entering into insolvency proceedings in the wake of a €1.9bn alleged accounting fraud has shaken the European fintech industry.

In the UK the FCA temporarily imposed restrictions on Wirecard’s UK subsidiary, a regulated payment institution which issues e-money onto prepaid cards. These restrictions meant that Wirecard Card Solutions Limited (Wirecard UK):

  • must not dispose of any assets or funds
  • must not carry on any regulated activities
  • must set out a statement on its website and communicate to customers that it is no longer permitted to conduct any regulated activities.

In a statement, the FCA said that its primary objective is to “protect the interests and money of consumers who use Wirecard”. This action has come soon after the FCA consulted on new guidance for payments firms on safeguarding customer money.

Certain of the requirements imposed have since been lifted, subject to close monitoring, allowing Wirecard UK to resume regulated activity, issuing e-money and providing payment services.

Impact on wider fintech industry

Several UK fintech firms rely on Wirecard UK’s services for operational support, as they use Wirecard UK’s technology to issue prepaid cards and process payments. For the period that Wirecard UK was unable to perform regulated payment activities, these fintechs were unable to access those Wirecard services. As a result, they were having to restrict the services they provided to their customers.

Some fintechs had to tell their customers that their accounts were temporarily inaccessible. Others were able to find workarounds and/or switch to alternative providers. The Department for Work and Pensions set up a dedicated team to assist individuals who could no longer receive their benefits payments through apps or cards associated with Wirecard.

Regulatory focus on operational resilience

The Wirecard incident has shone another light on the sorts of events which require appropriate operational resilience planning and procedures. Business disruption, like that caused by the failure of a third party provider, is inevitable. This is a view shared by the UK regulators who are currently consulting on new rules aimed at improving the resilience of firms across financial services. The FCA’s statement on Wirecard UK specifically mentions this consultation, as well as the EBA Guidelines on Outsourcing Arrangements which apply to e-money and payment firms.

Not all fintech firms would be subject to the FCA’s proposed operational resilience rules, but those caught would (among other things) need to:

  • identify their important business services and the people, processes, technology, facilities and information that support them
  • set impact tolerances for each important business service
  • test their ability to remain within those impact tolerances through a range of severe but plausible disruption scenarios.

As increasingly critical players in the financial services ecosystem, fintechs need to be mindful of this regulatory focus on outsourcing and operational resilience. Mapping the various elements on which their businesses rely is an important aspect. But, as recent days have shown, swift and effective communications plans can be equally important to mitigate harm at times of operational disruption.

What happens next?

In the short term, the FCA continues to monitor Wirecard UK’s activities and to work with them to progress matters relating to the remaining requirements. Affected firms are continuing to address the disruption to their customers and can expect to receive follow-up communications from the FCA.

In the longer term, fintech firms can expect to face increased scrutiny in relation to both their operational and financial affairs. Firms may look to learn from this incident and re-evaluate their responses to the FCA’s proposed operational resilience rules as a result.

It remains to be seen whether there will be a wider impact on industry confidence and future investment in the sector.