Financial Oversight of Direct Payments & Personal Budgets

We recently announced that PPL is now formally licenced by the Financial Conduct Authority (FCA) in relation to the client funds that we hold and process as part of our Virtual Wallet solution for direct payments & personal budgets. 

We took this step following initial discussions with our long-standing banking partner and subsequent advice from a number of professionals within the financial services and payments sector.  Whether or not organisations that are holding and processing direct payments & personal budgets should be regulated by the FCA does seem to have been overlooked and could be considered a ‘grey area’.   We took the cautious view, ultimately concluding that it would provide our customers, stakeholders & partners with the assurance that we are meeting the very highest standards in accounting for and managing the client funds that we hold. 

This article explores the wider question of whether other organisations that are processing or holding direct payments & personal budgets should also be applying for a licence from the FCA. 

Current market position

We are not aware of any organisations that operate ‘managed accounts’ or ‘third-party budgets’ that are formally regulated by the FCA or any other body.  However, it is worth noting that firms providing pre-paid card solutions for direct payments and personal budgets are formally regulated by the FCA.

Conceptual position

Organisations that are holding and processing direct payments & personal budgets do so in accordance with (i) their contract with the funding authority; and (ii) the instructions of the individual and the provisions of the relevant support plan and direct payment agreement. 

A responsible organisation will of course seek to establish some internal policies and processes to prevent fraud, waste and abuse.  However, a fundamental point is that those organisations are holding and processing vast sums of money on behalf of clients. 

Regulatory position

Every organisation holds money (in its bank account) and processes payments (for example to its staff and suppliers) as part of its day-to-day operations, and for which they don’t need a licence for.  However, any organisation that is holding funds or processing payments on behalf of others as part of its regular activities should consider the scope of the Payment Services Regulations 2017.   

The FCA states that the Payment Services Directive affects you if:  “Your business receives customer money before passing it on to a seller.  This includes receiving money into an account in your name, whether a bank account or electronic money account or an account with your merchant acquirer. If so, you may be providing a payment service e.g. the transfer of money between parties (money remittance) or operating a payment account for customers”.   A breach is punishable via imprisonment of up to two years and/or a fine. 

Potential Exemption

At first glance, it seems that ‘managed accounts’ or ‘third-party budget’ organisations are covered by the scope of the Payment Services Directive (and therefore should be regulated by the FCA).  The only exception to this is if an exemption applies.

The first thing to note is that being a charity or not-for-profit organisation does not create an exemption, nor does merely utilising a ‘client bank account’ or the fact that the original source of funds is often a public body. 

The primary exemption that could apply within the direct payments & personal budgets sector is the ‘Limited Network Exemption’.  This basically covers things such as fuel cards or store cards, that can only be used in very specific circumstances.  The FCA gives an example of “pre-paid cards provided by local authorities to benefit recipients for use at a specified chain of grocery stores” as being exempt.  The FCA’s more general guidance states that for the exemption to apply there must be a very limited range of goods & services and the network of service providers cannot be continuously growing.   This may be true if we think of one individual’s arrangements (assuming they only have small number of providers), but not when viewed across multiple individuals.   More generally, given that direct payments & personal budgets are all about ‘choice and control’ for the individual, it is hard to see how the Limited Network Exemption can apply.  It should also be noted that any organisation that utilises the Limited Network Exemption must formally notify the FCA if the value transacted exceeds €1 million in any 12 month period and justify why it is exempt. 

Why has this not been flagged previously?

Firstly, it is important to note that the original model of direct payments being paid in to a bank account setup by the individual does not fall within the scope of Payment Services Regulations.  It is ‘managed accounts’ and ‘third party budgets’ that potentially do, and the likely answer to the question of why this hasn’t been flagged as an issue previously is because it is such a specialised and unique situation that people haven’t stepped back and thought of the activities as being a ‘financial service’.  

In other sectors, there are organisations that hold or process money on behalf of others (such as solicitors or landlord managing agents).  However, these are generally understood to be excluded from the scope of the Payment Services Regulations as they are either regulated elsewhere (in the case of solicitors) or it is an ancillary activity (in the case of landlord managing agents).   

More generally, many ‘normal’ organisations do outsource their payroll activities, but this does not get caught by the Payment Services Regulations as they don’t actually ‘touch’ the money as they simply send a file of what is to be paid to the organisation’s bank account (called a ‘BACS bureau’).    

Specifically within the sector, the Chartered Institute of Payroll Professionals did flag potential compliance issues up in an article in 2018, specifically citing the example of an organisation providing payroll services in a direct payments scenario, concluding that “it is likely that they are providing payment services and possibly even issuing e-money”. 

Conclusion

When we first set up our Virtual Wallet solution in 2016, it did strike us as odd that there were relatively few barriers to doing so.  Although being licenced by the FCA does have significant implications for us, it intuitively feels that because we are holding and processing such large sums of public money and working with vulnerable people, some external oversight and regulation is appropriate. 

The FCA issues ‘perimeter guidance’ that helps organisations understand whether the rules apply to them, but ultimately states that organisations should take their own legal advice in order to avoid committing a criminal offence.    

James Borley of the advisory firm Compliancy Services Limited who worked with PPL to support us with our FCA licence application says: “It is dangerous to generalise, as each case depends upon how the model operates, but it would seem that all of the stakeholders in this sector should be considering the compliance requirements”. 

Why does it matter?

We estimate that there are between 30,000 and 60,000 ‘managed accounts’ and ‘third party budgets’ in England, which translates to annual payments of between £250m and £750m.   It likely impacts every Local Authority and Clinical Commissioning Group in England and between 50 and 100 provider organisations. 

What next?

We have already started to see some Local Authorities and Clinical Commissioning Groups incorporating FCA compliance into their tenders for direct payments and personal budget services.  Whilst others may rely on catch-all provisions within their contracts that state that providers must comply with all relevant rules and regulations, they should consider:

• Reviewing their local models in light of the Payment Services Regulations 2017 and the FCA’s Perimeter Guidance Manual.
• Discussing compliance issues with their provider(s) and agreeing suitable actions.
• Incorporating questions about FCA compliance into any future tenders.

Migrating existing ‘managed accounts’ and ‘third party budgets’ to self-service bank accounts, a pre-paid card solution or to a solution such as Virtual Wallet is an option.   However, ‘managed accounts’ do fill a gap where self-service bank accounts are not always appropriate.   Pre-paid cards do have limitations (an organisation that uses them to manage people’s direct payments and personal budgets would still themselves fall under the regulations) and the fines recently imposed on some of the major players for operating illegal cartels when providing prepaid cards for Local Authorities may pose a challenge.  

Providers of services should review their own models.  It may be that they can utilise an exemption or make changes to their model to avoid being caught by the regulations (notwithstanding our view that external oversight and regulation is actually not a bad thing!).  In due course, we intend to explore ways that PPL may be able to support other providers of ‘managed accounts’ and ‘third-party budgets’ to be compliant via PPL potentially appointing other organisations as our agents or our distributors. 

To discuss any of the matters raised in this article, please get in touch with David Bowes at PPL (dbowes@publicpartnerships.co.uk or 07932 678845).

For discuss how Compliancy Services Limited can assist you with considering the regulations, please get in touch with James Borley at CSL (james.borley@compliancy-services.co.uk or 020 3457 3177).