Chartered Accountants Ireland have issued Technical Release 01/2023 Safeguarding reporting for payment and electronic money firms.
The purpose of this Technical Release (TR) is to provide assistance to auditors who are engaged by Payment and Electronic Money (E-Money) institutions (the Firms) following a request from the Central Bank of Ireland to carry out an engagement pursuant to a letter to the Firms dated 20 January 2023 and a further communication on 25 May 2023. The TR was prepared in consultation with the Central Bank of Ireland.
The deadline for the reports is 31 October 2023.
The letter sent to payment and electronic money firms requested the firm to obtain a specific audit of compliance with the safeguarding requirements under the European Union (Payment Services) Regulations 2018 (“PSR”) and/or European Communities (Electronic Money) Regulations 2011 (“EMR”).
As set out in the Central Bank letter one of the most important objectives for the Central Bank is that user funds are protected. Recent submissions from the sector as well as other communications received from firms highlighted that one in four payment and e-money firms have self-identified deficiencies in the safeguarding risk management frameworks . The nature and scale of these deficiencies indicated that some firms do not have robust safeguarding arrangements in place.
The Firm has been asked to prepare a detailed document setting out a description of certain aspects of its organisational arrangements to secure its compliance with the relevant safeguarding requirements under the PSR/EMR and an assertion, approved by the board of directors, stating that in all material respects the description is fairly presented and the controls and processes included in the description were operating as described at the reference date. The statutory auditor (or other audit firm) performs a reasonable assurance attestation engagement, in relation to this assertion.
This engagement is separate from the statutory audit of the financial statements of the Firms and does not in any way form part of the statutory audit and may be carried out by the Firm’s statutory auditor or other audit firm. This guidance has been prepared in consultation with the Central Bank.
This TR should be read in conjunction with International Standard on Assurance Engagements 3000 (Revised) “Assurance engagements other than audits or reviews of historical financial information” (ISAE 3000 (Revised)).