Flawless Money Limited | A niche consultancy focusing on payments and dealing with the financial regulation of electronic money, money remittance, and other payments.

IT & Security

We help companies – from start-ups to multinationals – to create IT solutions which exploit new opportunities while managing risk and regulatory obligations.

For prospective e-money or payment service providers, we offer personalised advice on the IT requirements of becoming a regulated business. We will work with your IT staff to create a gap analysis report that identifies the actions needed to gain authorisation. Our reports prioritises the issues critical to getting authorised. We back this up with recommendations and support you with concrete guidance on aligning your policies and governance with the best practices in the payments industry.

For companies applying for authorisation as electronic money institutions (EMIs) or payment institutions (PIs), we can help you with preparing a comprehensive submissions for the UK Financial Conduct Authority (FCA) and other European regulators. We have a track record of successful guiding companies to authorisation. Drawing on our experience we help you answer the regulators IT controls questions precisely and aid you in creating effective IT documents for EMI authorisation, such as:

  • presenting an IT strategy and a governance structure to deliver it
  • specifying the roles and responsibilities of key IT personnel
  • writing a high level overview of an IT infrastructure for regulators
  • identifying, evaluating and managing IT-related operational risk
  • creating physical network infrastructure and system architecture diagrams
  • authoring IT security polices, procedures and standards
  • creating and testing business continuity and disaster recovery plans
  • assessing independent network penetration test results
  • managing records of security incident and follow up actions
  • establishing service level agreements for outsourcing

For established companies we offer a compliance review service and advice for specific projects. Our compliance reviews give boards and investors a robust and independent assessment of the adequacy of a company’s security controls. Our reviews find technical risks early. They allow senior management to be confident their IT keeps abreast of the latest regulatory requirements. We also offer more focused advice on the requirements around specific projects. For example, if your company offers new services or scales up its business we can tell you if there are new issues or controls you should consider.