PSR Compliance Risk Register Template (with Heat Mapping) For Payment Institutions, E-Money Institutions & RAISPs

THE PROBLEM

Generic compliance risk registers do not work for Payment Services Firms!

Standard templates cover the basics — conduct risk, financial crime, data protection — but they miss the risks that keep PSR compliance officers awake at night. Safeguarding. Strong Customer Authentication. Agent oversight. Capital adequacy. Operational security incident reporting. Payment services disclosures.

These are not niche concerns. They are the regulatory foundations of every PI, EMI, and RAISP. When the FCA's safeguarding multi-firm review identifies deficiencies, or the Payment Systems Regulator tightens APP fraud requirements, you need a risk register that captures these exposures in the same structured framework as your broader compliance risks.

Using a risk register designed for general FCA-authorised firms means your most critical PSR-specific risks either get bolted on inconsistently or, worse, are not captured at all.

This template was built specifically for Payment Services Firms, from the ground up.

WHAT YOU GET

A comprehensive Excel workbook with 7 fully structured worksheets:

1. Executive Dashboard

Visual summary of your entire PSR risk landscape. Auto-populating risk counts by category (Critical, High, Medium, Low), a colour-coded 5x5 heat map, and at-a-glance metrics. PSR-specific categories are highlighted separately so the Board can see payment services risks alongside general compliance risks. Board-ready from the moment you begin populating.

2. Risk Register

The core working sheet with 50 pre-formatted rows, dropdown menus for all scoring fields, and auto-calculating inherent and residual risk scores. Includes 10 pre-populated sample risks specific to payment services — from safeguarding failures to SCA deficiencies — demonstrating best practice completion. PSR-specific categories are marked with a blue highlight and star icon for instant identification.

3. Action Tracker

Linked mitigation actions with priority ratings, assigned owners, target dates, and status tracking. Every identified risk has a clear path to treatment with accountability built in.

4. Scoring Methodology

Customisable 5x5 matrix with a PSR-adjusted impact scale that includes a dedicated Client/Safeguarding Impact column. This ensures that risks affecting client funds and safeguarded monies are assessed with appropriate severity — a safeguarding breach that could result in client fund loss automatically scores at the highest impact level.

5. Risk Categories

17 compliance risk categories — 11 standard categories plus 6 PSR-specific categories:

Standard Categories: Regulatory Change, Conduct Risk, Financial Crime, Data Protection, Operational Resilience, Outsourcing, Complaints, Conflicts of Interest, Training and Competence, Governance, Consumer Duty.

PSR-Specific Categories (marked with star):

• Safeguarding (PSRs 2017 Reg 23, EMRs 2011 Reg 21),
• Operational Security (PSRs 2017 Reg 98-100),
• Strong Customer Authentication (PSRs 2017, RTS on SCA),
• Agent and Distributor Oversight (PSRs 2017 Reg 36-37,
• EMRs 2011 Reg 34-36),
• Capital Adequacy / Own Funds (PSRs 2017 Reg 18-22, EMRs 2011 Reg 19),
• Payment Services Disclosures (PSRs 2017 Part 6).

6. Risk Identification Prompts

Structured question prompts for all 17 risk categories, with PSR-specific prompts addressing safeguarding reconciliation, SCA exemption criteria, agent registration, capital monitoring, incident reporting timeframes, and framework contract disclosures. Use for workshops or desk-based assessments.

7. Regulatory Reference

Quick-reference tab with key provisions from PSRs 2017 (Reg 18-22, 23, 36-37, Part 6, Reg 98-100), EMRs 2011 (Reg 19, 21, 34-36), RTS on SCA, MLR 2017, and PRIN 2A (Consumer Duty), with links to FCA Approach Documents.

10 PRE-POPULATED SAMPLE RISKS

To demonstrate best practice completion, the register includes 10 worked examples specific to payment services:

• Failure to safeguard relevant funds by end of business day
• Inadequate segregation of safeguarded funds from operational funds
• Major incident not reported to FCA within required timeframe
• Strong Customer Authentication not applied where required
• Inadequate transaction monitoring for payment fraud patterns
• Unregistered agents providing payment services
• Own funds falling below minimum regulatory requirement
• Fair value not evidenced for payment service charges
• Framework contracts missing required PSR information
• SMF holders unclear on payment services regulatory responsibilities

PSR-ADJUSTED IMPACT SCALE

Unlike generic risk registers, the scoring methodology includes a Client/Safeguarding Impact column calibrated to payment services:

Score 1 (Insignificant): No client fund impact

Score 2 (Minor): Minimal safeguarding delay

Score 3 (Moderate): Temporary safeguarding shortfall

Score 4 (Major): Material safeguarding breach

Score 5 (Catastrophic): Client fund loss, insolvency risk

KEY FEATURES

• 17 risk categories (11 standard + 6 PSR-specific)
• 5x5 scoring matrix with PSR-calibrated impact scale
• Auto-generating heat map with colour-coded risk visualisation
• Client/Safeguarding impact column unique to PSR version
• Dropdown menus throughout for consistent data entry
• Auto-calculating inherent and residual risk scores
• 10 PSR-specific worked examples
• Action tracker with owner assignment and due date monitoring
• Regulatory Reference tab with PSRs 2017 and EMRs 2011 provisions
• Board-ready dashboard with PSR category highlighting

REGULATORY ALIGNMENT

- PSRs 2017 — Payment Services Regulations

- EMRs 2011 — Electronic Money Regulations

- RTS on SCA — Strong Customer Authentication

- SYSC 7.1 — Risk control requirements

- SYSC 6.1 — Compliance function obligations

- PRIN 3 — Management and control

- PRIN 2A — Consumer Duty

- MLR 2017 — Money Laundering Regulations

- FCA Approach Documents for Payment Services

WHO IS THIS FOR?

• Compliance Officers at Payment Institutions
• Compliance Officers at E-Money Institutions
• MLROs at Payment Services Firms
• Senior Managers at PIs, EMIs, and RAISPs
• Compliance Consultants advising Payment Services Firms
• Firms applying for PI or EMI authorisation
• Firms preparing for FCA safeguarding reviews

FILE FORMAT

Microsoft Excel (.xlsx) — fully editable, no macros required.

Compatible with Microsoft 365, Excel 2016+, and Google Sheets.

HOW THIS DIFFERS FROM THE STANDARD VERSION

The standard Compliance Risk Register Template (£149) covers 11 risk categories suitable for general FCA-authorised firms. This PSR version adds 6 specialist categories, a PSR-adjusted impact scale with Client/Safeguarding weighting, 10 PSR-specific sample risks, PSR-tailored risk identification prompts, and a Regulatory Reference tab mapped to PSRs 2017 and EMRs 2011.

If your firm is a Payment Institution, E-Money Institution, or RAISP, this is the version you need.

Includes VAT at 20%. If you are a business and need a VAT Receipt, please ask.