Safeguarding is the requirement for payment institutions (PIs) and electronic money institutions (EMIs) to protect the funds they hold on behalf of customers. The rules ensure that, if a firm becomes insolvent, customer funds can be identified, separated from the firm’s own assets, and returned quickly. In the UK, safeguarding obligations are set out in the Payment Services Regulations 2017 (PSR 2017) and the Electronic Money Regulations 2011 (EMR 2011), and from 7 May 2026 under the new consolidated regime introduced through CASS 15 of the FCA Handbook.
Safeguarding requirements apply to authorised payment institutions other than firms that solely provide payment initiation services or account information services, authorised electronic money institutions, small electronic money institutions, and credit unions that issue e-money in the UK. Small payment institutions may opt in voluntarily. The rules apply whenever a firm holds funds received from payment service users in connection with a payment transaction, or funds received in exchange for electronic money issued by the firm. Firms must implement and maintain safeguarding arrangements from the point they begin holding relevant funds.
Firms have two main approaches to safeguarding available to them:
Relevant funds must be held in a designated safeguarding account with an authorised credit institution, or invested in secure, liquid assets such as qualifying money market instruments or government bonds held in a separate account. The funds must be kept separate from the firm’s own money at all times.
As an alternative to segregation, firms can cover relevant funds with an insurance policy or guarantee from an authorised insurer. The policy or guarantee must be for an appropriate amount, held independently of the firm, and accessible to customers in the event of insolvency.
The FCA’s Policy Statement PS25/12 introduces a consolidated safeguarding regime embedded in CASS 15 of the FCA Handbook. From 7 May 2026, the FCA’s strengthened safeguarding regime under CASS 15 and related rules materially expands and supplements the existing safeguarding framework for in-scope firms. Key changes are summarised below.
Firms must perform both internal and external safeguarding reconciliations on every reconciliation day (excluding weekends, UK bank holidays, and days when relevant foreign markets are closed). Reconciliations must follow a documented and consistent methodology, cover all relevant funds and accounts, and be completed to a D+1 standard. The FCA expects firms to evidence the design, implementation, and operating effectiveness of their reconciliation processes.
Firms that have safeguarded above £100,000 at any point over a rolling 53-week period must arrange an annual independent safeguarding audit with a qualified auditor. The audit must assess two things: whether the firm maintained adequate safeguarding systems throughout the audit period, and whether it was compliant at the period end. The first audit report must be submitted to the FCA within six months of the period end. For subsequent years, the deadline is four months.
Firms must submit a monthly safeguarding return to the FCA within 15 business days of each month end. The return covers the total safeguarding requirement, the method or methods used, reconciliation results, any shortfalls and their rectification, whether any notifiable CASS 15 breach circumstances arose and were notified, and details of safeguarding accounts, assets, and insurance or guarantee arrangements.
Firms must maintain a resolution pack — a living document that links to the firm’s current reconciliations, safeguarding account contracts, acknowledgement letters, and account information. The pack must be structured so that an insolvency practitioner can quickly identify and access relevant funds without relying on key personnel or internal systems.
Firms that have safeguarded above £100,000 at any point over a rolling 53-weekperiod must arrange an annual independent safeguarding audit with a statutoryauditor. The audit must assess two things: whether the firm maintained adequatesafeguarding systems throughout the audit period, and whether it was compliant atthe period end. The first audit report must be submitted to the FCA within six monthsof the period end. For subsequent years, the deadline is four months.
The Financial Reporting Council published interim guidance in March 2026 to support safeguarding assurance engagements during the transition to the FCA’s new Supplementary Regime. In practice, the guidance signals a more structured, controls-based approach to safeguarding audits and gives firms a clearer indication of the areas likely to attract audit scrutiny.
Key developments from the FRC guidance include:
The guidance also recognises that the transition into the new regime may require firms to evidence how legacy safeguarding arrangements have been carried forward into the CASS 15 framework during the implementation period.
In practice, many PIs and EMIs face similar difficulties in meeting safeguarding requirements:
We provide automated reconciliation, managed oversight, gap reviews, and a full audit readiness programme through our Macrobank platform.
