What is safeguarding and why does it matter for payment services and e-money firms?

CASS 15 safeguarding customer funds: what firms need to get right ahead of May 2026

Audit & Assurance
Corporate
Planning

Safeguarding has become a major area of regulatory focus for payment services and e-money firms, particularly as the FCA prepares to introduce a strengthened safeguarding regime.

This blog goes back to the core principles, explaining what safeguarding is, who it applies to, and how it is expected to work day to day. It also outlines why the FCA has strengthened its approach to regulatory requirements in recent years and highlights the main areas organisations need to get right as they prepare for the new safeguarding regime coming into force in 2026.

What is safeguarding?

Safeguarding is a regulatory requirement under FCA rules for payment services and e-money firms to protect customer funds by keeping them separate from a firm’s own operational money.

For example, if a firm becomes insolvent, safeguarding is designed to ensure that customers can recover their funds swiftly and in full, without those funds being absorbed into the insolvency estate.

Safeguarding requirements are set out in the Payment Services Regulations 2017 (PSRs) and the Electronic Money Regulations 2011 (EMRs). They are supported by the FCA’s Approach Document and, most recently, strengthened through PS25/12, which introduces a new supplementary safeguarding regime.

Who does safeguarding apply to?

Safeguarding applies to organisations that handle customer funds in the payments and e-money sector, including:

Authorised Payment Institutions (APIs)
Authorised and Small E-Money Institutions (EMIs)
Credit unions issuing e-money in the UK
Small Payment Institutions (where they opt in)

From May 2026, most authorised firms will also fall within scope of mandatory safeguarding audits.

Why has safeguarding become such a regulatory focus?

The FCA has been clear for several years that safeguarding arrangements across the sector are often not robust enough. Common issues include weak governance, poor reconciliations, inadequate third-party oversight, and a lack of credible wind-down planning.

Through a series of Dear CEO letters, interim rules – which we a currently entering – followed by the finalised end-state rules, the FCA’s objective is to:

Minimise safeguarding shortfalls
Improve control environments
Ensure customer funds can be returned efficiently and cost-effectively in an insolvency

The introduction of safeguarding audits and enhanced reporting is intended to drive consistency and accountability across the market.

How does safeguarding work in practice?

Segregation and timing

Customer funds must be segregated from the firm’s own money. While segregation should happen immediately on receipt, the formal safeguarding obligation applies on a T+1 (business day plus one) basis.

This means firms need robust processes to ensure funds are identified, segregated, and safeguarded within the required timeframe.

Reconciliations

Firms are expected to perform internal and external safeguarding reconciliations at least once per day, at the same time each day.

Any shortfall identified must be covered immediately. Reconciliations are a core control and a frequent area of FCA scrutiny.

The safeguarding method

Under the standard method, the safeguarding calculation must include relevant funds received but not yet safeguarded, relevant assets held in safeguarding accounts, and any relevant funds covered by insurance or guarantees. Negative balances are disregarded for the purposes of the calculation. However, firms must include any funds received that have not yet been allocated to an individual customer, which is an area that can frequently give rise to errors if not carefully monitored.

Governance, records and third-party oversight

Effective safeguarding goes beyond mechanics. Firms are expected to maintain a strong control environment, supported by clear documentation and oversight.

Key expectations include:

A master safeguarding document covering:
- Third-party arrangements and due diligence
- Periodic reviews of safeguarding institutions
- Safeguarding accounts and acknowledgement letters
- Policies and procedures
- Internal and external reconciliations
Periodic due diligence on safeguarding banks and suppliers, with preparation and review documented and board-approved
Insurance arrangements reviewed at least three months before renewal
A clearly identified responsible individual with safeguarding accountability
Credible wind-down and resolution planning, including the ability to return funds in an insolvency scenario

Safeguarding audits will also require a CASS-style resolution pack, aligned to the template set out in the CASS Handbook.

How has the safeguarding regime evolved?

The strengthened safeguarding regime did not emerge overnight. It has developed over several years of increasing regulatory scrutiny and supervisory intervention.

July 2019 – The FCA launched its safeguarding supervisory project, identifying widespread weaknesses in firms’ safeguarding arrangements.
May 2021 – A Dear CEO letter to e-money firms focused on the clarity of customer protections and safeguarding disclosures.
March 2023 – The FCA issued a further Dear CEO letter raising concerns around governance, control environments and auditor appointments.
September–December 2024 – The FCA consulted on proposed reforms through CP24/20.
7 August 2025 – The FCA published PS25/12, confirming the new supplementary safeguarding regime and providing a nine-month implementation period.
7 May 2026 – The supplementary safeguarding regime comes into force, including enhanced governance, reporting and audit requirements.

Will firms need a safeguarding audit?

For periods starting from 7 May 2026 all authorised payment institutions will require a safeguarding audit unless safeguarded funds have remained below £100,000 over the previous 53 weeks. Audit reports must be submitted within six months of the period end.

Where safeguarded funds exceed £100,000 on or after 7 May 2026, this triggers the start of a CASS 15 audit period (with a maximum length of 53 weeks). Firms should therefore monitor safeguarded balances on an ongoing basis to identify when the threshold is breached.

If the first audit period ends on or before 14 May 2027, the reporting deadline is extended to six months from the period end.

Firms that come into scope between 7 May 2026 and 6 July 2026 may wish to consider a shorter initial audit period ending on 14 May 2027 in order to benefit from this extended deadline. However, this will bring forward the timing of subsequent audit periods.

Key deadlines for submission

1^st audit submission deadline: within six months of the end of the firm’s reporting period.
Subsequent audit submissions: within four months of the end of the firm’s reporting period.

What are the new safeguarding reporting requirements?

Firms are also required to submit monthly safeguarding regulatory returns. These can be completed now and provide a valuable opportunity to identify and remediate issues before audits become mandatory.

How firms should be preparing now

With the FCA’s direction of travel clear, firms should not wait until the end of their first reporting period to test their arrangements. Areas to focus on now include:

Stress-testing safeguarding calculations and reconciliations
Reviewing third-party due diligence and documentation
Assessing governance, accountability and board oversight
Ensuring resolution and wind-down plans are practical, not theoretical

How Price Bailey can help

We are supporting payment services and e-money firms with pre-implementation “soft” safeguarding audits, designed to mirror the new audit requirements without the pressure of a formal regulatory submission.

These reviews help firms identify gaps early, prioritise remediation, and enter the new regime with confidence.

If you’d like to discuss a soft safeguarding audit or preparation support ahead of May 2026, please get in touch using the form below.

We always recommend that you seek advice from a suitably qualified adviser before taking any action. The information in this article only serves as a guide and no responsibility for loss occasioned by any person acting or refraining from action as a result of this material can be accepted by the authors or the firm.

Sign up to receive exclusive business insights

Join our community of industry leaders and receive exclusive reports, early event access, and expert advice to stay ahead – all delivered straight to your inbox.