Safeguarding is the requirement for payment institutions (PIs) and electronic money institutions (EMIs) to protect the funds they hold on behalf of customers. The rules ensure that, if a firm becomes insolvent, customer funds can be identified, separated from the firm’s own assets, and returned quickly. In the UK, safeguarding obligations are set out in the Payment Services Regulations 2017 (PSR 2017) and the Electronic Money Regulations 2011 (EMR 2011), and from 7 May 2026 under the new consolidated regime introduced through CASS 15 of the FCA Handbook.
Safeguarding requirements apply to all authorised payment institutions and authorised electronic money institutions operating in the UK. Small e-money institutions are also within scope. The rules apply whenever a firm holds funds received from payment service users in connection with a payment transaction, or funds received in exchange for electronic money issued by the firm. Firms must implement and maintain safeguarding arrangements from the point they begin holding relevant funds.
Firms have two main approaches to safeguarding available to them:
Relevant funds must be held in a designated safeguarding account with an authorised credit institution, or invested in secure, liquid assets such as qualifying money market instruments or government bonds held in a separate account. The funds must be kept separate from the firm’s own money at all times.
As an alternative to segregation, firms can cover relevant funds with an insurance policy or guarantee from an authorised insurer. The policy or guarantee must be for an appropriate amount, held independently of the firm, and accessible to customers in the event of insolvency.
The FCA’s Policy Statement PS25/12 introduces a consolidated safeguarding regime embedded in CASS 15 of the FCA Handbook. The new rules replace the safeguarding provisions currently set out in the PSR 2017 and EMR 2011 and significantly raise the standard expected of firms. Key changes are summarised below.
Firms must perform both internal and external safeguarding reconciliations on every reconciliation day (excluding weekends, UK bank holidays, and days when relevant foreign markets are closed). Reconciliations must follow a documented and consistent methodology, cover all relevant funds and accounts, and be completed to a D+1 standard. The FCA expects firms to evidence the design, implementation, and operating effectiveness of their reconciliation processes.
Firms that have safeguarded above £100,000 at any point over a rolling 53-week period must arrange an annual independent safeguarding audit with a statutory auditor. The audit must assess two things: whether the firm maintained adequate safeguarding systems throughout the audit period, and whether it was compliant at the period end. The first audit report must be submitted to the FCA within six months of the period end. For subsequent years, the deadline is four months.
Firms must submit a monthly safeguarding return to the FCA within 15 business days of each month end. The return covers the total safeguarding requirement, the method or methods used, reconciliation results, any shortfalls and their rectification, all breaches during the period, and details of safeguarding accounts, assets, and insurance or guarantee arrangements.
Firms must maintain a resolution pack — a living document that links to the firm’s current reconciliations, safeguarding account contracts, acknowledgement letters, and account information. The pack must be structured so that an insolvency practitioner can quickly identify and access relevant funds without relying on key personnel or internal systems.
Firms that have safeguarded above £100,000 at any point over a rolling 53-week period must arrange an annual independent safeguarding audit with a statutory auditor. The audit must assess two things: whether the firm maintained adequate safeguarding systems throughout the audit period, and whether it was compliant at the period end. The first audit report must be submitted to the FCA within six months of the period end. For subsequent years, the deadline is four months.
The Financial Reporting Council published interim guidance in March 2026 on safeguarding assurance engagements. The guidance aligns the audit methodology with principles from the FCA’s CASS Assurance Standard and introduces a more structured, controls-based approach to how safeguarding is audited.
Key developments from the FRC guidance include:
The guidance also recognises that the transition period from May 2026 to May 2027 involves overlap between the legacy safeguarding rules and the new CASS 15 framework. Firms may need to demonstrate compliance with both sets of requirements during this period.
In practice, many PIs and EMIs face similar difficulties in meeting safeguarding requirements:
We provide automated reconciliation, managed oversight, gap reviews, and a full audit readiness programme through our Macrobank platform.
