We help UK payment institutions and electronic money institutions build and maintain FCA-compliant safeguarding arrangements. The service runs through Macrobank, our purpose-built safeguarding technology platform, and covers everything from automated daily reconciliation to full audit readiness.
From 7 May 2026, PIs and EMIs in the UK are subject to the new consolidated safeguarding regime under CASS 15 of the FCA Handbook. Firms must perform daily internal and external reconciliations, maintain a resolution pack, submit monthly regulatory returns to the FCA, and arrange an annual independent safeguarding audit.
Most firms are not set up for this level of rigour. Reconciliations are still carried out manually or on spreadsheets, documentation is inconsistent, and evidence is difficult to produce on demand. The FRC's March 2026 interim guidance raises expectations further, introducing a CASS-style controls-based assurance framework with explicit requirements around IT General Controls, breach logging, and audit traceability.
We deliver an integrated solution that replaces fragile manual processes with automated, audit-ready safeguarding infrastructure, and supports firms through oversight, gap reviews, and audit preparation.
Under CASS 15, firms must complete both internal and external safeguarding reconciliations on every reconciliation day. Reconciliations must follow a documented and consistent methodology, cover all relevant funds and accounts, and meet the D+1 segregation standard. The FRC guidance expects firms to demonstrate the design, implementation, and operating effectiveness of their reconciliation controls.
Firms safeguarding above £100,000 over any rolling 53-week period must appoint an independent statutory auditor to conduct an annual safeguarding audit. The audit must assess both whether adequate systems were maintained throughout the period and whether the firm was compliant at the period end. The first report must be submitted to the FCA within six months of the period end; subsequent reports within four months.
Firms must submit a monthly safeguarding return to the FCA within 15 business days of each month end. The return must cover the safeguarding requirement, the methods used, reconciliation results, any shortfalls and their rectification, breaches, and details of safeguarding accounts and assets.
The FRC's March 2026 interim guidance formally incorporates IT General Controls into safeguarding assurance. Firms must identify key systems and data flows, demonstrate the effectiveness of automated controls, and maintain a comprehensive breach log with no materiality threshold. All breaches identified during the period must be captured, tracked, and evidenced.
Firms must maintain a resolution pack — a live document containing current reconciliations, safeguarding account contracts, acknowledgement letters, and account information. It must be structured so that an insolvency practitioner can identify and access relevant funds quickly and without ambiguity.
Advapay delivers safeguarding as a service through Macrobank, combining a purpose-built reconciliation engine with specialist oversight, structured reviews, and a full audit readiness programme. We work with firms from initial gap analysis through to sustained, ongoing compliance.
The Macrobank technology layer replaces spreadsheet-based processes with automated daily reconciliations, real-time exception flagging, immutable audit trails, and board-ready management information. Firms move from reconstructing evidence for auditors to providing audit-ready data on demand. The platform is built with IT General Controls in mind, giving firms confidence that the technology infrastructure itself will withstand audit scrutiny.
On top of the platform, we offer a managed oversight service — including co-sourced and fully outsourced safeguarding delivery — where our team runs day-to-day reconciliation operations while the client retains regulatory accountability and board-level oversight. For firms preparing for an audit or FCA engagement, we conduct structured gap reviews and produce a RAG-rated remediation plan aligned to current FCA and FRC expectations. Our audit readiness programme prepares the full evidence pack, supports mock audit simulation, and liaises with the firm’s statutory auditor to reduce time, cost, and risk.
Depending on the service tier, the engagement includes some or all of the following:
We help you automate reconciliations, close compliance gaps, and get audit-ready — typically in 4–6 weeks.
