The FCA Safeguarding Deadline Is Approaching: What Payment and E-Money Firms Must Have in Place

As the implementation date for the FCA’s strengthened safeguarding regime approaches, many payment and e-money firms are moving from planning to execution.

At this stage, the question is no longer whether firms understand the requirements. It is whether their safeguarding arrangements are complete, operational and capable of withstanding regulatory scrutiny from day one.

The new regime, implemented through the CASS 15 safeguarding requirements and related Handbook changes, comes into force on 7 May 2026. By that point, firms should expect the FCA to assess safeguarding not as a theoretical framework but as a function that must work in practice, under pressure, and without relying on informal workarounds.

This final article in our series focuses on what firms must have in place before the FCA safeguarding deadline, where issues most commonly arise at this stage, and how to approach final readiness.

Safeguarding Requirements and FCA Rules for Payment Firms

If your firm is preparing for the FCA’s safeguarding deadline, now is the time to ensure your arrangements are complete, compliant and operational. C&G Regulatory Solutions supports payment firms and payment institutions with readiness reviews, safeguarding audit preparation, and ongoing compliance. Get in touch to discuss how we can help you meet FCA rules with confidence.

 

What “Compliance” Will Look Like in Practice

One of the risks for firms at this stage is assuming that safeguarding compliance is primarily a documentation exercise.

In practice, the FCA’s expectations are more demanding.

Firms should expect that, if reviewed, they will need to demonstrate:

• clear and well-understood safeguarding processes;
• accurate and up-to-date records of relevant funds;
• reconciliations that are consistently performed and evidenced;
• governance arrangements that provide effective oversight; and
• the ability to respond quickly and coherently in a stress or failure scenario.

In other words, safeguarding must be operationally embedded, not simply described.

 

Finalising Governance and Accountability

By the implementation date, firms should have clear ownership of safeguarding at senior management level, supported by appropriate reporting and escalation mechanisms.

In practice, this means:

• defined responsibility for safeguarding within the governance framework;
• regular management information on safeguarding performance and issues;
• Board-level visibility of key risks; and
• documented oversight and challenge where issues arise.

Where governance arrangements remain informal or fragmented, firms should expect this to be a focus of any supervisory engagement.

 

Ensuring Reconciliation and Record-Keeping Are Robust

Reconciliation and record-keeping are often areas where firms feel confident — but where weaknesses become apparent under detailed review.

By the deadline, firms should be able to demonstrate that:

• reconciliation processes are clearly defined, consistently applied and appropriately evidenced;
• discrepancies are identified, investigated and resolved in a timely manner;
• records accurately reflect the firm’s safeguarding position at any given point in time; and
• supporting documentation is sufficiently clear for a third party to understand without additional explanation.

The key test is whether safeguarding records would be usable in practice, particularly in a stressed or insolvency scenario.

 

Resolution Packs: From Documentation to Accessibility

Firms should now have developed and tested their safeguarding resolution packs.

At a minimum, resolution packs should:

• clearly describe safeguarding arrangements and methodologies;
• identify safeguarding accounts and locations of relevant funds;
• include reconciliation processes and supporting information; and
• provide sufficient detail to support the return of funds to customers.

Crucially, firms must also ensure that this information is readily accessible.

The FCA expects firms to be able to provide resolution pack information promptly, and in any event within 48 hours of a request. This requirement highlights the importance of not only producing documentation, but ensuring it is maintained, current and immediately retrievable.

 

Preparing for Ongoing Financial Reporting and Audit

The new regime introduces ongoing supervisory visibility through regular reporting and audit.

By the implementation date, firms should be confident that they can:

• produce accurate data for the monthly safeguarding return within the required timeframe;
• support that data with appropriate records and audit trails; and
• engage with the safeguarding audit process in a structured and informed way.

For many firms, this represents a shift from periodic review to continuous evidence of compliance.

 

Testing Safeguarding Arrangements in Practice

A common theme at this stage is the gap between documented processes and operational reality.

Firms should therefore consider whether they have:

• tested reconciliation processes end-to-end;
• validated the completeness and accuracy of safeguarding records;
• reviewed governance reporting and escalation processes; and
• assessed whether key individuals understand their roles in a safeguarding scenario.

In many cases, issues only become apparent once processes are actively tested, rather than reviewed on paper.

 

Where Firms Are Still Falling Short

Based on recent work with payment and e-money firms, a number of themes continue to emerge at the final stages of preparation:

• safeguarding processes that rely on key individuals rather than documented procedures;
• reconciliation processes that are not consistently evidenced;
• resolution packs that exist but are incomplete or not readily accessible;
• governance frameworks that do not provide meaningful oversight; and
• uncertainty around reporting and audit expectations.

These are not necessarily structural failures, but they can become material issues under regulatory scrutiny if not addressed before the FCA’s safeguarding deadline.

 

Taking a Structured Approach to Final Readiness

At this stage, the most effective approach for firms is often a focused readiness review, rather than further incremental changes.

This typically involves:

• assessing safeguarding arrangements against the full scope of the new regime;
• identifying gaps that would be visible to the FCA;
• prioritising remediation based on regulatory risk; and
• ensuring that changes are implemented in a controlled and well-documented way.

The objective is not simply to “complete implementation”, but to ensure that safeguarding arrangements are defensible, coherent and operationally sound.

 

Final Thoughts: Safeguarding Readiness, Monitoring and Reporting

The introduction of the FCA’s strengthened safeguarding regime represents a significant step change for the payments and e-money sector.

Firms that have approached implementation early and systematically are likely to find themselves in a strong position. Those who have delayed may find that what appeared to be a contained exercise requires more substantial remediation than anticipated.

In our experience, safeguarding is an area where issues are often well understood once identified — but identifying them early, and addressing them in a structured way, makes a material difference to both cost and outcome.

 

How We Help with Safeguarding Audits and Regulatory Guidance

C&G Regulatory Solutions supports payment and e-money firms with safeguarding compliance, readiness reviews and implementation planning.

If you would like an independent view on whether your safeguarding arrangements would withstand regulatory scrutiny under the new regime, we would be happy to discuss how we can assist. Contact us today.