The regulator is introducing a significant overhaul of the FCA safeguarding regime for UK payment institutions and electronic money institutions through the new CASS 15 chapter of the FCA Handbook.
In practice, this will require many firms to revisit safeguarding arrangements they have relied on for years. For some, the changes will be relatively contained. For others, it will expose weaknesses that the FCA has made clear it is no longer prepared to tolerate.
These reforms reflect a shift in regulatory expectations around how safeguarding compliance should operate day to day, and how firms can demonstrate that it will work in a period of stress or firm failure.
This article is the first in a three-part series and focuses on what CASS 15 is, why the FCA is introducing it, who it applies to, and the headline changes firms need to understand now.
If your firm needs help interpreting the new rules, our team offers practical FCA safeguarding compliance support tailored to your operational needs.
Why the FCA Is Reforming the Safeguarding Regime
Safeguarding has long been a core regulatory obligation for payment and e-money firms. However, the FCA has become increasingly vocal about the existing regime not delivering the outcomes it expected, particularly when firms have entered administration or insolvency.
In recent supervisory work, the FCA has identified several recurring issues, including:
- inadequate segregation of relevant funds;
- weak or inconsistent reconciliation practices;
- insufficient senior management oversight;
- limited or ineffective resolution planning; and
- records that are not usable in an insolvency scenario.
These failings have caused consumer harm, delays in returning funds, and significant operational challenges for insolvency practitioners.
The FCA intends to address these issues by bringing safeguarding requirements into a dedicated chapter of the CASS sourcebook, aligning expectations more closely with the outcomes seen in the client assets regime for investment firms. At the same time, the FCA has sought to ensure the rules remain proportionate to the payments and e-money sector.
What Is CASS 15?
CASS 15 is a new chapter of the FCA Handbook that will replace the existing safeguarding provisions currently set out in the Payment Services Regulations 2017 and the Electronic Money Regulations 2011, as supplemented by FCA guidance.
It establishes a single, consolidated safeguarding regime for payment institutions and electronic money institutions, covering:
- governance and accountability;
- safeguarding arrangements and methods;
- reconciliations and record-keeping;
- reporting and notifications;
- audit and assurance; and
- resolution planning.
Many of the underlying principles will be familiar. However, CASS 15 introduces greater structure, prescriptiveness and evidential expectations, particularly around how firms demonstrate compliance on an ongoing basis.
CASS 15 sits alongside related changes to other parts of the FCA Handbook, including new and amended requirements for resolution packs, safeguarding audits and safeguarding reporting.
Firms will be expected to show that safeguarding works in practice, not merely that policies exist on paper.
Which Firms Are in Scope of the CASS Sourcebook Changes and Safeguarding Regime?
The new FCA safeguarding rules apply to:
- authorised payment institutions (APIs);
- authorised electronic money institutions (EMIs); and
- certain small payment institutions and registered account information service providers where they elect, or are required, to apply the regime.
The rules apply to “relevant funds”, broadly defined as funds received from, or for the benefit of, payment service users or e-money holders that must be safeguarded.
Firms that currently safeguard under the existing regime should not assume that “business as usual” will be sufficient. The FCA has been clear that meeting the spirit of safeguarding is no longer enough, firms must be able to evidence compliance with the clearly defined rules.
The regime does not apply to firms that solely provide payment initiation services or account information services and do not receive or hold relevant funds.
Key Changes Introduced by New FCA Safeguarding Rules
While the detailed obligations will be explored in later articles, several themes are worth highlighting at this stage.
Clearer Governance and Accountability
CASS 15 places greater emphasis on senior management responsibility for safeguarding arrangements. Firms will be expected to demonstrate:
- clear allocation of responsibility;
- effective oversight and challenge; and
- sufficient understanding at Board and senior management level of how safeguarding operates in practice.
This approach aligns with the FCA’s broader focus on governance, accountability and the Senior Managers and Certification Regime.
Enhanced Reconciliation and Record-Keeping
The new regime introduces more prescriptive requirements around:
- internal and external reconciliations;
- timing and frequency; and
- the maintenance of accurate, up-to-date records.
Crucially, records must be capable of being relied upon in a resolution or insolvency scenario, not merely for day-to-day operational purposes.
Resolution Packs
One of the most significant safeguarding rule changes is the requirement for firms to maintain a safeguarding resolution pack. The purpose of the resolution pack is to ensure that, if a firm fails, an insolvency practitioner can quickly identify:
- where relevant funds are held;
- how much is owed to customers; and
- how those funds can be returned.
The FCA expects firms to be able to provide resolution pack information to an insolvency practitioner or the regulator promptly, and in any event within 48 hours of a request.
For many firms, this will require new documentation, clearer ownership, and stronger governance oversight than currently exists.
Reporting, Notifications and Assurance
The FCA also introduces enhanced reporting expectations and formalises the role of auditors in providing assurance over safeguarding arrangements.
Firms should expect:
- increased interaction with the FCA on safeguarding matters;
- a formal monthly safeguarding return to the FCA;
- closer scrutiny of breaches and incidents; and
- a lower tolerance for informal or poorly evidenced controls.
Implementation Timeline
The new safeguarding rules will come into force on 7 May 2026, subject to transitional arrangements set out by the FCA.
While this date may appear some way off, firms should be under no illusion about the scale of work involved. Governance changes, documentation updates and systems enhancements all take time, particularly where safeguarding has historically been treated as a secondary operational function.
Early planning enables firms to implement safeguarding changes in a controlled and cost-effective manner, rather than responding to issues once regulatory scrutiny intensifies.
For tailored FCA safeguarding help, firms should consider external expertise to support their transition and avoid compliance gaps.
What Firms Should Be Thinking About Now
At this stage, firms should be assessing whether their existing arrangements would meet the FCA’s new expectations for safeguarding compliance, and in particular whether those arrangements would withstand detailed regulatory scrutiny:
- ensuring senior management understands what is changing and why it matters;
- assessing whether existing safeguarding arrangements would withstand detailed FCA scrutiny;
- identifying gaps between current practice and the new requirements; and
- planning a structured, resourced approach to implementation.
For firms that are already part-way through their safeguarding preparations, the next question is whether enough has been done.
If you would like to discuss how CASS 15 applies to your firm, or require support with readiness assessments, governance reviews or safeguarding frameworks, C&G Regulatory Solutions regularly advises payment and e-money firms on FCA safeguarding compliance support.
