In the first article in this series, we explained the FCA’s new safeguarding regime for payment and e-money firms and how the introduction of CASS 15, together with related changes to the FCA Handbook, represents a significant change in regulatory expectations.

Firms should be assessing whether their existing arrangements would withstand detailed scrutiny once the new regime comes into force.

The implementation date of 7 May 2026 is fast approaching. It is important not to underestimate the work required to comply with the new rules. In our experience, safeguarding reviews frequently uncover operational, governance and documentation gaps that take time to address properly.

This article focuses on what firms should already be doing to prepare for the FCA’s strengthened safeguarding requirements, and the areas where weaknesses most commonly emerge.

If you would like support reviewing your arrangements against the FCA safeguarding requirements, our team regularly assists payment and e-money firms in preparing for regulatory change and supervisory scrutiny. Contact us today.

 

Understanding the Full Scope of the Safeguarding Regime

Although CASS 15 forms the core of the FCA’s new safeguarding framework, firms should recognise that the reforms extend beyond a single chapter of the Handbook.

The new regime also includes:

  • safeguarding resolution pack requirements;
  • a safeguarding audit framework; and
  • regular safeguarding reporting to the FCA.

Taken together, these changes represent a more structured and supervisory-focused safeguarding regime. Firms will need to demonstrate that appropriate safeguarding arrangements are well governed, properly documented and capable of operating effectively under stress.

 

How Firms Should Conduct a Safeguarding Gap Analysis

The first practical step for most firms is a structured gap analysis comparing existing arrangements with the FCA safeguarding requirements under the new regime.

Many firms assume their current arrangements are broadly compliant because they have historically satisfied safeguarding obligations under the Payment Services Regulations or Electronic Money Regulations. However, the FCA’s supervisory work has repeatedly shown that firms’ understanding of their own safeguarding frameworks is often incomplete.

A thorough gap analysis should examine:

  • how relevant funds are identified and segregated;
  • the operation and frequency of internal and external reconciliations;
  • governance and oversight arrangements for safeguarding;
  • documentation supporting safeguarding processes; and
  • how safeguarding arrangements would operate if the firm entered insolvency.

Firms should also ensure that their safeguarding framework accurately identifies funds received in connection with a payment transaction and applies the correct safeguarding treatment.

This exercise often reveals issues that have developed gradually over time, particularly where safeguarding processes have evolved alongside rapid business growth.

 

Strengthening Governance and Senior Management Oversight

Firms should already be considering whether safeguarding responsibilities are clearly allocated and properly understood within the organisation. In practice, this means ensuring that:

  • responsibility for safeguarding is clearly defined within the governance framework;
  • senior management receive regular and meaningful safeguarding reporting;
  • safeguarding risks are considered within broader risk management processes; and
  • the Board has sufficient visibility of safeguarding arrangements and potential weaknesses.

Where safeguarding has historically been treated as an operational or finance function, firms may need to revisit how oversight is structured.

 

Reviewing Reconciliation Processes for Safeguarded Funds and Record-Keeping Arrangements

Reconciliation and record-keeping remain central to the safeguarding framework, but the new regime places greater emphasis on accuracy, timeliness and auditability.

Firms should ensure that their reconciliation processes are clearly documented and consistently applied. This includes confirming that:

  • internal and external reconciliations are performed in line with regulatory expectations;
  • discrepancies are identified and resolved promptly;
  • records clearly demonstrate how relevant funds are calculated and safeguarded; and
  • documentation would allow a third party to understand the firm’s safeguarding position without relying on institutional knowledge.

In many cases, the underlying reconciliation processes are broadly sound, but documentation and evidential trails are weaker than the FCA would expect.

 

Building and Maintaining Safeguarding Resolution Packs

The purpose of the resolution pack is to ensure that, if a firm fails, an insolvency practitioner can quickly identify where safeguarded funds are held and how those funds should be returned to customers.

Safeguarding arrangements are designed to ensure that customer funds remain protected and are not available to other creditors in the event of insolvency.

Firms should therefore be developing documentation that clearly sets out:

  • the firm’s safeguarding methodology;
  • the location of safeguarding accounts;
  • reconciliation processes and supporting records; and
  • key operational contacts and system dependencies.

The FCA expects firms to be able to provide resolution pack information to an insolvency practitioner or the regulator promptly, and in any event within 48 hours of a request. This expectation alone means that resolution packs must be kept up to date and readily accessible.

 

Preparing for Safeguarding Reporting and New Audit Requirements

The new regime introduces enhanced supervisory visibility over safeguarding arrangements.

In particular, firms should be preparing for:

  • monthly safeguarding returns to the FCA; and
  • the introduction of a formal safeguarding audit framework.

These changes reflect the FCA’s desire to monitor safeguarding arrangements more closely and identify weaknesses earlier. Firms will therefore need to ensure that safeguarding data can be produced reliably and that supporting documentation is robust enough to withstand independent review. This documentation should also be capable of supporting formal scrutiny by an independent auditor as part of the new safeguarding audit framework.

For some firms, this will require improvements to internal systems, reporting processes and management information.

 

Moving from Safeguarding Policies to Demonstrable Compliance

A recurring theme in the FCA’s supervisory work has been the gap between documented safeguarding policies and operational reality.

Under the new regime, firms should assume that the FCA will expect safeguarding arrangements to be demonstrable in practice. Policies and procedures must be supported by clear operational processes, well-maintained records and effective oversight.

In preparing for the new regime, firms should be testing whether existing arrangements genuinely work as intended.

 

Planning Implementation of the New FCA Safeguarding Requirements

Firms that have not begun preparation should consider doing so as an immediate priority.

In our experience, firms that delay preparation often end up addressing safeguarding issues reactively, under tighter timelines and increased supervisory engagement, rather than through a planned and proportionate implementation.

Early planning allows firms to identify and address weaknesses in a controlled way, reducing the risk of disruption once the new regime comes into force.

 

Looking Ahead: Preparing for the New Safeguarding Rules

In the final article in this series, we will examine what firms must have in place before the new safeguarding regime takes effect, including the practical steps required to ensure operational readiness and avoid last-minute remediation.

If you would like to discuss how the new safeguarding requirements may affect your firm, or require support with safeguarding compliance, C&G regularly advises payment and e-money firms on FCA expectations in this area. Contact us today.