FCA finalises safeguarding reforms

On 7 August 2025, the Financial Conduct Authority (FCA) published its long-awaited policy statement (PS25/12), confirming sweeping changes to the safeguarding regime for payments and e-money firms.

These reforms mark a significant shift in how firms must protect consumer funds, with implications for governance, legal structuring and operational resilience.

The FCA’s finalised rules introduce a two-stage approach to reforming the safeguarding framework:

These strengthen existing requirements under the Payment Services Regulations (PSRs) and Electronic Money Regulations (EMRs), and focus on improved record keeping, reconciliations and monthly regulatory reporting

The rules and associated amendments to the FCA’s approach document will come into force on 7 May 2026.

The FCA will replace the current regime with a CASS-style framework, requiring firms to hold relevant funds on trust for consumers. This statutory trust model aligns with the Financial Services and Markets Act 2023 and is designed to ensure consumer funds are returned quickly and cost-effectively in the event of firm failure.

The FCA’s policy statement has confirmed that the new rules will apply to: 

• Authorised payment institutions (except payment institutions that solely provide payment initiation services or account information services)
• Authorised e-money institutions
• Small e-money institutions
• Credit unions that issue e-money in the UK 

• Firms must maintain accurate, timely and complete records of safeguarded funds
• Clear segregation between firm and customer funds is required
• Reconciliation processes must be robust and frequent to ensure the correct amount is safeguarded
• Firms must implement and maintain a resolution pack

• The rules introduce a requirement for monthly safeguarding returns to the FCA, detailing fund balances and safeguarding account providers, with the aim of allowing the FCA to identify shortfalls and intervene early
• Firms must report on the diversification of safeguarded funds across institutions
• There are additional requirements to allocate responsibility for compliance with safeguarding rules to an individual within the firm
• The rules tighten FCA requirements for who can perform safeguarding audits. These stipulate that they must be performed by “qualified auditors”, to ensure consistency in audit quality. The term “qualified auditors” is defined by the Companies Act 2006 requirements
• Safeguarding audit requirements have been extended to all payment firms, except for:

1. Payment initiation service providers (PISPs)
2.  Small payment institutions (SPIs)
3. Credit unions that issue e-money
4. Firms qualifying for a new exemption – specifically, those that have not been required to safeguard more than £100,000 of relevant funds at any time during a continuous 53-week period

• Firms must conduct due diligence on safeguarding account providers (e.g., banks and custodians)
• Policies and procedures for safeguarding must be documented and consistently applied
• Firms should ensure appropriate diversification to mitigate concentration risk
• Payments firms must consider diversifying the third parties they use to hold, deposit, insure or guarantee safeguarded funds, and conduct enhanced due diligence on those arrangements
• Where safeguarding is achieved through insurance or a comparable guarantee, firms must meet stricter requirements and implement additional protections to ensure the effectiveness of those measures

These proposed rules will replace the EMRs and PSRs safeguarding requirements with a new framework aligned with the Client Assets Sourcebook (CASS), commonly used in investment firms. This transition is enabled by the Financial Services and Markets Act 2023.

However, in light of the high volume of feedback to the initial consultation, the policy statement commits the FCA to a review of how the supplementary regime progresses. The FCA will only then determine if it proceeds with the post-repeal regime, as proposed, or whether changes need to be made to the relevant rules. Nonetheless, it is worth considering what the regulator’s current intentions are from the consultation paper for this post-repeal regime, and what the impact may be:

Payments firms must segregate relevant funds by ensuring they are received directly into appropriately designated accounts at approved banks, except when processed via an acquirer or a payment system account. Agents and distributors may only receive relevant funds if the principal firm safeguards an equivalent amount in designated safeguarding accounts to cover the expected holdings of those agents or distributors.

With the statutory trust arrangement, relevant funds must be held on trust for consumers. This provides legal priority in insolvency, with additional details provided as to the specific obligations and when these arise.

Consumer funds will form part of a protected asset pool. Claims from e-money holders and payment service users will have priority over other creditors.

Firms must adopt segregation, reconciliation and governance practices similar to those in the investment sector. Enhanced documentation and oversight will be required to demonstrate compliance. Likewise, boards and senior management will be expected to take greater ownership of safeguarding arrangements.

The FCA’s reforms are a clear signal of its intent to raise standards and protect consumers in the payments and e-money space. Firms that act early will not only reduce their compliance risk but also position themselves as trusted providers in a more demanding regulatory environment.

These changes are not just technical adjustments; they represent a fundamental shift in how safeguarding is understood and operationalised. Firms will need to:

• Review and update internal policies, systems and controls
• Ensure legal documentation and trust arrangements are compliant
• Train staff and embed new governance practices
• Prepare for increased regulatory scrutiny and reporting obligations

At S&W, we’re already supporting clients in navigating these changes. Our regulatory consulting team offers:

• Safeguarding health checks, assessing current practices against the new requirements
• Implementation support, helping firms transition to the model, supporting to build safeguarding frameworks and meet reporting obligations
• Governance advisory, strengthening board oversight and internal controls
• Training and awareness, delivering tailored training sessions to ensure staff understand the updated safeguarding obligations and how to apply them in practice

Whether you’re a payments or e-money firm looking to strengthen your safeguarding arrangements or preparing for increased regulatory scrutiny following the FCA’s latest policy statement, we’re here to help.

We support firms in implementing both interim and end-state safeguarding requirements, ensuring you have the right expertise at every stage.