Safeguarding Regime Changes: Summary of Changes

Changes to the safeguarding regime for payments and e-money firms

The FCA are strengthening the safeguarding regime to address weaknesses in firms’ current safeguarding practices.

These changes to the Supplementary Regime, and related amendments to the Approach Document, will come into force on 7 May 2026. Before then, firms need to familiarise themselves with the new rules and guidance and establish systems and controls to meet the new requirements.

These changes aim to better protect customers of payments and e-money firms that fail, by reducing shortfalls in client funds and ensure funds are returned to customers as quickly as possible if a firm fails.

They will also make it easier for the FCA to identify and intervene in payment firms that do not meet our safeguarding expectations.

Summary of the Changes

When safeguarding starts and ends

The obligation to safeguard relevant funds starts as soon as the funds are received by the institution, including on receipt of cash.

E-Money Institutions are required to safeguard unclaimed relevant funds for at least 6 years.

Where it is evidenced that a foreign exchange transaction is carried out independently of any payment services, those funds do not have to be safeguarded.

Improved Books and Records

Record Keeping

The FCA has added guidance to clarify that payments firms may use data that is received from third parties for the purpose of creating and maintaining their internal records, where no other method is reasonable.

Daily Reconciliations

Reconciliations are required at least once each reconciliation day. Reconciliation days exclude weekends, bank holidays and days on which relevant foreign markets are closed.

Payments firms are required to maintain records and accounts to enable them, at any time and without delay, to distinguish between relevant funds and other funds. These records and accounts must be separate to the reconciliation requirements.

Relevant funds received in respect of e-money must be safeguarded separately from those received for unrelated payment services. There must also be separate safeguarding reconciliations for each.

External reconciliations are only required to be carried out on reconciliation days. Where possible, the records and accounts used for the external and internal safeguarding reconciliation should relate to the same point in time. Where they cannot be aligned, policies and procedures should cover how the firm will ensure the external safeguarding reconciliations will achieve their purpose.

The requirement to make and retain records of the decision on the frequency of external safeguarding reconciliations has been removed.

Notification of Breaches

Firms must notify the FCA in writing and without delay if:

• Their internal records are materially out of date, inaccurate or invalid.
• They will be unable to perform an internal or external reconciliation.
• They will be unable to remedy a discrepancy in their reconciliations.
• At any time in the previous year, there was a material difference or discrepancy between the amount of relevant funds they were safeguarding and the amount they should have been safeguarding.

The FCA has not defined ‘materiality’ for the notification requirements or provided additional guidance on when a payments firm’s failure to comply with a specific requirement is material as this needs to be assessed by the firm on a case-by-case basis.

The FCA has not provided additional guidance on the timing of notifications and refers payments firms to the guidance in paragraph 4.8 of its Approach Document regarding notification of changes in a firm’s circumstances, which states that it generally considers ‘without undue delay’ to mean within 28 days of the change occurring at the latest.

Resolution Pack

Firms must maintain a CASS Resolution pack to provide the necessary information to assist an insolvency practitioner in returning relevant client funds. This must include a master document detailing the contents of the pack as well as how to access all the other documentation and information.

Any systems needed by the insolvency practitioner, including those needed to provide the Resolution pack documentation, must be accessible after insolvency and arrangements must be in place to ensure this access.

Firms must be able to retrieve initial documentation immediately and full pack within 48 hours when required (under circumstances prescribed in CASS 10A.1.7R.)

Enhancing Monitoring and Reporting

Safeguarding Audits – Full details TBC

Firms must arrange and submit annual audits of their safeguarding compliance, carried out by a qualified auditor.

Full details of audit standard, scope and auditors have yet to be confirmed by the FCA and FRC.  The FCA are working closely with the FRC on the introduction of an auditing standard.

A payments firm can choose whether it wishes to align its audit period to its financial year end.

When an audit period covers a date when new rules came into force, auditors will need to assess payments firms against the rules that were in place at the time.

Thresholds and Exclusions

Firms not needing to safeguard more than £100,000 at any time over a period of at least 53 weeks, do not have to arrange a safeguarding audit, however the FCA states voluntary audits may help ensure they meet their obligations.

It has also removed the requirement for a limited assurance audit for payments firms holding no relevant funds.

Monthly Regulatory Return

Firms must submit a Monthly Regulatory Return within 15 business days of the end of each calendar month.

The proposed return will be amended:

• to reflect the comparison of the D+1 Segregation Requirement against the D+1 Segregation Resource (i.e. the amount that should be held against the amount actually held).
• To confirm that firms have undertaken at least one internal and external safeguarding reconciliation each reconciliation day (rather than requesting the number performed).
• To include guidance on the exchange rate that should be used for conversions

Strengthening Elements of Safeguarding

Diversification and Due diligence with Relevant 3rd Parties

Payments firms are required to periodically review whether diversification of third parties is appropriate i.e. third parties with which it deposits, holds, invests, insures or guarantees some or all the relevant funds it is required to safeguard.

The review should include whether it would be appropriate to:

• Deposit relevant funds with bank accounts opened at several different approved banks.
• Limit the risk in respect of third parties that are in the same group as each other.

The firm should consider:

• whether risks arising from the safeguarding institution’s business model create any need for diversification (or further diversification);
• the market conditions at the time of the review;
• the outcome of any due diligence carried out in accordance with CASS 15.6.1R; and
• the arrangements referred to in CASS 15.2.1R (Protection of relevant funds) i.e.:
  A safeguarding institution must, when holding relevant funds, maintain adequate arrangements to safeguard the client’s rights and prevent the use of relevant funds for its own account.

The frequency of the review will depend on the type of firm and third party in question.

Insurance Policies

If insurance policies or guarantees are used:

• There must be no condition or restriction on the prompt paying out except certification of an insolvency event.
• Firms must assess whether there would be any increase in operational risk from using this method, including whether restrictions on access to funds held outside a safeguarding account could adversely impact the institution’s short-term liquidity
• No later than 3 months before the insurance policy or guarantee expires, payments firms must:
  • Decide whether it intends to continue using the insurance or guarantee method and notify the FCA.
  • If a firm does not have a replacement or renewal in place, it must submit a plan covering how it will move to the segregation method
  • If a firm cannot safeguard all relevant funds through segregation, it should consider its financial position, including whether it is appropriate to make a claim before the cover lapses (by placing the firm into a process under the PESAR or the Insolvency Act 1986) and keep the FCA informed at all stages.

Expected Outcomes

The FCA is hoping that its changes to the safeguarding regime will address weaknesses in the current safeguarding approach and make sure:

• Payments firms hold funds received in exchange for issued e-money or to execute a payment transaction safely and securely, at all times, or make sure they are covered by an appropriate insurance policy or comparable guarantee.
• The right amount of funds is segregated from the payment firm’s own funds.
• The claims of e-money holders or payment service users can be met from the safeguarded asset pool.
• Relevant funds can be returned to customers as quickly and fully as possible if a payments firm fails or decides to wind down and exit the market.

Measuring success

The FCA will be using the following measures to assess the success of the changes:

• Over time, there is a decline in the percentage of shortfalls of relevant funds held by failed payments firms which are driven by non-compliance with safeguarding requirements. This should increase the amount of money returned to consumers.
• There is a decline in supervisory cases relating to deficient safeguarding, with fewer formal interventions – such as restrictions being imposed based on failures to comply with safeguarding requirements. While this number may rise in the short term, the FCA ultimately expects the number to fall due to better safeguarding practices, through addressing issues raised in audits and more targeted supervisory responses informed by enhanced reporting.

Next Steps

The changes will come into force on 7 May 2026. Before then, firms need to familiarise themselves with the new rules and guidance and establish systems and controls to meet the new requirements.

The full document can be found at  https://www.fca.org.uk/publication/policy/ps25-12.pdf

We will also be posting additional information for firms, including further details on the Resolution Pack, Audits and Reconciliations as well as feedback from our consultants over the coming weeks.

How Neopay can help

At Neopay, we understand that regulatory change can be complex and time-consuming — especially when it impacts critical areas like safeguarding. Our team of experts can help you assess the impact of the new regime on your business, implement robust systems and controls, and prepare for new requirements such as annual safeguarding audits and enhanced reporting. We offer practical, tailored support that ensures your safeguarding arrangements are compliant, effective, and future-proof. Whether you need help with policies, reconciliation processes, Resolution Pack creation, or training your staff on the new rules, Neopay is here to guide you every step of the way — so you can move forward with clarity and confidence.

Contact our team to find out how we can support your business.