The FCA has introduced a major change to safeguarding oversight for UK payments and e-money firms.
Starting 7 May 2026, firms safeguarding customer funds must complete the new monthly regulatory return, REP027. The FCA has released the technical schema, enabling firms to prepare for the first submission deadline on 21 July 2026.
This new return marks a shift toward continuous regulatory oversight of safeguarding practices.
REP027 overview
REP027 is a dedicated monthly safeguarding return, submitted via the FCA’s RegData platform.
Introduced under the FCA Handbook (SUP 16) and updated safeguarding requirements in CASS 15, REP027 provides the regulator with more frequent and detailed insight into how firms protect customer funds.
Previously, safeguarding data was included in broader regulatory submissions and reviewed annually. REP027 now requires monthly reporting, enabling the FCA to identify issues sooner.
In scope firms
The new reporting requirement applies to firms that safeguard relevant funds under the Payment Services Regulations (PSRs) or Electronic Money Regulations (EMRs), including:
- Authorised Payment Institutions (APIs)
- E-Money Institutions (EMIs)
- Small Payment Institutions (SPIs) that have opted in
- Small E-Money Institutions (SEMIs) that have opted in
Firms that have voluntarily opted into safeguarding will also be required to submit REP027.
Submission timelines and practical challenges
REP027 must be submitted within 15 business days of each month-end.
The first submission:
- Covers June 2026 activity
- Must be filed by 21 July 2026
This introduces a new operational challenge, as the reporting window coincides with month-end processes and requires teams to gather and validate data from multiple sources within a short timeframe.
REP027 content and requirements
REP027 is more detailed than previous returns and follows a structured, section-based format similar to CASS-style reporting.
Not all sections apply to every firm, so understanding the structure is essential for effective preparation.
Core sections (applicable to most firms)
Section 1 – Firm details
Basic firm information, including safeguarding classification and details of the most recent safeguarding audit.
Section 2 – Safeguarding approach
The safeguarding method(s) used during the period (e.g. segregation, insurance or guarantee), along with supporting information such as number of clients and reconciliation approach.
Section 3 – Safeguarding balances
The highest and lowest safeguarding requirements recorded during the reporting period.
Section 4 – Where funds are held
Details of safeguarding arrangements, including:
- Institutions and account types
- Jurisdictions
- Insurance or guarantee providers (where relevant)
Section 5 – Resource vs requirement
A comparison between what should have been safeguarded and what was actually safeguarded, including any excesses or shortfalls and actions taken.
Section 6 – D+1 checks
Reporting on D+1 segregation compliance based on the most recent internal reconciliation.
Section 7 – Reconciliations
Confirmation that internal and external reconciliations were carried out as required throughout the period.
Section 8 – Record keeping
Details of safeguarding accounts, including account movements and the status of acknowledgement letters.
Section 9 – Notifiable breaches
Any reportable issues, such as reconciliation failures, record-keeping errors or safeguarding shortfalls.
Section 10 – 17 (if applicable)
Firms providing unrelated payment services or operating under specific models may need to complete additional sections (Sections 10–17), which extend the same level of detail to those activities.
Preparing for REP027
REP027 introduces a new reporting cadence for the sector.
Most FCA returns are submitted quarterly or annually. Monthly reporting requires greater coordination and control.
Safeguarding data is rarely held in one place. It typically spans:
- Finance systems
- Operational processes
- Compliance records
Compiling this information each month within a limited timeframe will require well-defined processes and clear team ownership.
With the first submission deadline approaching, firms should begin preparations now.
Key areas to focus on include:
Confirm your scope
Determine whether safeguarding applies and which sections of the return are relevant.
Map your data sources
Identify where required data resides in your systems, especially account-level data and reconciliations.
Build a repeatable process
Monthly reporting requires consistent processes rather than a one-time effort.
Plan for deadlines
Ensure internal processes align with the 15-business-day submission window.
Manual vs automated reporting
With the FCA’s XML schema now available, firms can develop more efficient reporting processes.
Manual data extraction and submission may work initially, but is unlikely to be sustainable due to:
- The volume of data required
- The frequency of reporting
- The tight submission window
Over time, many firms will need to implement automated data extracts or integrations to reduce operational burden and risk.
How Neopay can support
REP027 presents both operational and compliance challenges for firms.
Neopay supports payment and e-money institutions with:
- Safeguarding framework reviews and gap analysis
- Support in designing or streamlining reporting processes
- Practical assistance with ongoing reporting
- Ongoing compliance support through our Virtual Compliance Service (VCS)
- Training on the new safeguarding rules and REP027 reporting requirements
Establishing a robust approach early will help firms meet REP027 requirements and strengthen overall safeguarding controls.
Firms that prepare early, build efficient processes, and maintain strong data governance will be best positioned to meet FCA expectations and reduce the operational strain of monthly reporting.
If you would like to discuss how REP027 may affect your business, please contact the Neopay team.
