Blog

Safeguarding for e-money and payments firms is changing – FCA’s CP24/20 

8th August 2025
12 min read

The payments and e-money sector has been waiting for clarity on the future of safeguarding, and at the end of 2024 we received it. The FCA’s Consultation Paper, CP24/20, signals the most significant overhaul of the regime to date, driven by some worrying statistics: between 2018 and 2023, insolvent payment firms had an average 65% shortfall in safeguarded funds, and the FCA has opened cases into 15% of all safeguarding firms due to serious concerns.

This consultation applies to all authorised payment institutions (APIs)*, e-money institutions (EMIs), and credit unions issuing e-money. For these circa 630 firms, the message is clear: the current regime is not fit for purpose, and a wholesale shift to a CASS-style framework is coming.

*Small APIs have the option to opt in.

The FCA is proposing a two-stage implementation: an ‘interim state’ to quickly address the most pressing compliance issues, followed by an ‘end-state’ where the existing rules are fully replaced.

The interim state 

The first stage is designed to shore up the existing framework with more prescriptive rules and give the FCA greater visibility and power to intervene. The proposals will be implemented via a new chapter in the CASS sourcebook, CASS 15, and will introduce requirements for a CASS-style resolution pack under CASS 10A.

Key features of the interim proposals include:

  • Improved Books and Records: This is arguably the biggest change. Firms will be required to:
    • Maintain records to distinguish relevant funds (the name for client money in CASS 15) at any time, without delay.
    • Perform internal reconciliations each business day, with any discrepancies to be resolved on the same day.
    • Perform external reconciliations with third-party records each business day.
    • Notify the FCA of various issues, including any failure to perform a reconciliation.
  • Enhanced Monitoring: A new monthly regulatory return covering safeguarding arrangements will be required.
  • Strengthened Practices: The rules will set out the need for diversification when selecting where to hold safeguarded funds and enhance the due diligence requirements on those third parties.

The new safeguarding audit

Contact us

A major change in the interim state is the introduction of a mandatory annual safeguarding audit report. My key takeaways are:

  • Auditor Qualification: The report must be provided by a statutory auditor qualified under the Companies Act 2006, as set out in the new SUP 3A. In my experience the existing safeguarding work is not being carried out by statutory auditors.
  • Reporting Period: The audit will cover a period of no more than 53 weeks and must be submitted to the FCA within 4 months of the period end.
  • Report Format: Annex C of the paper provides a template, which is very similar to the existing CASS audit opinion. However, it notably requires a single opinion covering the whole period, rather than separate opinions ‘throughout the period’ and ‘at the period end’. I believe this will be a significant new undertaking for all firms in scope, many of whom have never been subject to this level of scrutiny.

Contact us

The end state

The long-term plan is to replace the safeguarding sections of the PSRs and EMRs entirely with a CASS-style framework under which all relevant funds are held in a statutory trust.

Key features of the end-state proposals include:

  • Direct Receipt of Funds: The rules will mandate that relevant funds are received directly into a designated safeguarding account.
  • Statutory Trust: This is the key change in the end-state. The obligation to safeguard begins the moment a firm is entitled to the funds (including funds held with an acquirer).
  • Insurance: While using insurance as a safeguarding method remains possible, the requirements will be much stricter. Policies must have no conditions on pay-out (other than an insolvency practitioner being appointed) and the proceeds must be paid into a safeguarding account, meaning firms will need these accounts regardless.

An icon of a magnifying glass looking at a graph.

Next steps

The FCA has proposed transitional periods of 6 months for the interim rules and 12 months for the end-state rules, starting from when the final policies are published. This is not a lot of time to prepare for such fundamental changes.

Firms should be taking immediate action:

  • Speak to the experts: Discuss the requirements with you compliance consultants to understand how the new rules may impact your firm. 
  • Conduct a Gap Analysis: How do your current reconciliation processes stand up against a daily requirement? Do you have the systems to produce a CASS resolution pack? 
  • Engage with Auditors: If you don’t already have a statutory auditor, you need to start conversations now. The market for CASS auditors is already under pressure, and capacity will be a real issue. 

A final note

I believe this is the most significant change to the payments landscape in a long time. While the goal of enhanced consumer protection is absolutely right, the operational burden on the firms required to safeguard will be immense.  

The FCA have not given firms a lot of time to make any changes necessary, the policy statement was due in the first 6 months of 2025, at the time of writing we are passed this time, though I would expect that another 3 months is about the most that will be added.  

There will be challenges on all sides when it is formally released, we hope the FCA will show some leniency over the early years of the new rules, however they should not hesitate to prevent firms from ceasing to act where there is a significant risk to relevant funds. Therefore it is imperative that impacted firms are ensuring they are able to meet the requirements as soon as possible. 

Contact Our Experts

Partner

Mike Ayres

Get in touch

Back to Insights