FCA Cracks Down on Payment Firms with Toughest Safeguarding Rules Yet  

The Financial Conduct Authority has delivered its strongest response yet to mounting consumer protection and safeguarding failures in the payment firms sector, publishing sweeping new safeguarding rules that will fundamentally change how firms protect customer money. While CASS rules primarily apply to investment firms, the regime is now being expanded to include payments and e-money institutions. 

Why We Think This Was Inevitable 

We’ve observed risks in the sector increasing in recent years. According to FCA data (see Consultation Paper 24/20), when payments firms collapsed between Q1 2018 and Q2 2023, customers had an average shortfall of 65% on failure. With e-money institutions now safeguarding £26bn of customer funds (up from £11bn in just three years), the data highlighted risks that necessitated action. 

12% of UK consumers now have a payment account with a payments firm, with one in ten of e-money holders using an e-money account for their daily banking, often assuming that their money has the same protections as a traditional bank account. When these firms fail, customers face not just financial losses but often suffer major delays to recover what little remains of their funds. In some cases, these delays have lasted years. 

The new requirements 

The FCA has introduced a comprehensive overhaul of safeguarding rules and includes the following: 

Daily Reconciliation Becomes Mandatory: Each reconciliation day, firms must now reconcile their safeguarding accounts at least once each day, except weekends, public holidays and days when relevant foreign markets are closed. We expect this alone will mean major changes for many firms who have relied on weekly or monthly checks. 

Annual Audit Enforcement: Most payments firms must now arrange annual safeguarding audits conducted by qualified auditors, not compliance consultants. The FCA has thrown smaller firms a lifeline with a £100,000 threshold exemption. For the first reporting cycle, the firm’s auditor has six months for the first submission, then four months thereafter. 

Monthly Reporting Surveillance: The FCA wants much greater visibility of the sector. Firms must submit detailed monthly returns setting out their safeguarding arrangements. The return is due 15 business days after each month-end, giving the regulator early insight into emerging risks. 

Crisis-Ready Documentation: The new “resolution pack” requirement forces firms to maintain comprehensive records that can be retrieved within 48 hours to support rapid customer payouts during insolvency. We’ve seen too many collapsed firms with chaotic records that delayed customer recoveries for years. 

Third-Party Oversight: Stricter due diligence rules for banks and custodians holding customer funds, plus enhanced requirements for safeguarding insurance policies. 

What This Really Costs 

The FCA estimates that these changes will cost firms £73.2m over ten years (see Policy Statement PS25/12). It is possible that some firms may face higher costs, especially in areas like technology upgrades and audit preparation. However, the alternative, continuing customer losses and regulatory intervention, would prove far more expensive. 

The Bigger Picture  

End-state deferred: The FCA’s proposed statutory-trust ‘post-repeal’ regime, covering relevant funds and assets, is deferred pending review after one full audit cycle, and may return if outcomes fall short, subject to HM Treasury’s timetable. 

We expect significant market consolidation as smaller firms struggle with compliance costs, while those that invest properly in safeguarding infrastructure will gain competitive advantages through enhanced customer trust. 

Our Three Key Tips: 

1. Start Reconciliation Changes Now: Daily reconciliation requirements are the biggest operational shift. Begin mapping your current processes against the new requirements immediately – don’t underestimate the technology changes needed.
2. Secure Your Auditor Early: Most active firms will need annual safeguarding audits by qualified auditors. Start building relationships now as industry capacity will be stretched and ensure your systems can produce audit-ready records.
3. Make Resolution Packs Dynamic: Don’t treat the resolution pack as a one-off exercise. Link it directly to your live systems and processes to reduce maintenance burden and ensure it works if needed.

Need help preparing for the new safeguarding regime? Contact Leaman Crellin for expert guidance on implementing these requirements and ensuring your firm is ready for the 07 May 2026 deadline.