The FCA’s PS25/12 marks one of the most significant reforms to the safeguarding regime for payment and e-money institutions since it was first introduced. At its core is a far more disciplined approach to reconciliation – ensuring firms can consistently, accurately, and demonstrably protect customer funds.
PS25/12 applies a new CASS 15 rulebook, setting out in detail how firms must perform both internal and external safeguarding reconciliations. With the May 2026 implementation deadline fast approaching, we have summarised the key requirements that firms will need to meet.
Why it Matters
As consumers of financial services, when things go wrong we all have the same first thought – is my money safe! We want to understand how much we hold, how much will be returned, and how quickly will it be returned. Successive firm failures have demonstrated time and time again that firm’s have not maintained appropriate reconciliation processes. Customers lose money, the sector loses credibility, regulatory focus intensifies, and costs increase for all.
A key aspect of compliant safeguarding processes is effective reconciliation – a two-stage process: internal and external.
Internal Reconciliation: Granularity Matters
Internal reconciliation compares what the firm should be safeguarding with what it actually holds in segregated accounts or insurance/guarantee structures.
Firms must calculate daily:
- The safeguarding requirement – all relevant funds that must be protected
- The safeguarding resource – the actual safeguarded funds and protections in place
Any shortfall must be addressed immediately using the firm’s own money.
Importantly CASS 15’s internal reconciliation rules require firms to build their safeguarding requirement from the ground up – specifically, from each customer’s individual balance. Under CASS 15.8.31R, a firm must calculate an individual safeguarding balance that captures all funds it should be safeguarding for that customer.
Firms have flexibility in how they group these balances – one aggregation per customer or multiple balances per product or service – but there is no flexibility on the outcome: the reconciliation must always capture the full amount owed and to whom.
PS25/12 does allow non-standard internal methods, but only if fully documented and independently signed off by an auditor. In other words, some flexibility is permitted, but only when paired with third-party assurance. Given the cost implications of adopting a non-standard approach it is more likely to be applicable to large, complex firms operating across multiple jurisdictions.
External Reconciliation: Evidence-Based Verification
External reconciliation requires firms to compare their internal records with independent evidence such as bank statements. This must be performed currency-by-currency and at the level of actual balances or asset quantities, not broad totals. The aim is to expose mismatches however small between internal and external data.
In practice, this demands high-quality internal records, dedicated safeguarding ledgers, and reconciliations backed by robust, clearly evidenced data.
If the figures do not align, the discrepancy must be investigated immediately. This is the critical second layer – verifying that the firm’s internal view reflects reality.
A Belt-and-Braces Safeguarding Framework
By requiring both internal and external reconciliations, the FCA is sending a clear message: don’t assume or hope your records are accurate – prove they are. Internal reconciliation will catch issues early and external reconciliation will confirm the internal picture is correct
Together, this creates a reinforced control environment that reduces the risk of shortfalls, strengthens operational resilience, and materially improves customer protection, especially in a failure scenario.
Frequency: Daily and Disciplined
Firms must perform both reconciliations on every reconciliation day, typically meaning every business day.
- Internal reconciliation should be continuous and integrated into daily operations.
- External reconciliation must also be daily, but only on days when external evidence is available – i.e., business days excluding weekends, UK bank holidays, and days when relevant foreign markets are closed.
This daily dual process ensures customer funds are tested internally for accuracy and externally for verification.
Do not forget that immediate access to the latest reconciliation data is a required part of the resolution pack as mandated under CASS10, so evidencing the whole reconciliation process fully and accurately is essential.
What Firms Should Do Now
To prepare for implementation by May 2026, firms should:
- Embed daily reconciliations into core operations
- Strengthen data quality and ledger accuracy
- Secure reliable external statements and data feeds
- Document reconciliation methodologies (especially non-standard ones)
- Establish clear escalation routes for mismatches
- Prepare for enhanced audit and reporting expectations
- Ensure historic reconciliation data is retrievable.
Final Thought
This is more than a mere compliance exercise – effective reconciliation is the beating heart powering a firm’s operating model.
Firms that invest early in clear, timely, and well-evidenced reconciliation processes will not just meet regulatory expectations, they will stand out for operational maturity and customer protection.
At Cosegic we are already working with clients to assess and uplift their CASS readiness programs. If you want to discuss any issues raised in this article or how Cosegic might best support your needs – get in touch!
