From May 2026, the FCA will introduce a significantly strengthened safeguarding regime for UK payments and e-money firms, moving from principles-based guidance to a more prescriptive and enforceable framework. Set out in Policy Statement PS25/12, the reforms are designed to address longstanding weaknesses in safeguarding practices that have, in several high-profile insolvencies, resulted in delays and shortfalls in the return of customer funds.
At the heart of the new regime is a step change in reporting, management oversight and use of management information (MI), bringing safeguarding expectations closer to the FCA’s established Client Assets Sourcebook (CASS) regime. The rules coming into force in May 2026 form part of the FCA’s “Supplementary Regime”, strengthening existing requirements while a longer-term post-repeal framework continues to be considered.
Enhanced reporting requirements
A central feature of the new regime is the introduction of regular, structured reporting to the FCA. Firms will be required to submit monthly safeguarding returns via RegData, covering:
- the amount of relevant funds held,
- reconciliation outcomes, and
- details of safeguarding account providers.
This represents a material escalation from current practices, where reporting has often been periodic, reactive or event-driven. Moreover, it links to The FCA’s wider regulatory strategy (2025 – 2030) and the move towards using data to drive supervisory decision making and interventions as it becomes in its own words a “smarter regulator”.
In addition, most authorised payment institutions and e-money institutions will need to commission annual safeguarding audits performed by suitably qualified external auditors, with reports submitted directly to the FCA. (Only firms not holding £100,000 or more of relevant funds during the 53-week period are exempt – and exempt from the audit not from the requirements themselves!)
Together, these measures are intended to give the FCA earlier sight of emerging issues, including reconciliation weaknesses, shortfalls and potential concentration risk in the market.
Safeguarding MI and management responsibilities
Alongside formal reporting, the FCA is placing increasing emphasis on robust safeguarding MI as a core management control. MI must be sufficiently granular, timely and decision-useful to allow senior management to demonstrate that customer funds are protected on an ongoing basis and that issues are identified and addressed promptly. As we have said before, if you can’t evidence it the FCA usually takes the view that it hasn’t happened – even if it has!
At a minimum, firms should maintain MI showing the quantum and location of safeguarded funds, including balances by safeguarding account, movements during the period and reconciliation results. MI should clearly highlight breaks, timing differences and unexplained variances, track resolution times, and escalate persistent or recurring issues.
Firms should also hold MI on the effectiveness of safeguarding controls and third-party arrangements, including concentration risk across banks or custodians, breaches of account terms, and performance issues with providers. Incidents, near misses, audit findings and remediation actions should be recorded with clear ownership.
Where insurance or trust structures are used, MI should evidence continued compliance with policy or trust requirements.
In line with CASS 15 expectations, firms must carry out and document appropriate third-party due diligence, including maintaining records of assessments and formal board sign-off.
Governance-focused MI remains critical. Senior management and boards should receive regular reporting on safeguarding compliance, emerging risks and forward-looking indicators such as rapid growth in safeguarded funds or changes to the business model. MI should also cover audit status, regulatory submissions and resolution-pack readiness.
Key takeaways for firms
- Safeguarding reporting will become more frequent, standardised and supervisory-facing.
- MI must evidence control and oversight, not just technical compliance.
- Reconciliations, third-party risk and issue escalation will be key regulatory focus areas.
- Boards will be expected to actively review and challenge safeguarding MI.
- Firms that embed these requirements early will be better positioned for supervisory scrutiny and operational resilience.
Overall, the new regime marks a decisive shift toward greater transparency, accountability and discipline in safeguarding.
Firms that treat safeguarding MI as a strategic governance tool – rather than a compliance exercise – will be best placed to meet FCA expectations and protect customers if things go wrong.
At Cosegic we help firm’s build effective and robust MI / governance frameworks giving boards and senior leaders insight into business operations allowing them to stay on just on top of regulatory challenge but ahead of it. If you wish to know more or indeed, if you have any questions about any of the issues raised in this article or Safeguarding more generally please contact Cosegic’s Digital Finance Team.
