top of page

FCA Safeguarding Rules 2026: Compliance Requirements for Payment and E-Money Institutions

  • Writer: Buckingham Capital
    Buckingham Capital
  • 5 days ago
  • 8 min read
FCA Safeguarding Rules







FCA Safeguarding Rules 7 May 2026: Compliance Requirements for Payment and E-Money Institutions

The FCA's new safeguarding regime takes effect 7 May 2026. Authorised payment institutions and e-money institutions face comprehensive obligations including daily reconciliations, monthly regulatory returns, annual audits, and resolution pack requirements. Non-compliance carries substantial penalties including regulatory enforcement and potential licence revocation.


Buckingham Capital Consulting has supported payment institutions and e-money institutions with safeguarding compliance since 2013. We provide end-to-end implementation programmes ensuring firms meet 7 May 2026 deadline with robust systems, policies, and controls.


What the New Safeguarding Rules Require

From 7 May 2026, the Supplementary Regime overlays existing Payment Services Regulations 2017 and Electronic Money Regulations 2011 with enhanced requirements in CASS 15 and SUP. The regime introduces CASS-style obligations previously applied to investment firms, significantly tightening safeguarding standards for payment and e-money businesses.


Daily reconciliations are mandatory. Firms must complete internal and external safeguarding reconciliations on every reconciliation day, defined as business days excluding weekends, UK bank holidays, and days when relevant foreign markets are closed. The core control compares D+1 segregation requirement against D+1 segregation resource, identifying and remedying shortfalls or excesses promptly.


Monthly regulatory returns to the FCA become compulsory. Returns submitted via SUP 16.14A must be filed within 15 business days of month-end, covering safeguarding methods used, balances in safeguarding accounts, reconciliation completion, breaches identified, and remediation actions taken. This provides regulators with regular comprehensive safeguarding oversight enabling earlier risk identification.


Annual safeguarding audits are required unless the firm has safeguarded less than £100,000 at any point over continuous 53-week period. Audits must be conducted by qualified auditors applying standards to be developed by Financial Reporting Council. Audits provide assurance to FCA and firm boards that systems adequately comply with safeguarding requirements.


Resolution packs must be maintained as living documents enabling quick identification of where relevant funds are held, who agents and distributors are, and how records and transfers are controlled. Resolution packs must be accessible within 48 hours' notice, materially speeding customer redress in insolvency scenarios.


Acknowledgement letters from banks and custodians must follow prescribed FCA template with detailed wording requirements. Letters must be reviewed at least annually, updated promptly when details change, and retained for five years after last account closure. This standardises bank acknowledgements ensuring legal clarity around safeguarding arrangements.


Diversification obligations prevent firms placing all client funds with single institution. Firms must assess and document diversification requirements based on business model and risk profile, potentially requiring multiple banking relationships or additional insurance arrangements.


Why the FCA Is Strengthening Safeguarding

The FCA cites weaknesses in current safeguarding practices leading to significant shortfalls when firms fail. Companies House data shows average shortfall of 65% in funds owed to clients at firms entering insolvency between Q1 2018 and Q2 2023. Recent failures demonstrated customers facing lengthy delays recovering funds with substantial losses.


Usage of payment institutions and e-money institutions has grown dramatically. In 2017, only 1% of consumers used PI or EMI accounts. By 2024, this reached 12%. E-money institutions alone safeguarded £26 billion in 2024. Growth creates systemic importance requiring robust consumer protection.


Unlike other financial services sectors, payment and e-money customers have no Financial Services Compensation Scheme protection. Safeguarding is sole protection mechanism. Strengthened regime aims ensuring customers receive maximum value of funds as quickly as possible following firm failure.


Who the New Rules Apply To

Supplementary Regime applies to authorised payment institutions except those solely providing payment initiation services or account information services. PIS and AIS providers do not hold client funds so face no safeguarding obligations.


Authorised e-money institutions and small e-money institutions are subject to enhanced requirements. Credit unions issuing e-money in United Kingdom must comply. Small payment institutions can opt into safeguarding requirements if they choose but are not mandated.


European Economic Area firms in supervised run-off under financial services contracts regime are captured. These firms continue operating in UK under transitional arrangements and must meet UK safeguarding standards.


Firms currently relying on insurance or comparable guarantee arrangements face additional scrutiny. Insurance policies and guarantees must have no payout restrictions beyond insolvency events. Firms must prepare contingency plans three months before policy expiry enabling switch to segregation if renewal cannot be secured.


Implementation Timeline and Regulatory Expectations

FCA published Policy Statement PS25/12 on 7 August 2025. Nine-month implementation period runs until 7 May 2026 when Supplementary Regime takes effect.


Regulators expect firms to conduct gap analyses, update safeguarding policies, implement technology systems supporting daily reconciliations and monthly returns, engage auditors early, and train staff on new requirements.

Post-Repeal Regime proposing statutory trust over relevant funds has been deferred. Earliest consultation expected Q4 2027. Supplementary Regime represents compliance framework for foreseeable future.


Penalties for Non-Compliance with the FCA safeguarding rules

Safeguarding breaches of the FCA safeguarding rules carry serious regulatory consequences. FCA can issue formal enforcement action including public censure, financial penalties, and restrictions on business activities. Persistent non-compliance may result in licence variation or revocation preventing firm from operating.


Skilled person reports under Section 166 FSMA can be mandated where FCA has concerns about safeguarding adequacy. Firms bear costs of independent reviews which can be substantial and reputationally damaging.

Insolvency outcomes create direct customer harm. Firms failing with inadequate safeguarding face lengthy administration processes, significant shortfalls in funds owed to customers, and potential director liability. Recent insolvencies have shown customers recovering only 35% of funds on average.


Reputational damage from safeguarding failures extends beyond regulatory penalties. Loss of customer confidence, banking relationship termination, and partnership withdrawal create existential business threats. Getting safeguarding right is fundamental to operational sustainability.


Key Implementation Challenges

Daily reconciliation discipline represents significant operational change. Firms must implement automated data feeds, reconciliation software, escalation procedures, and allocate staff resource to daily tasks.


Monthly regulatory returns introduce new reporting burden. Firms need systems extracting required data, processes ensuring accuracy, governance approving returns, and retention of supporting documentation.


Audit capacity is industry concern. Qualified auditors with safeguarding expertise are limited. Firms must engage auditors immediately. Preparation includes documenting policies, maintaining reconciliation evidence, demonstrating breach remediation, and ensuring resolution packs are current.


Diversification requirements may necessitate additional banking relationships creating operational complexity and additional costs.


Technology investment is substantial. Firms require sophisticated treasury management and reconciliation systems, implementation and integration, staff training, and ongoing maintenance.


Safeguarding Methods and Operational Models

Firms can safeguard through segregation in designated accounts at authorised credit institutions, investment in prescribed assets held with qualifying custodians, or insurance arrangements meeting regulatory requirements.


Segregation is most common. Relevant funds are deposited in accounts separate from operational accounts. Daily reconciliation ensures required funds match actual balances.


Insurance arrangements enable firms to hold funds in operational accounts whilst obtaining policy covering safeguarding obligations. Policies must cover insolvency scenarios with no payout restrictions. Regulatory scrutiny of insurance has increased.


Whichever method is used, daily reconciliation requirement applies ensuring adequate protection at all times.


What Firms Need to Do Now

  • Conduct comprehensive gap analysis against CASS 15 requirements identifying areas where current safeguarding falls short.

  • Update policies and procedures comprehensively. Generic templates are insufficient. Policies must reflect firm's business model, transaction flows, and controls. Policies require board approval with named senior manager accountability.

  • Commence technology implementation immediately. Firms requiring new systems face months-long timelines. Vendor selection, configuration, integration, testing, and training cannot be compressed without quality compromise.

  • Engage auditors urgently. Contact qualified auditors discussing requirements and securing capacity for annual audits.

  • Review banking relationships. Obtain updated acknowledgement letters using prescribed template. Evaluate diversification requirements.

  • Train staff on new obligations including daily reconciliation methodology, compliance requirements, and breach escalation.



How Buckingham Capital Consulting Supports Safeguarding Compliance

We provide end-to-end safeguarding compliance programmes, leveraging over 14 years supporting payment institutions and e-money institutions since 2013.


Gap analysis and readiness assessment begins our engagement. We review existing safeguarding arrangements against CASS 15 requirements, identify specific gaps requiring remediation, assess systems and technology adequacy, evaluate staff capability and resource allocation, and provide prioritised remediation roadmap with timeline to 7 May 2026 deadline.


Safeguarding policy development delivers comprehensive, tailored documentation. We draft safeguarding policies reflecting firm's specific business model and transaction flows, procedures covering daily reconciliation, breach identification, and remediation, governance frameworks with board oversight and senior manager accountability, and record-keeping standards supporting audit and regulatory review. Our policies meet FCA and auditor expectations drawing on extensive experience across payment and e-money sector.


Daily reconciliation framework implementation addresses operational mechanics. We design reconciliation methodology appropriate to firm's business model, specify data requirements from banking partners and internal systems, develop reconciliation templates and worksheets, establish escalation procedures for discrepancies and breaches, and provide staff training on daily reconciliation execution.


Resolution pack development ensures firms meet FCA requirements. We compile comprehensive packs documenting safeguarding arrangements including bank account details and acknowledgement letters, agent and distributor relationships, safeguarding calculation methodologies, and links to current reconciliations. We establish processes maintaining packs as living documents updated for business changes.


Technology and systems guidance provides vendor-neutral advice on requirements and solutions. We specify functional requirements for reconciliation and treasury management systems, evaluate vendor options against firm's needs and budget, support procurement and contract negotiation, oversee implementation and configuration, and validate system capability through user acceptance testing.


Monthly regulatory return preparation supports compliance with SUP 16.14A obligations. We design data extraction processes from source systems, develop return preparation worksheets ensuring accuracy, establish governance and approval workflows, manage initial submissions to FCA, and train internal teams on ongoing return preparation.


Auditor liaison and audit preparation positions firms for successful annual audits. We help firms select qualified auditors with safeguarding expertise, prepare audit evidence packs demonstrating compliance, support auditor information requests during fieldwork, and address audit findings requiring remediation.


Ongoing compliance support provides continuous assistance beyond initial implementation. We offer advisory services on safeguarding queries and challenges, regulatory update monitoring as FCA develops guidance, periodic compliance reviews ensuring ongoing adherence, and support for regulatory examinations when FCA conducts reviews.


For firms using insurance or guarantee arrangements, we provide specialist advice on policy terms ensuring regulatory compliance, negotiation support with insurers, contingency planning for policy renewal or termination, and transition support if switching from insurance to segregation is required.


Why Safeguarding Compliance Demands Specialist Expertise

Safeguarding requires understanding regulatory expectations from 14 years working with FCA, operational expertise designing practical daily workflows, technology knowledge evaluating reconciliation systems, and audit perspective understanding evidence requirements.


Generic consultants lack payment sector specialisation. Investment firm CASS expertise doesn't translate to payment safeguarding nuances. We specialise exclusively in payment and e-money regulatory compliance.

Getting implementation wrong carries consequences. Inadequate reconciliation creates ongoing breaches. Insufficient audit preparation leads to qualified opinions triggering intervention. Poor documentation fails FCA examinations.


Timeline to 7 May 2026 is compressed. Starting now with experienced advisors prevents deadline panic and costly remediation.


What Happens After 7 May 2026

Supplementary Regime represents safeguarding framework for foreseeable future. Regulatory supervision will intensify through monthly returns and annual audit reports. FCA will examine firms with persistent breaches or inadequate controls.


Industry standards will emerge through regulatory engagement and audit practice development. Early compliance leaders influence emerging best practice. Technology and operational maturity will advance, with safeguarding capability becoming competitive differentiator.


Frequently Asked Questions

When must firms comply?

7 May 2026. All policies, procedures, systems, and controls must be operational by this date.


Do all firms need annual audits? Firms safeguarding £100,000 or more at any point over continuous 53-week period require annual audits. Smaller firms are exempt.


What if daily reconciliation fails on specific day?

Failure is regulatory breach requiring reporting in monthly return and remediation plan. Persistent failures trigger intervention.


Can firms continue using insurance?

Yes, if insurance meets regulatory requirements including no payout restrictions and sufficient coverage. Regulatory scrutiny has increased.


What if banks won't provide required acknowledgement letters?

Engage early with banking partners explaining requirements. If banks refuse, firms may need alternative relationships.


How long does implementation take?

Well-resourced firms need three to six months. Firms requiring significant systems investment need six to nine months.


Will FCA introduce statutory trust?

Eventually, but Post-Repeal Regime has been deferred. Earliest consultation expected Q4 2027.


Contact Buckingham Capital Consulting

Buckingham Capital Consulting provides safeguarding compliance implementation for payment institutions and e-money institutions facing 7 May 2026 deadline. With over 14 years of experience supporting PI and EMI firms, we deliver gap analysis, policy development, reconciliation framework design, technology guidance, audit preparation, and ongoing compliance support.


Contact us to discuss your safeguarding compliance requirements.

Email info@buckinghamcapitalconsulting.co.uk or call 0207 866 2512.



 
 
bottom of page