The Financial Conduct Authority (FCA) recently published its long awaited Policy Statement, finalising plans for substantial reforms to the UK’s safeguarding regime for payments and e-money firms.
Helpfully, the FCA has given a nine month window for firms to take stock and implement necessary changes to business models, with rules taking effect from 7 May 2026. The rules will be enforced initially via a 'supplementary regime' enhancing the UK’s existing safeguarding regime, with potential for a further 'post-repeal regime' which is currently on hold, called the 'end-state rules' in earlier consultations, as that would need legislative changes to the UK’s payment and e-money regulations and further FCA consultation.
This article aims to help you identify those key developments to the safeguarding regime, to support effective changes to processes and operations to meet the new requirements, for firms to feel confident ahead of the 2026 'go-live' date.
Safeguarding: all change, but why?
Safeguarding reform has been on the regulatory agenda for some time, with HM Treasury originally publishing a call for evidence on the UK’s Payment Services Regulations in January 2023 and the FCA consulting on the matter in September 2024.
Read alongside the FCA’s Policy Statement, rationale is clear – there’s been significant growth in consumers using e-money and payment accounts, from c. 1% of consumers in 2017, to c. 12% in 2024. Firms in the sector that are failing are not returning funds in full, rather it's averaging c. 65%, and over 40% of users are categorised as vulnerable. In addition to this, various systemic issues were identified in how firms implement safeguarding processes, for example quality of reconciliation practices, inadequate fund segregation, coupled with unclear scope and protections under the current Payment Services Regulations 2017 and Electronic Money Regulations 2011.
Safeguarding reform: key features and changes
The reform will require firms to implement a variety of requirements that cover all aspects of the safeguarding journey, this should lead to more robust processes and support better protection of consumers. Key requirements include:
- Firms in scope - it covers those in scope of existing requirements – e-money institutions (and credit unions issuing e-money), authorised payment institutions and those small payment institutions that elect to meet safeguarding requirements). It won’t impact firms solely authorised or registered to provide payment initiation services and/or account information services. Firms will need to appoint a director or senior manager to have oversight of safeguarding compliance.
- Safeguarding audit - all firms holding more than £100,000 on average in relevant funds will require an annual safeguarding audit by a qualified auditor, this will be an additional cost to firms. Previously some firms may have carried on safeguarding audits based on FCA suggested guidance, rather than as required under rules.
- Reconciliation – a critical element of safeguarding, essentially ensuring the amount of safeguarded funds held match those amounts owed to customers. These reconciliations are now mandatory and must be carried out at least once each reconciliation day, essentially every day except for a weekend or bank holiday.
- Monthly FCA returns - firms will need to submit new monthly returns to the FCA, covering key data linked to levels of safeguarded funds, reconciliation processes, rule breaches and notification requirements. It should support more effective supervision and early intervention if the FCA has concerns with a firms safeguarding arrangements.
- Resolution packs - firms need to be better prepared for failure and managing this effectively, this was also a key finding in a recent FCA multi-firm review too, recognising firms were generally unprepared and existing plans lacked necessary information to manage related risks and return of customer funds. The supplementary regime requires firms to have detailed resolution packs, with the FCA able to request these and expecting them to act as 'live' documents updated as a business grows and activities develop.
- Due diligence - firms are expected to carry on greater due diligence of its safeguarding account providers and related third parties, for example assessing regulatory status/permissions, financial stability, contractual terms and undertaking ongoing monitoring to ensure the firm remains comfortable with the provider. These processes should be documented.
- Insurance method - some firms use insurance policies or similar guarantees to manage safeguarding obligations, the supplemental regime requires firms to ensure there are no conditions or restrictions to payouts if the insurance is drawn on, other than in relation to confirmation an insolvency event has occurred.
- Helpful resources - the FCA Approach Document for Payment Services and E-Money Firms will be updated to reflect changes from May 2026. The draft document covers key changes to rules and guidance, for example CASS 10A (resolution pack requirements), CASS 15 (safeguarding requirements), SUP 3A (auditor: safeguarding reports) and SUP 16.4 (safeguarding return format).
What should firms be considering?
It’s clear the supplemental regime changes are positive and the FCA has taken on board feedback in carving out certain smaller scale firms. This provides much more detail on firm expectations, in terms of safeguarding standards and obligations, all to support greater levels of consumer protection and integrity within firms. It’s also a marked improvement on guidance available to firms, when compared with existing detail in the Payment Services Regulations 2017, Electronic Money Regulations 2011 and the FCA's Approach Document.
No doubt firms will be well underway in determining how the regime changes will impact day-to-day operations, it’s clear firms will need to spend more time and attention on safeguarding arrangements moving forwards, ultimately resulting in increased operational costs. In getting to grips with the new regime, we’d recommend that firms start to consider:
- A safeguarding gap analysis – review your existing processes against those of the supplemental regime, are you satisfied you have a strategy to plug any gaps?
- Manage internal resource – have you identified an appropriate director or senior manager responsible for safeguarding operations, how will you manage the new monthly regulatory reporting, who is responsible for collating audit information and supervising operational processes, such as reconciliation checks.
- Safeguarding audits – consider if this is something your existing auditors can support with, or start to plan how you intend to identify an appropriate firm for the new annual safeguarding audits.
- Plan for the unexpected – firms will need to take stock of the resolution pack requirements, create one and ensure it's maintained and available for review on request by the regulator. A high level of detail is expected, so ensure appropriate time and attention is given to this.
How can Ashfords support?
We regularly support our payments and fintech clients to navigate regulatory change, whether that’s discussions on technical requirements of new regimes and developments, to help you implement required changes effectively, or supporting with design or review of internal processes, policies and related frameworks.
For more information or if you have any queries, please contact Oliver Woodhouse or Andrew Roberts in Ashfords' financial services regulatory team.