Big Changes to Safeguarding: What CP24/20 Means for UK Payment Firms and Fintechs

Written By Gordon Spencer

In a move that could reshape the operational and compliance landscape for payment and e-money institutions, the Financial Conduct Authority (FCA) has launched Consultation Paper CP24/20, outlining substantial reforms to the safeguarding regime under PSR 2017 and EMRs 2011. These proposed changes come in response to concerns about the robustness of safeguarding practices and the need for greater consumer protection, particularly in light of firm failures over recent years.

Why It Matters

If you’re a fintech or authorised payment institution (API), these changes go beyond minor housekeeping. The FCA is signalling a fundamental tightening of the safeguarding requirements — with particular emphasis on clarity, systems, and alignment with existing regimes for investment firms and client money (CASS).

Let’s break down what’s coming and how it could impact your firm.

Key Changes Proposed in CP24/20

1. New ‘Purpose-Based’ Definition of Safeguarding

The FCA proposes a shift from process-focused safeguarding to purpose-based safeguarding — i.e., clearly aligning operational activity with the intention to protect customer funds. This involves:

  • Clear identification of relevant funds.

  • Prompt segregation into safeguarding accounts.

  • Enhanced recordkeeping that supports the firm’s obligation to return funds.

2. Daily Reconciliation Requirements

While many firms already perform reconciliations, under the new rules it would become a prescribed daily obligation, aligning expectations more closely with those under the CASS regime for investment firms.

3. Audit Assurance on Safeguarding

Firms will be required to obtain an annual audit opinion from a statutory auditor to confirm the design and operational effectiveness of safeguarding arrangements. This is intended to inject greater third-party oversight and challenge.

4. Clearer Wind-Down Planning and Insolvency Protections

The FCA is drawing from previous supervisory interventions and aiming to strengthen wind-down planning, ensuring safeguarding arrangements hold up in a failure scenario. This includes maintaining clear documentation and communication protocols in the event of insolvency.

5. Increased Operational Oversight

Senior Managers, particularly those with SMF16/17 responsibilities, will be expected to maintain clear governance over safeguarding. The FCA also expects better oversight of outsourcing related to safeguarding operations (e.g., reconciliations, account management).

What Would a ‘CASS-Style’ Safeguarding Regime Mean?

A major theme in CP24/20 is the potential alignment of safeguarding with the FCA’s existing Client Assets Sourcebook (CASS), which applies to investment firms. Here's what that could mean for payment and e-money firms:

1. Higher Operational Burden

The CASS regime is detailed and prescriptive. Adopting a similar approach would bring:

  • Extensive documentation requirements (client money policies, client money calculations, etc.).

  • Tighter reconciliation protocols, often including intra-day reconciliations.

  • Designated roles such as the Client Money Oversight Officer, which may lead to the introduction of parallel roles in payments/e-money firms.

2. Stronger Audit Trail and Assurance

A CASS-style approach would formalise third-party audits and increase scrutiny on safeguarding governance, likely requiring process overhauls for firms without strong internal audit functions.

3. Segregation at Point of Receipt

Under CASS, firms must segregate funds promptly upon receipt, which may force changes in how APIs or EMIs process customer funds, especially if they currently hold funds temporarily before safeguarding.

4. Crisis and Wind-Down Readiness

CASS requires clear client money resolution packs and contingency planning. A similar framework in payments would likely necessitate new documentation and wind-down preparation protocols.

What Should Firms Do Now?

Although these changes are still under consultation (closing date: 23 September 2024), firms should prepare for the likely tightening of expectations. Consider the following:

  • Review your safeguarding operations — especially reconciliation, account segregation, and documentation.

  • Engage with your auditor early to understand what will be required to provide a safeguarding opinion.

  • Assign senior oversight to monitor and prepare for policy changes and update governance documentation accordingly.

  • Assess how your firm would cope with a more prescriptive CASS-style regime, including resourcing, tech, and compliance gaps.

Final Thoughts

The FCA’s CP24/20 is not just a technical update. It represents a potential paradigm shift in how customer funds are protected in the UK payments and fintech space. By aligning more closely with the CASS regime, the FCA is laying down a clear message: safeguarding must be watertight, tested, and always fit for wind-down.

Fintechs, payment institutions, and e-money firms that get ahead of these changes will be in a stronger position to demonstrate resilience, win regulator confidence, and build consumer trust in a sector under increasing scrutiny.

Need help preparing for the Changes to Safeguarding?
Contact us at info@anyaccount.org to arrange a readiness assessment.

Gordon Spencer
Next

New ‘Failure to Prevent Fraud’ Offence: How UK Firms Can Act Now to Protect Against Liability