FCA Finalises Major Overhaul of Safeguarding Rules for Payments and E-Money Firms (PS25/12)

Written By Gordon Spencer

How AnyAccount Helps

At AnyAccount Ltd, we support FinTech start-ups and scaling businesses with:

  • Regulatory reporting strategy and optimisation

  • End-to-end FCA returns management (REP001–REP018 and beyond)

  • Governance structures aligned to UK company law

  • Compliance monitoring frameworks and regulatory automation

  • Filing reviews, readiness checks, and efficiency audits

If you’d prefer to spend fewer evenings wrestling with Gabriel returns — and avoid discovering “late submission fees” the hard way — speak to us. We help firms implement a regulatory reporting process that is clean, efficient and proportionate.

The FCA has now published PS25/12, confirming the most extensive refresh of the UK safeguarding regime since PSD2 landed nearly a decade ago. The message is direct: weak safeguarding arrangements are no longer going to be tolerated, and firms that get this wrong should expect early intervention.

Alongside the policy statement, the FCA has issued a fully redlined May 2026 draft update of Payment Services and Electronic Money – Our Approach. The redlines tell the real story — and they show just how much tighter, more prescriptive and audit-driven the future safeguarding landscape will be.

Here’s what’s actually changing.

1. A Two-Stage Reform: Supplementary Regime → Post-Repeal Regime

The FCA’s changes occur in two phases:

  1. The Supplementary Regime – Comes into force 7 May 2026, and strengthens existing PSR/EMR requirements without needing legislative change.

  2. The Post-Repeal Regime – Will replace PSR/EMR safeguarding altogether with a CASS-style regime, once Parliament finalises the legislative repeal.

The redlined Approach Document already builds in the Supplementary Regime across multiple chapters, notably Chapter 10 (Safeguarding), Chapter 13 (Reporting & Notifications), and Annex 6 (safeguarding letters).

2. Notification Duties: Firms Must Tell the FCA Before Changing Anything

The redlines make this unavoidable: any material change to safeguarding arrangements must be pre-notified.

This includes (Chapter 4, para 4.19, ):

  • changing safeguarding method (segregation → insurance or vice versa)

  • changing the bank holding safeguarded funds

  • changing the insurer or guarantor

  • changing the MLRO (added as a specific notification requirement)

This is a marked tightening — firms will no longer be able to quietly “optimise” their safeguarding arrangements and deal with the paperwork later.

3. Monthly Safeguarding Returns Become Mandatory

The draft expressly introduces SUP 16.14A monthly safeguarding returns (Chapter 3, para 3.159, ).

This is new, and it is prescriptive.

All Authorised PIs, Authorised EMIs, and any Small PIs that voluntarily safeguard must submit a:

  • monthly safeguarding reconciliation

  • statement of safeguarded balances

  • confirmation of any discrepancies and remediation steps

The FCA clearly intends to spot risk early — rather than relying on annual data or waiting for administrators to uncover multi-million-pound shortfalls.

4. Mandatory Annual Safeguarding Audit (SUP 3A)

Another major addition: all safeguarding firms will require an annual audit of safeguarding.

The redlines link directly to SUP 3A (auditors’ safeguarding reports) and new guidance on what auditors must examine (Chapter 3, para 3.159; Chapter 11 references, ).

This goes far beyond “have a policy and keep some records”. Auditors must now assess:

  • operational arrangements

  • daily reconciliations

  • segregation controls

  • insurance/guarantee adequacy

  • liquidity impact

  • governance oversight

This is the closest the payments sector has ever come to a CASS-style audit regime — exactly as foreshadowed in CP24/20.

5. Reconciliations: Much More Prescriptive and Board-Approved

The redlines in Chapter 10 show a major shift in tone: reconciliation processes now must be signed off by a firm's board (para 10.60, ).

The FCA also expects:

  • daily reconciliations across all safeguarding accounts

  • documentation of “reasonable headroom” when using insurance/guarantee methods

  • written board approval before adopting insurance-based safeguarding

  • institutions to provide reconciliation records on request as part of supervisory engagement

  • a safeguarding risk assessment included in the REP018 return

This is significantly more demanding than current industry practice.

6. Stricter Conditions for Using Insurance or Guarantee Methods

Chapter 10 has multiple redline edits expanding the insurance/guarantee method (paras 10.54–10.60, , ).

Key changes include:

  • Guarantees must impose primary liability on the insurer — not the secondary “surety” concept under English law.

  • No conditions or restrictions can delay payout following an insolvency event.

  • Cover must include headroom for foreseeable fluctuations in safeguarded balances.

  • Institutions must evidence how policy expiry risk is mitigated.

  • Institutions must ensure insurers understand they cannot dispute liability based on circumstances of the insolvency.

  • Policies should be structured as trust arrangements to ensure funds fall outside the insolvent estate.

This is consistent with the FCA’s long-running view that insurance-based safeguarding is inherently fragile and must be tightly managed.

7. Resolution Packs Now Mandatory (CASS 10A)

The new draft introduces CASS 10A resolution pack requirements to payment and e-money firms (Chapter 1, para 1.4; Chapter 3 references; Annex 6, ).

Firms must now maintain:

  • lists of safeguarding accounts

  • reconciliations

  • governance documents

  • outsourcing arrangements

  • service provider contacts

  • wind-down procedures

  • material contracts

Resolution packs are a core FSMA tool for broker-dealers — their expansion into payments signals the FCA’s intention to treat safeguarding failures much like CASS breaches.

8. Integration into the FCA Handbook

The FCA is now embedding safeguarding across:

  • CASS 15 (safeguarding rules)

  • CASS 10A (resolution packs)

  • SUP 3A (safeguarding audit reports)

  • SUP 16.14A (monthly safeguarding returns)

  • SUP 15 (enhanced notification requirements)

  • Approach Document Chapters 1, 2, 3, 4, 10 and 13 (as confirmed in version control, )

This is the biggest regulatory expansion for payments and e-money since the original PSRs 2017 implementation.

What It Means for Payments, EMIs, and High-Growth FinTechs

The direction of travel is clear: safeguarding must now look like CASS — with the paperwork to match.

Expect:

  • More reporting

  • More audit scrutiny

  • More pre-notification obligations

  • Higher compliance costs

  • Greater risk of early supervisory intervention

For the good actors, this provides clarity and structure. For the weaker ones, the FCA is building mechanisms to identify failures before insolvency administrators stumble over missing millions.

Gordon Spencer
Previous

How a UK Firm Should Structure Its First 12 Months Entering the US Market
Next

The 5 Biggest Mistakes UK/EU Firms Make When Expanding Into the US