Back to Insights

CASS 15 – payment services and e-money

Gillian Boston

Gillian Boston

Financial Services Director

Connect on LinkedIn

06 January 2026

The safeguarding landscape for payment and e-money firms is about to become more challenging.

From 7 May 2026, the Financial Conduct Authority's (FCA) new rules under PS25/12, 'Changes to the safeguarding regime for payments and e-money firms', come into force for authorised payment institutions (excluding those providing only payment initiation or account information services), authorised e-money institutions, small e-money institutions, and credit unions issuing e-money in the UK. 

The FCA have set out the rules and guidance in CASS 15 to strengthen the safeguarding regime and to ensure that customers are better protected in the event of payment and e-money firms that fail.

These far-reaching requirements aim to strengthen customer protection and ensure resilience in the event of firm failure. With enhanced reconciliations, robust due diligence, mandatory safeguarding audits, and monthly returns, firms must act now to review their processes and governance. 

The FCA have also set out in CASS 10A the resolution pack that payment and e-money firms must maintain to support the timely return of funds.

These changes require firms to improve and strengthen their internal processes, controls and governance arrangements.

Under the new requirements, firms must review and update their internal policies and procedures, which include the following:

Reconciliations

  • Daily internal and external reconciliations of relevant funds are essential.
  • Firms must ensure that they have reliable data and effective systems and controls to support the accuracy of the output from reconciliation processes.
  • Combined with enhanced record keeping requirements, this should enable the timely identification of funding shortfalls at an earlier stage.

Due diligence

  • The use of third parties often plays a vital role in how firms operate.
  • Firms must have robust due diligence processes in place when engaging with third parties to support client protection.

Acknowledgement letters

  • Firms must put in place robust acknowledgement letters which are agreed with banking institutions to help protect client funds.
  • Due to the legal nature of these arrangements, the acknowledgment letters must be set out correctly to ensure relevant funds are protected in the event of insolvency.

Resolution pack

  • Firms must maintain a safeguarding resolution pack to help an insolvency practitioner understand the safeguarding arrangements the firm has in place. 
  • It is important to keep the resolution up-to-date and ensure that it is linked to the latest version of underlying documents.

Safeguarding audit

  • If safeguarded funds exceed £100k at any point during an audit period, a safeguarding audit will be required to be undertaken by an external qualified auditor.
  • A firm should ensure its processes and controls meet the requirements set out in PS25/12.
  • Appointing a qualified auditor early, will put firms in a strong position to prepare for and meet the requirements of a CASS 15 safeguarding audit.

Safeguarding return

  • The FCA will require relevant firms to submit a safeguarding return on a monthly basis.
  • The return provides the FCA with an overview of  safeguarded funds held and the controls in place.
  • The return also requires firms to give details on breaches identified.
  • The return should be reviewed by the director/senior manager responsible for oversight of operational compliance prior to submission to the FCA.

CASS 15 safeguarding audit

From 7 May 2026, a qualified auditor must undertake the CASS 15 safeguarding audit and submit the audit report to the FCA.

Key dates to note are:

  • The first safeguarding regulatory return is due in July 2026 for the month of June 2026.
  • The latest date the first audit period can end is 13 May 2027.
  • The latest date the first audit report is due for submission to the FCA is 13 November 2027, with a four month submission window thereafter.

Firms can choose when their first safeguarding audit period ends, provided it is within 53 weeks of when the firm first became subject to the safeguarding audit rules.

If an audit period straddles 7 May 2026, a qualified auditor will undertake the safeguarding audit.

Now is the time for firms to act

The clock is ticking - don’t wait until 7 May 2026.

  • Review your safeguarding arrangements.
  • Engage with your auditors early.
  • Ensure your processes align with FCA expectations.

Get in touch

How is your business preparing for these changes? Please get in touch using the form below, if you’d like to discuss your safeguarding audit requirements.

Want to know more?

Just fill in our short form and one of our experts will get back to you shortly.