Regulatory Influencer: The UK’s Incoming Enhanced Safeguarding Rules and Their Knock-On Effects

The UK’s Financial Conduct Authority’s (FCA) new safeguarding rules will come into effect on May 7, 2026. The upcoming changes will only relate to the interim rules introduced in the August 2025 policy statement (PS25/12) under the “Supplementary Regime”,  which enhances safeguarding requirements under the Electronic Money Regulations 2011 (EMRs) and the Payment Services Regulations 2017 (PSRs).

The supplementary regime serves as a stepping stone to the FCA’s final vision of a “Post-Repeal Regime”, where existing safeguarding requirements under the PSRs and EMRs will be repealed and replaced with a Client Asset Sourcebook (CASS) style regime. However, proposals under the post-repeal regime remain subject to legislative change, with the timing, nature and feasibility of transitioning to the post-repeal regime ultimately depending on HM Treasury’s approach to revoking the PSRs and the EMRs.

These new rules were implemented in response to FCA findings that payment firms which became insolvent between Q1 2018 and Q2 2023 had average shortfalls of 65 percent of their customers’ funds. The FCA previously outlined these changes as a priority in its February 2025 Portfolio letter for payment firms. 

The FCA hopes that the new rules will strengthen safeguarding by reducing shortfalls, ensuring customers are repaid more quickly and cost-effectively if a payments firm fails, and improving oversight to identify and act on firms that do not meet safeguarding standards.

Although the changes are most significant for payment institutions and e-money firms, the scale of change will likely have a waterfall effect on retail banks, many of which provide such safeguarding services.

The bigger picture

The FCA’s new rules are a response to a fundamental change in how consumers are moving money and exemplify how guardrails must adjust accordingly. Previous FCA research demonstrated how the proportion of UK consumers using payment firms to provide non-bank payment accounts rose from 1 percent in 2017 to 12 percent in 2024, while e-money institutions in the UK were safeguarding approximately £26bn of relevant funds in 2024, up from £11bn in 2021.

In August 2025, the FCA published a policy statement (PS25/12) finalising its proposed rule changes. The changes are extensive and impose a number of requirements on payment and e-money firms that have previously benefited from a looser regime. Safeguarding is currently achieved by requiring payment and e-money firms to either:

• Segregate relevant customer funds from their own funds and place them in a separate account with an authorised deposit-taking bank or invest them in secure, liquid financial assets held with an authorised custodian.
• Alternatively, obtain an insurance policy from an authorised insurer or a comparable guarantee from a bank covering the relevant funds.

These two requirements will now be enhanced by increased oversight and monitoring obligations. 

Understanding key requirements under the supplementary regime 

Navigating safeguarding obligations is a challenge, particularly due to the complex business models inherent in payment and e-money firms. In this section, Vixio outlines the essential requirements and expectations of the forthcoming rules.

1. To improve books and recordkeeping

Require firms to keep adequate records such that at any time and without delay, they are able to distinguish between relevant funds and other funds.

The FCA has clarified that firms may use data from third parties for the purpose of creating and maintaining such records where no other method could reasonably be employed. This flexibility is intended to reflect the comparative speed and complexity inherent in the operations of payments and e-money firms (for example, where funds are applied automatically via application programming interfaces).

It is important to note that records must cover all relevant funds being held, including those not held in a relevant funds bank account and retain the data for a period of five years from the date it was created or the date of the most recent modification.

Require firms to perform safeguarding reconciliations at least once each “reconciliation” day.

This requirement requires firms to perform both internal and external reconciliation everyday with the exception of weekends, public holidays and days when relevant foreign markets are not open. Internal reconciliations verify values against the payments firm's own ledgers, whereas external reconciliations compare internal balances to third-party records, like those of banks.

Here, it is crucial to stress that reconciliations are intended to check the accuracy of a firm’s books and records, rather than being used as the means to maintain books and records.

Additionally, firms using an insurance or guarantee method to protect relevant funds (alone or in combination with the segregation method) that is unlimited in the amount of cover it provides, do not need to carry out internal safeguarding reconciliation but must carry out daily calculation of the safeguarding requirement.

Require firms to maintain a resolution pack.

The resolution pack ensures that firms maintain and can easily retrieve information that would help achieve a timely return of relevant funds to consumers. The pack is expected to be a “living document” which links directly to the latest versions of the relevant records. A full list of documentation to be included in the resolution pack can be found in Annex C 10A.2 of PS25/12.

2. To enhance monitoring and reporting

Requirement for firms to have safeguarding audits.

The FCA requires annual safeguarding audits to be performed by qualified auditors to ensure the upcoming new FRC audit standard is followed. This requirement will not apply to payment firms not required to safeguard more than £100,000 of relevant funds at any time over a period of 53 weeks. Payments firms are also not required to appoint the same auditor for their safeguarding audit and their statutory audit. 

The FCA has not confirmed if the audit period should align with the financial year, but has set out in SUP3A.3.3G that the report produced must not end more than 53 weeks after the period covered by the previous report.

Requirement for firms to produce a new monthly regulatory return.

Payments firms that also provide unrelated payment services alongside their e-money business will be required to report information for each of these services. This will mean they will need to answer around 75 percent of the questions on the return twice. On a monthly basis, relevant payments firms will be required to complete the safeguarding return in the FCA’s Supervision handbook (SUP) 16  Annex 29BR.

3. To strengthen elements of safeguarding

Requirements on the use of third parties.

Firms will be required to consider whether diversification of third parties is appropriate, having regard to considerations such as:

• Whether it would be appropriate to deposit relevant funds at a number of different approved banks.
• Whether it would be appropriate to limit the amount of relevant funds or relevant assets held with institutions within the same group entity.
• Whether risks arising from the safeguarding institution’s business model create any need for (further) diversification.

Requirements on the use of insurance and comparable guarantees.

Firms must ensure that there are no conditions or restrictions on their safeguarding insurance policies and comparable guarantees paying out, other than requiring the relevant insolvency certification(s). Firms are also required to have a contingency plan at least three months before their safeguarding insurance policy or comparable guarantee expires.

What does this mean?

Although the reforms are most directly borne by payment and e-money firms, the operational and documentation uplift will cascade to banks providing safeguarding services, requiring coordinated changes across account structures, legal agreements and compliance processes, across the board.

Impact on payment institutions and e-money institutions

Payment and e-money firms will need to take a structured, programme-level approach to compliance, given the breadth of changes across safeguarding documentation, account structures and operational controls. 

This exercise is significant and will require clear mapping of affected areas, gap analysis against the revised requirements and coordinated implementation across internal functions and external partners. Some helpful pointers that payment firms should consider:

• Real Time Gross Settlement (RTGS) and diversification: Firms should monitor the availability of overnight safeguarding facilities within the Bank of England’s RTGS service for non-bank payment service providers, as these may support diversification of safeguarding arrangements.
• Firm-level safeguarding: Funds must be segregated per authorised entity, with no interchangeability across group entities, and each firm must maintain its own safeguarding account or equivalent protection mechanism.
• Fungibility of money: Although segregation requires the correct amount of relevant funds to be protected, firms can rely on the fungibility of money and are not required to safeguard the exact funds received from customers, where alternative operational approaches are more efficient.

Impact on banks

Banks that offer specific safeguarding accounts are likely to face increased operational requirements and due diligence as a result of these rule changes.

• Mandatory Acknowledgement Letters: Banks are required to execute updated, prescriptive acknowledgement letters (CASS 15 Annex 1) for all safeguarding accounts. These letters formally recognise that the funds are held on behalf of customers and confirm the bank has no right of set-off or recourse, other than for explicitly permitted fees.
• Account Designation: Safeguarding accounts must be clearly identified as such, with naming conventions (ideally including “safeguarding”) making their purpose explicit. The account must be held in the name of the payment or e-money institution itself, not an agent or distributor, and cannot be used to hold any other funds or assets.
• Release of Funds: Banks are obligated to release funds held in safeguarding accounts promptly upon valid instruction from the payment firm or an appointed insolvency practitioner, except where a permitted right of set-off applies (CASS 15 Annex 1).

Banks should proactively review and, where necessary, update their safeguarding account frameworks, operational processes and policies to align with the revised CASS 15 requirements.  Additionally, they should be well-resourced in preparation for increased engagement from payment firm clients seeking to meet enhanced FCA safeguarding standards.

Conclusion

Although the final framework remains subject to HM Treasury’s review, the post-repeal regime is likely to proceed as determined. In this context, the FCA’s supplementary safeguarding regime under PS25/12 acts as a transitional bridge toward a more prescriptive, CASS-aligned model. 

Both banks and payment and e-money firms should be using this period to ensure operational readiness, with coordinated updates required across documentation, systems and controls. Firms should also expect closer supervisory scrutiny, particularly at the outset of the new regime.

This trajectory sits alongside broader cross-sector regulatory convergence, including the extension of conduct expectations such as non-financial misconduct (NFM) within the Conduct Rules (COCON) and Fit and Proper (FIT) frameworks, reinforcing that non-bank firms are increasingly becoming subject to the same cultural, governance and accountability standards as banks.

Taken together, these developments point to a clear policy direction: a more integrated regulatory perimeter in which evolving payment and e-money business models are brought into closer alignment with the prudential, operational and conduct expectations traditionally applied to the banking sector.