PS25/12 – FCA Changes to the Safeguarding Regime for Payments and E-Money Firms

From May 2026, the Financial Conduct Authority is bringing in sweeping changes to how payment and e-money firms protect customer funds. These reforms, published in PS25/12, are aimed at fixing weaknesses that have led to big losses when firms failed, in some cases, customers got back less than half of what they were owed.

Why now? The payments and e-money sector has exploded in size, £26bn in safeguarded e-money last year, up from £11bn in 2021. One in ten UK e-money holders now use these accounts for everyday spending. That makes the stakes higher if things go wrong.

The big changes:

• Daily reconciliations (excluding weekends and bank holidays) to ensure safeguarded funds match customer balances.
• Resolution packs so insolvency practitioners can quickly return money.
• Annual safeguarding audits for most firms, unless they hold under £100,000 in safeguarded funds.
• Monthly FCA returns with simplified reporting on safeguarding positions.
• Stronger rules for due diligence, diversification of safeguarding banks/custodians, and contingency planning for insurance or guarantee lapses.
• An extended 9-month preparation window before the rules kick in.

For customers, these changes mean their money is less likely to be caught in delays or lost if a firm fails. For firms, the next nine months are about getting systems, records, and third-party relationships ready.

Safeguarding Changes with PS25/12 📚

1. Books & Records

1.1 Reconciliation Frequency & Method

Requirement: The FCA now requires reconciliations to be performed on “reconciliation days” rather than every business day. Reconciliation days exclude weekends, UK bank holidays, and days when relevant foreign markets are closed. Each reconciliation must compare the D+1 Segregation Requirement, which is the amount of customer funds that should be safeguarded at the end of the previous day, against the D+1 Segregation Resource, which is the actual amount held in safeguarding accounts. Any shortfall must be corrected immediately, and firms must use their own funds if necessary to make up the difference.

Fintech Application: Consider a fintech EMI that offers multi-currency accounts. At the close of business on a Friday, the ledger shows that the firm should be safeguarding £5,200,000. However, the actual safeguarding accounts hold £5,180,000. The treasury function must move £20,000 from the corporate account into the safeguarding account before the next reconciliation day on Monday. This ensures there is no breach of the safeguarding requirement over the weekend. An automated alert in the core banking system can notify the treasury team of any shortfall in real time, reducing operational risk.

1.2 Separate Reconciliations for E-money vs. Unrelated Payment Services

Requirement: Funds received in exchange for issued e-money must be safeguarded and reconciled separately from funds received for payment services that are unrelated to e-money issuance. The reconciliations for each category must be performed independently to ensure transparency in the event of insolvency.

Fintech Application: Imagine a fintech that issues prepaid cards, which is an e-money activity, and also offers domestic bill payment services, which is an unrelated payment service. The firm maintains two separate safeguarding accounts — one at Barclays for e-money funds and another at HSBC for payment service funds. Reconciliations are run separately for each account. This prevents funds from being mixed and ensures that an insolvency practitioner can identify the exact amount available for each customer group without legal disputes over ownership.

1.3 Non-standard Reconciliation Methods

Requirement: Firms may use non-standard reconciliation methods only if they document precisely how the method meets safeguarding obligations, obtain an independent auditor’s review and written approval before implementation, and seek new auditor approval for any material changes.

Fintech Application: A global fintech that processes cross-border remittances may find that a standard reconciliation method cannot fully account for T+1 settlement delays in USD transactions from US partners. In this case, the firm designs a bespoke reconciliation process that factors in settlement lags and currency conversion cut-offs. Before adopting it, the firm commissions an independent audit to confirm that the method still accurately detects safeguarding shortfalls. This approach provides flexibility for complex operations while maintaining compliance.

1.4 Resolution Pack

Requirement: A resolution pack must be maintained as a live document containing details of all safeguarding accounts and custodians, a list of agents and distributors, step-by-step procedures for moving and returning funds, and copies of all key safeguarding-related contracts. The pack must be kept up to date at all times.

Fintech Application: A mid-sized EMI holding £40m in safeguarded funds keeps its resolution pack in a secure SharePoint workspace with restricted access. The pack contains a direct feed from banking APIs showing real-time balances in all safeguarding accounts, a directory of all distributors with contact information, and process maps illustrating the flow of customer funds from receipt to safeguarding. When the firm opens a new safeguarding account at ClearBank, the compliance team updates the pack the same day to ensure it reflects the current operational reality.

2. Monitoring & Reporting

2.1 Annual Safeguarding Audit

Requirement: Most firms must arrange for an annual safeguarding audit to be conducted by a qualified auditor with safeguarding expertise. The audit assesses compliance with safeguarding rules over the period. Firms safeguarding £100,000 or less at all times in the past 53 weeks are exempt. The first audit under the new rules must be submitted within six months of the audit period end; subsequent audits must be submitted within four months.

Fintech Application: An EMI processing £50m per month appoints a specialist payments-sector audit firm to conduct its safeguarding audit. The auditor examines reconciliation records, reviews the terms of safeguarding bank accounts, and verifies the insurance policy used for safeguarding. The audit findings are presented to the Board along with recommended remediation actions. The firm’s compliance team runs internal safeguarding reviews every quarter to ensure that by year-end, the audit process is straightforward and there are no major surprises.

2.2 Monthly FCA Safeguarding Return

Requirement: All firms must submit a monthly safeguarding return to the FCA. This includes confirmation that internal and external reconciliations were performed on every reconciliation day, D+1 requirement versus resource data, details of custodians and asset holdings, notification if non-standard reconciliation methods are used, and separate reporting for e-money and unrelated payment services funds.

Fintech Application: A fintech with operations in GBP and EUR configures its core banking platform to generate a monthly safeguarding report on the first day of each month. The report automatically extracts reconciliation confirmations, balance comparisons, and custodian details. The compliance team reviews the report for anomalies before uploading it to the FCA’s RegData system. This automation reduces manual errors and ensures timely, accurate reporting.

3. Strengthened Safeguarding Practices

3.1 Third-party Due Diligence

Requirement: Firms must exercise due skill, care, and diligence when selecting banks, custodians, or insurers to hold safeguarding funds or assets. They must also consider diversification and document their decisions, acting on them when appropriate.

Fintech Application: A UK EMI safeguarding £60m keeps all funds at a single large bank. A risk review reveals that the bank’s credit rating has dropped. The Board decides to move 40% of safeguarded funds to a second UK bank with a stronger rating. The compliance team documents the decision, including the credit risk analysis and the expected benefits of diversification, in the third-party risk register.

3.2 Investment of Relevant Funds

Requirement: Firms may continue to invest safeguarded funds in the same secure and liquid assets as before, such as high-grade money market funds and government bonds. No expansion of eligible assets has been made.

Fintech Application: An EMI invests 30% of safeguarded funds in a UK government Treasury MMF with daily redemption capabilities. Liquidity stress tests are run monthly to confirm that the firm can meet mass customer redemptions within 24 hours, even under adverse market conditions. This ensures that investment activities do not compromise liquidity.

3.3 Insurance and Comparable Guarantees

Requirement: Insurance policies or guarantees used for safeguarding must have no payout restrictions except certification of an insolvency event. Firms must decide whether to renew at least three months before expiry. If not renewing, they must submit a plan to the FCA explaining how they will switch to the segregation method. If unable to fully segregate, they must assess their financial position and consider entering insolvency to trigger the policy payout.

Fintech Application: A fintech EMI uses a £20m safeguarding insurance policy expiring on 31 August. By the end of May, the Board votes to renew the policy, but negotiations with the insurer stall. By late June, the compliance team submits a contingency plan to the FCA outlining how all customer funds will be moved into safeguarded bank accounts if the policy is not renewed by August. This ensures there is no lapse in protection.

4. Transitional Provisions

Requirement: Firms have a nine-month implementation period from publication of the rules, with compliance required by 7 May 2026. Pre-existing third-party arrangements and acknowledgement letters can remain valid initially but must be reviewed for compliance over time.

Fintech Application: A fintech has an acknowledgement letter from its main safeguarding bank dated 2021. Although still valid after May 2026, the firm schedules a compliance review in Q3 2026 to replace it with the FCA’s updated format, ensuring that it aligns with the latest safeguarding requirements.

PS25/12 Compliance Checklist 📋

1. Governance & Policies

• Update safeguarding policy to align with CASS 10A & CASS 15 requirements.
• Define “reconciliation days” in procedures (exclude weekends, bank holidays, foreign market closures).
• Document non-standard reconciliation methods (if applicable) and obtain auditor approval.
• Ensure clear segregation of e-money vs unrelated payment services funds.

2. Books, Records & Reconciliations

• Perform daily internal & external reconciliations on reconciliation days.
• Implement D+1 segregation checks (required vs actual safeguarded balances).
• Keep reconciliations for e-money and unrelated payment services separate.
• Add controls to use third-party data only when reasonable and documented.

3. Resolution Pack

• Create/refresh resolution pack with:
• Make it a ‘living document’ linked to current records.

4. Safeguarding Audits

• Determine audit requirement:
• Appoint qualified auditor (can be different from statutory auditor).
• Align audit period & submission dates (first audit due within 6 months after period end; 4 months thereafter).

5. Monthly FCA Return

• Set up process to submit new monthly safeguarding return.
• Include:
• Remove old safeguarding questions from other returns (APIs, SPIs, EMIs, SEMIs).

6. Third Parties & Diversification

• Conduct due diligence on safeguarding banks, custodians, insurers.
• Review & document diversification considerations; act where appropriate.
• Obtain/update acknowledgement letters (pre-implementation letters valid until replaced).

7. Insurance / Comparable Guarantees

• Decide renewal/replacement ≥3 months before expiry.
• If no replacement, prepare segregation method plan and submit to FCA.
• Assess & document operational risk impact of using insurance/guarantee.

8. Training & Awareness

• Train finance, operations, and compliance teams on new rules & processes.
• Update internal audit and risk monitoring plans to cover new safeguarding regime.

The changes introduced in PS25/12 represent one of the most significant tightening of safeguarding requirements for payment and e-money firms since the original PSRs and EMRs came into force. For fintechs, these rules are more than just a compliance exercise they are an opportunity to build operational resilience, enhance customer trust, and demonstrate to regulators, partners, and investors that the business is robust and well-managed.

By embedding the new reconciliation processes, improving the quality and accessibility of records, strengthening third-party oversight, and introducing regular, independent audits, firms can reduce the risk of costly safeguarding failures and position themselves as safe, reliable players in an increasingly competitive market. The nine-month implementation window is generous, but the operational, contractual, and technological changes needed are not trivial. The most successful fintechs will be those that treat this as a strategic priority from day one, investing in systems, processes, and people to ensure full compliance well before the May 2026 deadline.

Ultimately, PS25/12 is about aligning the fintech sector with the same levels of safeguarding discipline seen in more mature parts of the financial services industry. For customers, this means greater confidence that their money is protected. For firms, it means operating in a more stable and trusted ecosystem, one where safeguarding is not just a regulatory requirement, but a fundamental part of the brand promise.