New Safeguarding Legislation for UK Payment and E-Money Firms Explained

For years, the safeguarding rules governing UK payment institutions and e-money firms have remained largely unchanged. That is now about to change significantly. In August 2025, the Financial Conduct Authority published a landmark policy statement, PS25/12.

This policy statement introduces the most comprehensive overhaul of safeguarding requirements the sector has seen since the original regulations came into force. The FCA has indicated that the first phase of the new rules will take effect on 7 May 2026.

This article explains what safeguarding is, why reform was needed, what the new rules require, and what firms need to do to prepare.

UK safeguarding overhaul timeline showing new FCA rules effective 7 May 2026 under PS25/12 policy update for payment and e-money firms.

What is Safeguarding?

At its core, safeguarding is the process used by payments and e-money firms to protect customer funds. Unlike bank deposits, which may be protected by the Financial Services Compensation Scheme (FSCS), safeguarding funds are not covered by the FSCS, but must instead be protected through segregation or equivalent methods.

The UK Financial Conduct Authority aims to ensure that customer money can be returned quickly, accurately, and with full legal clarity under these new rules.

£26bn safeguarded in 2024 by UK electronic money institutions, up from £11bn in 2021, highlighting growth in safeguarded funds and payment sector compliance.

Why Did the Rules Need to Change?

The sector has grown at a staggering pace. According to the FCA, approximately 1 in 10 e-money holders in the UK are using e-money accounts as their main day-to-day transaction accounts. Consequently, electronic money institutions safeguarded approximately £26bn of relevant funds in 2024, a significant increase from £11bn in 2021. Additionally, it estimates that payment institutions safeguard roughly £6bn on any given day in 2024.

Despite this growth, it has identified persistent weaknesses in existing safeguarding requirements. The FCA's Financial Lives Survey 2022 highlighted the high stakes involved, showing that 40% of e-money account holders possessed at least one characteristic of vulnerability, such as low resilience to financial shocks.

The regulator's objective is to return funds to these customers quickly during an insolvency event and to provide better data to identify and intervene in non-compliant firms.

What Was the Existing Framework?

Previously, firms followed the Electronic Money Regulations and the Payment Services Regulations, guided by the FCA's 'Approach Document'. However, these existing legislative safeguarding provisions were often seen as open to interpretation, leading to inconsistent record keeping and delays in returning funds during liquidations.

The Two-Stage Reform: Supplementary Regime and Post-Repeal Regime

The reform is divided into two distinct phases to allow firms to transition away from the interim rules:

Stage One: The Supplementary Regime: Focuses on strengthening current practices.

Stage Two: The Post-Repeal Regime: The long-term 'end state' rules.

Stage One: The Supplementary Regime (Effective 7 May 2026)

The Supplementary Regime rules introduce requirements for improved internal records, enhanced reporting and monitoring requirements, and strengthened elements of daily safeguarding practices. Most firms will be required to arrange an annual safeguarding audit by an auditor, with the first report due within 6 months after 7 May 2026.

Stage Two: The Post-Repeal Regime (date to be confirmed)

The proposed Post-Repeal Regime would replace the current safeguarding requirements with a Client Assets Sourcebook (CASS) style regime. Under this model, the FCA has proposed that relevant funds could be held under a statutory trust structure for consumers

The FCA has stated that it will not implement the Post-Repeal Regime proposals without further consideration and consultation.

Who Does This Apply To?

The rules apply to authorised payment institutions and authorised e-money institutions. This applies to firms that hold customer funds in connection with payment services or e-money issuance. It does not apply to credit unions, account information or payment initiation services.

While small payment institutions may have different thresholds, the majority of the sector will face increased regulatory scrutiny and compliance burdens.

What the New Rules Require

The FCA's new rules will impose substantial new internal governance obligations on payments and e-money firms. To comply, firms will likely need to upgrade their technology and internal processes to manage daily reconciliation and accurate reporting.

Books, Records and Reconciliations

The new rules move toward more consistent record-keeping. Firms must perform internal records checks and external safeguarding reconciliations at least once each reconciliation day.

Any alternative or non-standard reconciliation approaches must be clearly documented to ensure customer money is always separated from firm funds.

Annual Safeguarding Audit

Payments firms will be required to arrange an annual safeguarding audit carried out by a qualified independent auditor, separate from their statutory audit. This auditor will review the relevant audit period to ensure the safeguarding method meets the relevant rules.

Firms with less than £100,000 in customer funds for over 53 weeks are exempt from the audit requirement.

Monthly Safeguarding Return

A new monthly regulatory return must be submitted to the FCA within 15 business days of the end of each calendar month. This is designed to strengthen reporting and give the regulator a real-time view of how firms hold relevant funds.

Governance and Senior Manager Accountability

Each firm must designate a director or senior manager responsible for overseeing safeguarding compliance.

Resolution Packs

Payments firms will need to maintain a resolution pack - a collection of documents designed to help an insolvency practitioner return funds. This pack must be retrievable within 48 hours to facilitate the prompt return of customer funds in the event of insolvency.

Third-Party Due Diligence and Diversification

Firms must exercise stricter due diligence and periodic reviews when selecting banks or custodians. This includes considering relevant foreign markets and foreign exchange transactions if they invest relevant funds in liquid assets or secure liquid assets.

Insurance and Guarantee Arrangements

If using the insurance or guarantee method, firms must ensure insurance policies or comparable guarantees provide appropriate cover at all times. A contingency plan must be implemented at least three months before any policy expires.

Safeguarding Acknowledgement Letters

Firms must obtain formal acknowledgement letters from any credit institution where they hold designated safeguarding accounts, confirming the safeguarding status of those funds and that they are held in accordance with FCA requirements for the benefit of customers.

Key Dates

August 2025: PS25/12 published.

7 May 2026: Supplementary Regime rules come into force.

November 2026: Deadline for the first annual audit (for most firms).

What About the Broader Regulatory Context?

This overhaul aligns the payment sector more closely with the market integrity standards expected of traditional investment firms, ensuring that electronic money is treated with the same level of care as other financial assets.

What Do Firms Need to Do Now?

To remain compliant, firms should:

Review and Update Safeguarding Policies and Procedures to Reflect the New Prescriptive Requirements

Documentation must be audited against the new prescriptive requirements in PS25/12. Policies must explicitly cover the 'Supplementary Regime' rules and clearly define how relevant funds are identified and protected.

Build Daily Reconciliation Capability

Firms must transition away from manual or weekly processes. Systems must be implemented that are capable of performing internal or external reconciliations at least once every business day to ensure customer money is accurately segregated from firm funds.

Appoint a Senior Manager with Formal Responsibility for Safeguarding

A specific director or senior manager must be directed to take ultimate accountability for safeguarding compliance. This individual must possess the authority and oversight to intervene in non-compliance processes.

Prepare a Resolution Pack

All necessary records and legal agreements should be collated into a single, 'living' document. This pack must be retrievable within 48 hours to ensure an insolvency practitioner can distribute funds quickly in an emergency.

Conduct a Diversification Review of Safeguarding Providers

The reliance on third-party credit institutions should be evaluated. Stricter due diligence is required for current banks, and the diversification of safeguarding accounts should be considered to mitigate the risk of a single point of failure.

Commission an Annual Audit and Agree Scope and Timeline With a Qualified Auditor in Advance

A qualified auditor should be engaged promptly. Given the volume of firms requiring these audits by late 2026, agreeing on the scope and timeline in advance is critical to securing a partner and avoiding missed deadlines.

Build and Test the Monthly FCA Return Before the First Submission Deadline

The new monthly regulatory return requires granular data that current systems do not readily export. Reporting logic should be developed now, with tests conducted to ensure the ability to submit accurately within 15 business days of the month-end.

The Rules Are Changing. Your Payment Infrastructure Should Too

DECTA's infrastructure is built to support payments and e-money firms in meeting these rigorous standards - from automated reporting to robust record keeping.

Don't let the May 2026 deadline catch you off guard; ensure your payment partner is as committed to compliance as you are. Explore our trusted solutions to create a more secure and enhanced payment experience.