On 7th May 2026, the FCA introduced a strengthened safeguarding framework for payment services and e‑money firms. The new Supplementary Regime, alongside amendments to the FCA’s Approach Document, came into force on 7 May 2026 and represents one of the most significant overhauls of safeguarding requirements.
These changes come following the FCA’s findings that payment and e-money firms do not have sufficiently robust safeguarding practices under the current regulations, resulting in an unacceptable risk of harm to consumers and market integrity. To combat this, changes place far greater emphasis on robust books and records, enhanced regulatory oversight, and strengthened operational procedures for how firms safeguard customer funds.
Firms were required to assess their existing arrangements carefully and, in many cases, undertake material implementation work well ahead of the commencement date to remain compliant.
The main changes required by firms are in relation to the following areas:
Improving books and records
Enhancing monitoring and reporting
Strengthening elements of safeguarding
Who do the new safeguarding rules apply to?
The new FCA safeguarding requirements apply to:
Authorised payment institutions (excluding those solely providing payment initiation services or account information services)
Authorised electronic money institutions
Small electronic money institutions
Credit unions which issue e‑money in the UK
Small payment institutions (SPIs) remain outside scope but may continue to opt in to the safeguarding regime if they choose to do so.
Key safeguarding changes payment and e‑money firms must implement
1. Improved books and records
Mandatory daily safeguarding reconciliations
One of the most operationally significant changes is the requirement for payment and e-money firms to perform safeguarding reconciliations at least once on every business day, excluding weekends, public holidays and days when relevant foreign markets are closed. The frequency of these checks cannot be varied.
This requirement is intended to be distinct from and in addition to the ongoing maintenance of a firm’s book and records. Separately, firms must continue to ensure they can, at any time and without delay, distinguish relevant funds from other funds.
Escalation and notification obligations
Firms are now required to maintain adequate safeguarding policies and procedures and to notify the FCA without delay if certain events occur, including where:
Internal records are materially out of date, inaccurate or invalid,
The firm cannot perform an internal or external reconciliation,
A reconciliation discrepancy cannot be remedied, and
There has been a material discrepancy at any time in the previous year between the amount of relevant funds safeguarded and the amount that should have been safeguarded.
Resolution packs
Firms must also maintain a resolution pack designed to support the timely return of customer funds in an insolvency scenario.
2. Enhanced monitoring and reporting
Annual safeguarding audits
Certain authorised payment institutions and electronic money institutions will be required to arrange annual safeguarding audits by a qualified auditor where the firm safeguards more than £100,000 of relevant funds.
Firms will be expected to submit their first audit within 6 months of the end of their auditing period and submissions thereafter are due within 4 months of the end of their auditing period. It is important that firms have an auditor lined up so that the audit can be performed within the required timescale.
Failing to safeguard relevant funds will generally be treated as a matter of material significance, triggering existing statutory auditor notification obligations under the PSRs and EMRs.
Monthly safeguarding regulatory returns
Firms will also be required to submit a new monthly regulatory return (form REP027) focused on safeguarding. Rather than reporting detailed reconciliation metrics, firms will need to confirm that they have conducted at least one internal and external safeguarding reconciliation on each reconciliation day. External reconciliations compare the balances recorded in payments firms’ internal records to those of third parties, such as banks.
3. Strengthening elements of safeguarding
Greater scrutiny of third parties
Where payment and e-money firms use third parties to hold, manage or insure relevant funds, they must exercise due skill, care and diligence in appointment and ongoing review. This includes considering diversification, ensuring safeguarding funds are clearly identifiable (including use of “safeguarding” in account names where possible), and obtaining acknowledgement letters from banks or custodians.
Insurance and comparable guarantees
The FCA is tightening requirements around safeguarding through insurance or guarantees. Firms must ensure there are no conditions or restrictions on policy pay‑out other than certification that an insolvency event has occurred.
Crucially, firms must have a contingency plan in place at least three months before such cover expires. Where no replacement or renewal is in place, firms must be ready to transition to safeguarding via segregation and notify the FCA accordingly. This framework is intended to prevent high risk scenarios where customer funds become inadequately protected.
What payment and e-money firms should do now
The new regime took effect from7 May 2026, so any firm that has not yet completed its compliance review must do so urgently.
Key priorities include:
Assessing reconciliation processes, systems and resource,
Designing and maintaining a compliant resolution pack,
Reviewing third‑party arrangements and acknowledgement letters,
Evaluating audit readiness and reporting capabilities,
Stress‑testing insurance‑based safeguarding models; and
Ensuring they have the information available in order to complete for REP027.
How our Regulatory team can help
Our Regulatory team can advise payment institutions and e‑money firms on initial readiness and ongoing compliance with safeguarding and conduct requirements.
Ways we can assist include:
Analysis of current systems and implementation planning: assessing existing safeguarding arrangements against the new requirements and developing a clear, proportionate roadmap to compliance.
Policy and documentation support – drafting and reviewing safeguarding policies, reconciliation procedures, escalation frameworks and resolution packs to meet FCA expectations.
Third‑party and outsourcing reviews – supporting due diligence exercises, reviewing bank and custodian acknowledgement letters, and advising on contractual protections with safeguarding account providers, insurers and asset custodians.
Regulatory engagement and notifications – assisting with FCA notifications, audit-related matters, changes to safeguarding methods and communications arising from reconciliation issues or insurance renewals.
Ongoing advisory support – providing day‑to‑day regulatory advice, and tailored training for senior management, compliance teams and operational staff.
If you would like to discuss the impact of the new safeguarding regime on your firm, please contact us to speak to a specialist member of our commercial and regulatory team.
Mark Chapman
General Counsel, Head of Commercial & Regulatory
This reflects the law and market position at the date of publication and is written as a general guide. It does not contain definitive legal advice, which should be sought in relation to a specific matter.
