FCA Safeguarding Regime Changes – Effective May ‘26

The introduction of CASS-style rules, enhanced reporting, mandatory audits, and resolution planning means safeguarding must now operate as a continuous, embedded discipline across finance, operations, risk, and technology.

This post sets out the practical actions firms need to take to meet the new requirements and to move from safeguarding intent to demonstrable operational control.

12 POINT ACTION LIST

1. Perform a Full Safeguarding Gap Analysis (CASS 15).
2. Assign Clear Senior Accountability for Safeguarding.
3. Implement Robust Daily Reconciliation and Fund Controls.
4. Update Bank and Custodian Acknowledgement Letters.
5. Create and Maintain a Resolution Pack (CASS 10A).
6. Commission Annual Safeguarding Audits (SUP 3A).
7. Prepare for Monthly Safeguarding Regulatory Returns (SUP 16.14A)
8. Review Insurance or Guarantee Safeguarding Arrangements.
9. Implement Controls for Unallocated or Unidentified Funds. 
10. Update Training, Policies, and Internal Documentation.
11. Confirm Scope, Applicability, and Transitional Position.
12. Build a Single Safeguarding Implementation Framework.

ACTIONS

1. Perform a Full Safeguarding Gap Analysis (CASS 15)

 What firms must do
Download the FCA’s updated “Our Approach to Payment Services and Electronic Money” (May 2026 draft) and conduct a structured, line-by-line gap analysis of existing safeguarding arrangements against CASS 15.

Why this matters
CASS 15 introduces a CASS-style operational framework for safeguarding, setting explicit expectations around segregation, reconciliation, records, and controls. While statutory duties under the PSRs and EMRs remain, firms are now supervised primarily against Handbook standards.

Regulatory references

• FCA Approach (May 2026 draft):
  https://www.fca.org.uk/publication/finalised-guidance/fca-approach-payment-services-electronic-money-2017-may-2026-draft.pdf
• FCA Handbook – CASS 15 (effective view):
  https://handbook.fca.org.uk/handbook/CASS/15/?date=2026-05-07

 2. Assign Clear Senior Accountability for Safeguarding

 What firms must do
Formally appoint a Director or Senior Manager with explicit responsibility for safeguarding compliance. Update governance documents, role descriptions, and escalation frameworks accordingly.

 Why this matters
The FCA has signalled a clear move toward personal accountability for safeguarding failures, consistent with broader SYSC expectations.

Regulatory references

• FCA Handbook – SYSC 2 (Senior management arrangements):
  https://handbook.fca.org.uk/handbook/SYSC/2 

3. Implement Robust Daily Reconciliation and Fund Controls

 What firms must do
Ensure systems and controls support reconciliation of relevant funds at least every business day, with discrepancies identified, investigated, and resolved promptly.

Why this matters
Reconciliation is a core FCA supervisory focus. Weak reconciliation processes are consistently cited as a root cause of safeguarding failures.

How Trusek’s Platform Helps

Trusek’s Core Ledger utilises double entry book-keeping to record and reconcile all transactions. In the event of any discrepancies, the double-entry process provides full data transparency for investigation and resolution purposes.

Bank Reconciliation Reports can be generated on demand to highlight any discrepancies for investigation and rectification.

Regulatory references

• FCA Policy Statement PS25/12:
  https://www.fca.org.uk/publication/policy/ps25-12.pdf
• FCA Handbook – CASS 15:
  https://handbook.fca.org.uk/handbook/CASS/15/?date=2026-05-07

 4. Update Bank and Custodian Acknowledgement Letters

What firms must do
Replace all existing safeguarding acknowledgement letters with new CASS-compliant versions, using the FCA-prescribed wording and guidance. This includes banks, custodians, and (where applicable) insurers or guarantors.

Why this matters
Legacy acknowledgement letters will not meet the new requirements. This is a critical third-party dependency and often one of the longest lead-time items.

Regulatory references

• FCA Handbook – CASS 15 Annex 2 (Acknowledgement letter guidance):
  https://handbook.fca.org.uk/handbook/CASS/15/Annex2.html?date=2026-05-07

5. Create and Maintain a Resolution Pack (CASS 10A)

What firms must do
Compile and maintain a Resolution Pack containing key safeguarding information (manuals, account details, contact lists, trust documentation) that can be retrieved rapidly in the event of insolvency.

Why this matters
The resolution pack is distinct from a wind-down plan and is designed to enable an insolvency practitioner to return customer funds quickly and accurately.

Regulatory references

• FCA Handbook – CASS 10A (Resolution packs):
  https://handbook.fca.org.uk/handbook/CASS/10A

 6. Commission Annual Safeguarding Audits (SUP 3A)

What firms must do
Where average relevant funds exceed the applicable threshold, appoint a qualified external auditor to conduct an annual safeguarding audit.

Why this matters
Independent assurance is now a formal part of the safeguarding framework and must be embedded into compliance planning and evidence management.

How Trusek’s Platform Helps

Bank reconciliation and Client Fund Reports will assist external auditors. Additional reports can be created and generated on demand as required.

Regulatory references

• FCA Handbook – SUP 3A:
  https://handbook.fca.org.uk/handbook/SUP/3A

 7. Prepare for Monthly Safeguarding Regulatory Returns (SUP 16.14A)

What firms must do
Develop processes, controls, and data pipelines to submit monthly safeguarding returns to the FCA, covering balances, reconciliation outcomes, and concentration risk.

Why this matters
The FCA is moving from periodic supervision to near-real-time visibility of safeguarding risk across the sector.

How Trusek’s Platform Helps
Trusek’s platform includes processes, controls and data reports to assist with creation of regulatory safeguarding returns

Regulatory references

• FCA Handbook – SUP 16.14A (Safeguarding returns):
  https://handbook.fca.org.uk/handbook/SUP/16/14A.html

 8. Review Insurance or Guarantee Safeguarding Arrangements

What firms must do
Where safeguarding is achieved through insurance or a guarantee, review policy terms to ensure they meet regulatory expectations and do not contain restrictive or impractical payout conditions.

Why this matters
The FCA expects firms to understand not just the existence of cover, but how it would operate in practice under stress or insolvency.

Regulatory references

• Payment Services Regulations 2017 – Regulation 23:
  https://www.legislation.gov.uk/uksi/2017/752/regulation/23
• Electronic Money Regulations 2011 – Regulation 20:
  https://www.legislation.gov.uk/uksi/2011/99/regulation/20

 9. Implement Controls for Unallocated or Unidentified Funds

What firms must do
Ensure systems and ledgers can identify, isolate, and appropriately treat unallocated or unidentified funds, preventing them from sitting in operational accounts during investigation.

Why this matters
The FCA has repeatedly identified unallocated funds as a high-risk failure point in safeguarding arrangements.

How Trusek’s Platform Helps
Trusek’s Core Ledger utilises double entry book-keeping to record and reconcile all transactions. In the event of any unallocated or unidentified ledger provides full data transparency to ensure that these funds do not sit in operational accounts during investigation.

All unidentified funds are placed into suspense accounts pending investigation and posting to correct account.

Regulatory references

• FCA Handbook – CASS 15:
  https://handbook.fca.org.uk/handbook/CASS/15/?date=2026-05-07

 10. Update Training, Policies, and Internal Documentation

What firms must do
Train relevant staff across Compliance, Risk, Finance, and Operations on the new safeguarding framework. Update all internal manuals and procedures to reflect the shift to explicit CASS-style rules.

Why this matters
Safeguarding is no longer a high-level concept; it is an operational discipline requiring consistent execution and clear escalation routes.

Regulatory references

• FCA Approach (May 2026 draft):
  https://www.fca.org.uk/publication/finalised-guidance/fca-approach-payment-services-electronic-money-2017-may-2026-draft.pdf

 11. Confirm Scope, Applicability, and Transitional Position

What firms must do
Confirm how the new regime applies to the firm’s permissions, activities, and any run-off or transitional status.

Why this matters
PS25/12 clarifies scope and avoids firms over- or under-implementing requirements.

Regulatory references

• FCA Policy Statement PS25/12:
  https://www.fca.org.uk/publication/policy/ps25-12.pdf

 12. Build a Single Safeguarding Implementation Framework

What firms must do
Ensure implementation plans explicitly cover all four pillars of the new regime:

• CASS 15 (Safeguarding rules)
• CASS 10A (Resolution pack)
• SUP 3A (Audits)
• SUP 16.14A (Monthly returns)

Why this matters
The FCA views these as a single, integrated safeguarding framework, not standalone obligations.

How Trusek’s Platform Helps
Trusek’s platform includes processes, controls and data reports to facilitate audits and assist with creation of regulatory monthly returns.

Regulatory references

• FCA Policy Statement PS25/12:
  https://www.fca.org.uk/publication/policy/ps25-12.pdf

Next Steps

The FCA’s safeguarding reforms are designed to test not just intent, but execution. Firms that can evidence accurate reconciliations, robust controls, reliable reporting, and audit-ready records will be best placed to meet supervisory expectations under the new regime.

Trusek works with payment and electronic money firms to embed these capabilities into day-to-day operations, supporting reconciliation, reporting, audit readiness, and operational control.

To discuss how Trusek can help you prepare for the May 2026 safeguarding changes, please get in touch.

Web: https://www.trusek.com

Email: hello@trusek.com

Phone: +44 (0) 207 048 0470

LinkedIn: Trusek on LinkedIn