With just six months remaining until the Financial Conduct Authority’s (FCA) strengthened safeguarding rules come into force under Policy Statement PS25/12: “Changes to the Safeguarding Regime for Payments and E-Money Firms” (effective 7 May 2026), firms must ensure their development roadmaps deliver a safeguarding framework that is robust, complete and audit-ready.
PS25/12 represents the most significant tightening of safeguarding expectations since the Payment Services Regulations 2017 (PSRs) and Electronic Money Regulations 2011 (EMRs). The FCA has made it unequivocally clear: existing industry safeguarding standards are insufficient, deficiencies present unacceptable risks to customers and supervisory expectations are rising sharply.
The next six months will determine whether firms are adequately prepared, or dangerously exposed.
What Is Changing? A Detailed Breakdown of PS25/12 Requirements
- More Frequent, More Rigorous Reconciliations
Previously, firms conducted reconciliations once per business day, often using simplified or delayed methodologies. Under PS25/12, this process is significantly tightened.
Reconciliations, both internal and external, must now occur on every “reconciliation day” (excluding weekends, UK bank holidays, and days on which relevant foreign markets are closed). Each reconciliation must be fully documented, timestamped and auditable. Discrepancies must be investigated immediately and resolved promptly via defined escalation procedures.
- Strict BooksandRecords Requirements
Firms are required to maintain accurate, clear and reconcilable records that:
- Identify relevant funds and distinguish them from other balances;
- Track the initial receipt and segregation of relevant funds;
- Document safeguarding account structures;
- Record third-party custodians and insurers; and
- Capture agent/distributor/outsourcing arrangements.
A mandatory Resolution Pack must also be maintained, including:
- A full safeguarding process map;
- Safeguarding account lists and acknowledgement letters;
- Locations of safeguarding records;
- Funds flow diagrams;
- Third-party agreements and due diligence; and
- Insolvency and wind-down procedures.
- Monthly Safeguarding Regulatory Returns
Firms must now submit monthly regulatory returns (not quarterly), covering:
- Balances of relevant funds;
- Where funds are held;
- Method of safeguarding;
- Shortfalls/excesses;
- Reconciliation exceptions; and
- Third-party arrangements.
- Annual Safeguarding Audit Requirement
Most firms are required to undergo an annual independent safeguarding audit conducted by a specialist auditor, with the exception of those safeguarding less than £100,000 on a rolling 53-week basis. These audits are designed to assess several critical components of the firm’s safeguarding framework, including evidence of daily reconciliations, the effectiveness of segregation controls, the quality and accuracy of record-keeping, the robustness of third-party oversight arrangements, the completeness of the Resolution Pack and the level of Board governance and oversight in place.
- Stricter Oversight of Third-Party CustodiansandInsurers
The FCA expects firms to apply greater due diligence when appointing and monitoring safeguarding banks, custodians, and insurers. This enhanced oversight is designed to ensure that third-party arrangements are robust, clearly documented, and subject to regular review. Key requirements include:
- Documented reviews and risk assessments
- Mandatory naming of safeguarding accounts
- Acknowledgement letters from third parties, where applicable
For firms using insurance or guarantee methods to safeguard relevant funds, additional obligations apply:
- Contingency plans must be established at least three months prior to the expiry of the cover
- If renewal is not secured, firms must promptly transition to the segregation method of safeguarding
- Tougher Governance Expectations
Safeguarding is now elevated to a core governance function, requiring firms to demonstrate clear senior management responsibility, regular delivery of Management Information (MI) to the Board, documented responses to any safeguarding issues and firm-wide safeguarding training. These measures are intended to embed safeguarding oversight at the highest levels of the organisation, ensuring accountability and regulatory alignment.
Six-Month Safeguarding Quick Steps
To meet the new safeguarding requirements, firms should follow a focused, time-bound approach:
- Assess and Plan: Identify gaps against PS25/12, map relevant fund flows, update core safeguarding policies and begin the Resolution Pack.
- Implement and Test: Upgrade reconciliation and segregation systems, run test reconciliations, strengthen third-party oversight and prepare for the annual audit.
- Embed and Finalise: Conduct full live reconciliations, complete a mock FCA return, finalise the Resolution Pack and reporting processes and secure senior management sign-off.
How Complyport Can Help
Complyport supports payment institutions, e-money firms, fintechs and other regulated entities in designing, implementing, and embedding safeguarding frameworks fully aligned with PS25/12 and FCA expectations.
Our expert-led services include:
- Gap Analysis and Maturity Assessment: A detailed review of your current safeguarding framework, including reconciliations, segregation controls and governance structures.
- Safeguarding Controls Mapping: We assess your current safeguarding controls against PS25/12 requirements and provide clear, actionable recommendations, supported by expert guidance on regulatory interpretation.
- On-Demand Regulatory Advice: Access safeguarding expertise as needed. Whether interpreting FCA guidance, addressing complex safeguarding scenarios or preparing for audits, our team is available to provide timely and practical support.
- Internal Safeguarding Assurance Review: Pre-audit assurance reviews to validate evidence, testing and Board documentation ahead of FCA scrutiny or independent audits.
- Training and Board Workshops: Delivery of tailored safeguarding training for staff and governance sessions for Boards and senior management, reinforcing oversight responsibilities.
Get Ready with Confidence
Contact Complyport today to discuss how our safeguarding experts can help you meet PS25/12 requirements with confidence and efficiency.
Book a meeting with a Subject Matter Expert now.
Ask ViCA, your Virtual Compliance Assistant. Claim your complimentary 20 queries today! Register here: https://vica.chat
