🖊️ Payments and E-Money firms will be pleased that the FCA has introduced an exemption from the safeguarding audit if a payments firm has not been required to safeguard more than £100,000 of relevant funds at any time over a period of at least 53 weeks.

🗑️ The FCA also ditched its plans for limited assurance engagements.

8 Aug 2025

💱 The FCA has now clarified that not all funds received by FX payment institutions are “relevant funds”. If the foreign exchange transaction is independent of a payment service, the FX institution acts as principal and is not required to safeguard those funds, provided that its policies and procedures ensure clear separation from relevant funds.

⚠️ However, if the exchanged currency is retained for a subsequent payment service or issuance of e-money, it becomes relevant funds immediately and must be safeguarded.

💸 This distinction does not apply where:
– The service is a currency transfer, or
– Funds are received for issuing e-money in a different currency.
In such cases, safeguarding obligations apply from the moment funds are received.

💡 Evidence of independent FX arrangements, like instructions to return proceeds to a customer’s bank account, is key.

🔍 Finally, the FCA also highlights the importance of the Consumer Duty. Institutions offering both payment and non-payment services must clearly inform customers—upfront—about whether, when, and how their funds will be protected, and which services benefit from that protection. This clarity is essential to avoid breaching the Consumer Protection (Principle 12) and the cross-cutting rules in PRIN 2A.2 to act in good faith and enable and support retail customers to pursue their financial objectives.

10 Aug 2025

🌍 The FCA has introduced a subtle yet significant change to CASS 15.1.5G following its consultation (and compared to paragraph 10.26 of the previous Approach Document). This revision could have a substantial impact on payment firms that previously excluded safeguarding funds based on a historic interpretation of territorial scope.

🔑 Key takeaway: This exclusion applies only when firms operate from outside the UK, i.e. through overseas branches.

11 Aug 2025

🔍 Change in terminology: The FCA now refers to this process as a “high-level comparison” rather than a reconciliation. While the terminology has changed, the underlying principle remains: a reconciliation is, by definition, a comparison of two data sources.

📉 Less prescriptive methodology: The methodology has been reduced from seven lines of requirements in CP24/20 to just two in the final CASS 15 rules. However, this does not materially reduce operational complexity as the core objective remains unchanged: to verify compliance with PSRs 23(6) or EMRs 21(2).

⚙️ Operational reality: Firms are still required to source sufficient and appropriate data (and possibly capture more data for each transaction) to perform the comparison effectively. In practice, the burden of execution remains largely intact, raising questions about whether this “simplification” is more semantic than substantive.

12 Aug 2025

🔍 It is often referred to in the industry as the “cut-off” points used in other parts of the CASS rulebook—essentially the time at which a firm captures its books and records for reconciliation. Usually, that’s around midnight, give or take an hour depending on the system. So while the concept isn’t new, CASS 15 formalises it.

❓ Yes—and it makes sense. CASS 15 envisages that certain firms may carry out more than one internal safeguarding reconciliation per day, and therefore have multiple reconciliation points.

20 Aug 2025

Imagine it’s audit season at your firm. You have six* months after year-end to complete the first safeguarding audit under the new regime – likely governed by the forthcoming FRC Safeguarding Assurance Standard. *Four months for subsequent periods thereafter.

As your safeguarding auditor begins their planning, what will they be looking for? Here is an indicative request list to expect:

✅ Business and operating model
✅ Flow of funds and account structures
✅ Key IT systems/tech stack for safeguarding
✅ Safeguarding policy
✅ Reconciliation policies and procedures
✅ Safeguarding oversight committee terms of reference, minutes and meeting pack
✅ Organisational chart of key individuals and location (if within a wider group)
✅ Compliance monitoring programme
✅ Internal audit plan
✅ Safeguarding rules applicability assessment
✅ Risk and controls documentation
✅ Safeguarding training log
✅ FCA correspondences
✅ Resolution Pack
✅ Safeguarding Return
✅ Breaches log
✅ Complaints log

🤓 P.S. I was a CASS and safeguarding audit partner at a Big-4 firm, and am currently laser focused on this topic, so trust me, this is just the warm-up. Once the walkthrough and fieldwork kick off, expect a few more (and more) information requests!

21 Aug 2025

❓ Who uses them? Primarily aimed at Insolvency Practitioners, but it is requested annually by the CASS Auditor, and regulatory visits by the FCA.

What are the common challenges?

🧠 Mindset: A failure to embrace the Resolution Pack’s core purpose: ensuring a smooth and swift return of client money and assets in the event of insolvency.

📄​ Static Document: The pack is not treated as a living document. It contains missing files, broken links, or information that no longer reflects the firm’s current operational reality.

📥​ Poor Retrievability: The CASS Resolution Pack and its associated documents are not readily retrievable or fully accessible to regulators and insolvency practitioners when needed.

🛠️ ​Impractical for Third Parties: The pack is not written with an informed external party in mind. It’s filled with internal jargon and assumes a level of corporate knowledge that prevents a third party from effectively identifying, reconciling, and returning client funds.

27 Aug 2025

With less than 8 months until the new “relevant funds regime” goes live, one key ingredient is still missing: the “Relevant Funds Audit Standard.” ⏳ The FRC needs to draft it, publish it for public consultation, and finalise it – all in time for the go-live date of 7 May 2026.

For context, when the first Client Assets Assurance Standard was introduced more than a decade ago in 2015, this process took about six months from the start of the consultation to finalisation. 🗓️ That consultation ran from May to July 2015, with the Standard finalised in November 2015 and effective from 1 January 2016.

I am optimistic that with a foundation already in place, the new CASS Audit Standard for the payments and e-money sector may be developed more efficiently. Fingers crossed! 🙏

12 Sept 2025

📖 Request the Quick Reference Guide for CASS

As firms prepare to implement the new requirements, robust governance, risk management, and internal controls are not optional—they are essential to meeting FCA expectations and passing a rigorous CASS audit.

This Quick Reference Guide offers practical insights to help you build a strong foundation from day one. It covers:

• ✅ Key design principles for effective CASS internal controls
• 🛠️ Implementation tips to embed controls that stand up to scrutiny
• 🔍 Audit focus areas under the FRC Client Assets Standard

Getting it right the first time is not just about compliance—it is about protecting client assets, safeguarding your firm’s reputation, and avoiding costly remediation later.