FCA Approach Document v8: safeguarding regime consolidated, May 2026
In short: The FCA Approach Document version 8 sets the supervisory expectation for the safeguarding regime that took effect on 7 May 2026. UK PSPs and EMIs must operate segregation, daily reconciliation, monthly returns and an annual audit under CASS 15, CASS 10A, SUP 16.14A and SUP 3A. A designated senior individual is accountable for the regime.
For a PSP or EMI compliance team that has just lived through the 7 May 2026 commencement of the supplementary safeguarding regime, version 8 of the FCA Approach Document, published the same day, is the operational text that anchors how the FCA will supervise that regime. The Approach Document does not change the rules. It sets out how the FCA reads them in supervision: what the FCA expects to see on segregation, daily reconciliation, the resolution pack, the safeguarding audit and the designated senior individual.
Where the FCA Approach Document sits in the rule stack
The statutory safeguarding obligation sits in regulation 23 of the Payment Services Regulations 2017 (PSRs 2017) and regulations 20 to 22 of the Electronic Money Regulations 2011 (EMRs 2011). The duty is to safeguard relevant funds, by segregation in a designated account with an approved credit institution, or by an insurance policy or comparable guarantee.
The FCA’s Policy Statement PS25/12 (7 August 2025) tightened the operational discipline. From 7 May 2026, the insurance and guarantee methods are withdrawn for new arrangements. Segregation in a designated account is the required primary method. Firms must hold an acknowledgement letter from the account bank, reconcile relevant funds against customer liabilities daily, submit monthly safeguarding returns to the FCA, obtain an annual third-party safeguarding audit, maintain a resolution pack, and designate a senior individual with safeguarding accountability. The rule chapters carrying these obligations are CASS 15 (safeguarding), CASS 10A (resolution packs), SUP 16.14A (monthly returns) and SUP 3A (auditors’ safeguarding reports). Our compliance checklist and earlier brief on the regime set out the rule architecture.
What version 8 of the FCA Approach Document adds
The FCA Approach Document is non-binding guidance. It does not create obligations; it sets out the FCA’s reading of obligations the rules already impose. That makes it the supervisory text the FCA will measure firms and auditors against when the FCA opens a supervisory dialogue, requires a skilled-person report under section 166 of the Financial Services and Markets Act 2000 read with regulation 90 PSRs 2017, or escalates to enforcement under Part 5 PSRs 2017.
Version 8 is the first consolidating revision of the FCA Approach Document since the November 2024 version 6. The March 2026 version 7 covered the contactless payments exemption under the SCA-RTS and did not touch the safeguarding chapter. Version 8 records changes to chapters 1, 2, 3, 4, 10 and 13 of the Approach Document, a new model acknowledgement letter at Annex 6, and amendments to chapter 8 to align with the new contract termination rules in regulation 51 PSRs 2017. The substantive safeguarding additions track PS25/12: the safeguarding and resolution pack chapters draw out how the FCA expects firms to operate the CASS 15 daily reconciliation, the CASS 10A resolution pack and the SUP 16.14A returns, and what the FCA expects the safeguarding audit to cover.
Three points carry the operational weight on safeguarding. First, the model acknowledgement letter at Annex 6 sets the FCA’s preferred form of words. Account banks vary in their willingness to sign the model letter; the consolidated text reduces the bilateral friction that has slowed implementation since PS25/12 was published on 7 August 2025. Second, version 8 expresses the FCA’s expectation that the resolution pack is a continuously maintained mapping between every recorded customer balance and the corresponding safeguarded funds, in a form an external insolvency practitioner can use without prior knowledge of the firm’s systems. Third, version 8 frames the safeguarding audit as a substantive control test, not a procedural sign-off. The new contract termination workstream sits in chapter 8 and is covered separately.
| Theme | Position before 7 May 2026 | Position from 7 May 2026 (and as version 8 reads it) |
|---|---|---|
| Safeguarding methods | Three methods available: segregation, insurance policy, or comparable guarantee (PSRs 2017 reg 23, EMRs 2011 regs 20 to 22). | Segregation is the required primary method for new arrangements. Insurance and guarantee methods may not be used for new arrangements; existing arrangements run off (CASS 15). |
| Reconciliation | No prescribed reconciliation cadence in the rules. | Daily reconciliation against customer liabilities, with topping-up where a shortfall is identified (CASS 15). |
| Returns to the FCA | No standing safeguarding return; ad-hoc supervisory information requests. | Monthly safeguarding returns to the FCA (SUP 16.14A). |
| Audit | No mandatory third-party safeguarding audit. | Annual third-party safeguarding audit (SUP 3A). |
| Resolution | No standing resolution pack obligation. | Continuously maintained resolution pack mapping customer liabilities to safeguarded funds (CASS 10A). |
| Accountability | Safeguarding sat with general internal accountability frameworks. | Designated senior individual notified to the FCA, sitting above the safeguarding workflow. |
What the FCA Approach Document means for compliance teams
For an incumbent PSP or EMI, the question the FCA will ask at the next supervisory touchpoint is whether the firm’s operational state matches the version 8 reading. The most demanding item is the resolution pack. A pack that lists where the safeguarded funds are held, without a continuously maintained mapping to customer liabilities at the line level, will not enable an insolvency practitioner to return funds within the timeframes the FCA expects. Firms that built their resolution pack to a literal reading of the rule in advance of 7 May 2026, without the FCA’s operational gloss, should expect the audit and the supervisory dialogue to push them further.
The daily reconciliation discipline is the second pressure point. The reconciliation must compare recorded customer liabilities, outstanding e-money balances and payment-services obligations, with the actual safeguarded funds, identify any shortfall, and trigger a topping-up obligation within prescribed timeframes. In a high-velocity payments business that is a treasury-and-operations workflow, not a finance-team end-of-month exercise.
For new entrants in the application stage, chapter 3 of version 8 is the operative material. The FCA will read the applicant’s safeguarding arrangements against the version 8 expectations on account designation, acknowledgement letters, reconciliation and resolution pack readiness. Authorisation is unlikely on a thin operational base. The supplementary regime sits inside the broader UK payments modernisation work and the FCA work programme 2026 push on payments firm conduct.
The designated senior individual is the accountability anchor. The FCA expects this person to be senior enough to bind the firm, and present at board level when safeguarding is discussed. The role is not a Senior Management Function under the Senior Managers and Certification Regime: SM&CR does not apply to PIs and EMIs by virtue of their PSRs or EMRs authorisation, as our SM&CR scope post sets out. The “designated senior individual” terminology in the supplementary regime is deliberate; it marks accountability without inadvertently extending SM&CR to a regime it does not reach.
Viewpoint
Version 8 of the FCA Approach Document is the binding constraint in supervision, not the rule text in isolation. Firms that read CASS 15 in 2025 and built to its literal terms will find the supervisory expectation tighter on three points: the resolution pack must work as an operational artefact under stress, not as a document on a shelf; daily reconciliation must run from treasury, not from month-end finance; and the designated senior individual must own the regime end-to-end. The Approach Document does not create new obligations. It sharpens the existing ones to the point at which the FCA can supervise them coherently.
In our experience advising payments firms moving through authorisation and on safeguarding remediation, the area that catches most firms is the resolution pack mapping. A pack that reads well on paper but cannot be operated under stress is the failure mode the FCA is now positioned to identify, and identify quickly. Version 8 also carries a second substantive workstream on contract termination, which our companion post addresses.
Frequently asked questions
Is the FCA Approach Document binding?
No. The FCA Approach Document is non-binding guidance. It does not create obligations. It sets out how the FCA reads the rules in supervision. The rules sit in the PSRs 2017, the EMRs 2011 and the FCA Handbook (CASS 15, CASS 10A, SUP 3A and SUP 16.14A). The Approach Document is the operational manual the FCA expects firms and auditors to follow when applying those rules.
When was version 8 published?
Version 8 of the FCA Approach Document was published on or around 7 May 2026, the same date as the commencement of the supplementary safeguarding regime under CASS 15. The FCA’s key publications page for electronic money and payment services records version 8 as the current version. A draft text was published on 7 August 2025 alongside PS25/12; version 8 supersedes that draft.
Do small PIs and small EMIs need to comply?
Yes, where they hold relevant funds. The CASS 15 obligations apply to all authorised payment institutions and electronic money institutions, and to small PIs and small EMIs that voluntarily safeguard. Account information service providers that do not hold relevant funds are outside the regime. The FCA has carved out firms that hold less than £100,000 of customer funds from the audit obligation.
Does SM&CR apply to PIs and EMIs under the supplementary regime?
No. The Senior Managers and Certification Regime applies to firms authorised under section 31 of the Financial Services and Markets Act 2000. PIs are authorised under regulation 6 of the PSRs 2017 and EMIs under regulation 9 of the EMRs 2011. The supplementary regime uses “designated senior individual” terminology precisely to mark that distinction. The designated senior individual is notified to the FCA but is not a Senior Management Function holder.
What is in the model acknowledgement letter at Annex 6?
The model letter is the FCA’s preferred form for the bank’s acknowledgement of the safeguarding account. It confirms that the bank holds the account for safeguarding purposes, that no general lien or set-off applies, that the bank will provide the FCA with information about the account on request, and that any security interest the bank takes is consistent with the safeguarding regime. Account banks vary in their willingness to sign the model letter; the version 8 text consolidates the FCA’s position to reduce the bilateral friction that has slowed implementation since 7 August 2025.
If you are mapping your safeguarding arrangements to version 8 of the FCA Approach Document, or preparing for the first audit cycle, contact Rob Bratby at Bratby Law. Our payments product, safeguarding and scheme governance page sets out our work for PIs and EMIs on the supplementary regime.
