Safeguarding requirements for payment institutions

Safeguarding is the obligation on authorised payment institutions (APIs) and electronic money institutions (EMIs) to protect funds received from payment service users or in exchange for electronic money. The purpose of safeguarding is to ensure that, in the event of the firm’s insolvency, customer funds are available for distribution to customers in priority to other creditors.

The safeguarding requirements for payment institutions are set out in PSRs 2017 regulations 23 and 24 and in the FCA’s Approach Document on Payment Services and Electronic Money. For electronic money institutions, the corresponding requirements are in the Electronic Money Regulations 2011 (EMRs 2011) regulations 20 to 22. The FCA’s Client Assets Sourcebook (CASS) does not apply to safeguarded funds; the safeguarding regime is a distinct statutory framework.

There are two permitted methods of safeguarding. Under Method 1 (the segregation method), the firm must place relevant funds in a separate account with an authorised credit institution or the Bank of England by the end of the business day following receipt, or by the end of the business day following the point at which the firm ceases to carry out the payment transaction. The account must be designated as a safeguarding account and the funds must not be commingled with the firm’s own funds. Under Method 2 (the insurance or guarantee method), the firm must obtain an insurance policy or a comparable guarantee from an authorised insurer or credit institution covering the amount of funds that would otherwise be required to be segregated.

FCA supervisory expectations

The FCA has identified safeguarding as a priority supervisory area. Its Dear CEO letters to payment firms in 2023 and 2024 highlighted persistent weaknesses in safeguarding compliance, including failures to reconcile safeguarded funds daily, inadequate safeguarding account arrangements, commingling of relevant funds with firm funds, and insufficient record-keeping to enable prompt distribution in the event of insolvency.

The FCA consulted in 2024 (CP24/20) on reforms to the safeguarding regime, proposing a move towards a statutory trust model similar to CASS. The proposed changes include requiring firms to hold safeguarded funds on trust for customers, strengthening reconciliation requirements, introducing enhanced record-keeping and reporting obligations, and requiring an annual safeguarding audit by an independent auditor. The FCA intends to finalise these rules in 2025, with a transitional period for implementation.

Firms must also comply with the safeguarding-related provisions of the FCA’s Senior Managers and Certification Regime (SM&CR). The firm’s governing body and its senior management function holders are responsible for ensuring that the firm’s safeguarding arrangements are adequate and comply with the regulatory requirements. Failings in safeguarding can result in enforcement action against the firm and, where appropriate, against the individuals responsible.

Consumer Duty and payments

The FCA’s Consumer Duty (PS22/9), which came into force on 31 July 2023 for open products and services, applies to payment service providers and electronic money institutions in respect of their regulated payment services. The Consumer Duty introduces a new Consumer Principle (Principle 12), requiring firms to act to deliver good outcomes for retail customers, and is supported by three cross-cutting rules: act in good faith, avoid causing foreseeable harm, and enable and support retail customers to pursue their financial objectives.

The Consumer Duty is implemented through four outcome areas. The products and services outcome requires firms to ensure that their payment products are designed to meet the needs of the target market and do not cause foreseeable harm. The price and value outcome requires firms to assess whether the price charged for a payment service provides fair value to customers, taking into account the quality of the service, the costs of provision, and the benefits to the customer. The consumer understanding outcome requires firms to ensure that their communications are clear, fair, and not misleading, and that customers can make informed decisions about payment services. The consumer support outcome requires firms to provide support that meets the needs of their customers, including vulnerable customers.

For payment firms, the Consumer Duty has particular implications in several areas. Pricing transparency for payment services, including fees, charges, and exchange rate margins, must meet the fair value standard. Customer communications, including terms and conditions, payment notifications, and complaint handling information, must be tested against the consumer understanding outcome. Firms must also consider the needs of vulnerable customers in the design of their services and support processes.

Complaints handling and the Financial Ombudsman Service

Payment service providers must comply with the FCA’s complaint handling rules in DISP (Dispute Resolution: Complaints sourcebook). Firms must acknowledge complaints promptly, investigate them competently, and provide a final response within eight weeks. Where the firm cannot resolve the complaint within that period, or the customer is dissatisfied with the response, the customer may refer the complaint to the Financial Ombudsman Service (FOS).

The FOS has jurisdiction over complaints relating to payment services, including unauthorised transactions, failed payments, delays in execution, and charges. The maximum award the FOS can make is currently GBP 430,000 for complaints about acts or omissions on or after 1 April 2024. Payment firms should maintain complaint records, analyse root causes, and report to the FCA as required under DISP 1.10.

How bratby.law helps

bratby.law advises payment institutions, electronic money institutions, and their investors on safeguarding compliance, Consumer Duty implementation, and customer protection requirements. Our managing partner holds a General Counsel appointment at UK Payments Initiative Limited and advises on regulatory strategy and scheme-level consumer protection frameworks.

Our work in this area includes:

• Safeguarding compliance reviews, including assessment of Method 1 and Method 2 arrangements against FCA expectations
• Preparing for the transition to the proposed statutory trust safeguarding model
• Consumer Duty implementation programmes for payment firms, including fair value assessments, target market analysis, and customer communications reviews
• Vulnerable customer policies and processes for payment service providers
• Complaint handling frameworks, FOS readiness, and root cause analysis
• Regulatory engagement with the FCA on safeguarding audits, skilled persons reviews, and supervisory correspondence
• Board and senior management briefings on safeguarding obligations and SM&CR accountability

Book a call

For advice on safeguarding compliance, Consumer Duty implementation, or FCA supervisory engagement, book a call with Rob Bratby.

FAQs

What is the difference between safeguarding and CASS?

Safeguarding under PSRs 2017 and EMRs 2011 is a distinct statutory regime separate from the FCA’s Client Assets Sourcebook (CASS). CASS applies to investment firms and insurance intermediaries; safeguarding applies to payment institutions and electronic money institutions. The key difference is legal form: safeguarded funds are currently protected by regulatory requirements rather than a statutory trust, although the FCA has proposed moving to a trust model. The practical requirements differ in areas such as reconciliation frequency, reporting obligations, and the treatment of funds in insolvency.

Does the Consumer Duty apply to all payment services?

The Consumer Duty applies to regulated payment services provided to retail customers. It does not apply to services provided exclusively to business customers that are not micro-enterprises (firms with fewer than 10 employees and annual turnover or balance sheet below EUR 2 million). However, most payment services are available to a mixed customer base, and firms should assume the Consumer Duty applies unless they can clearly demonstrate that a service is provided exclusively to non-retail customers. The FCA expects firms to evidence their target market analysis and fair value assessments.

What are the FCA’s proposed changes to safeguarding?

In CP24/20, the FCA proposed replacing the current safeguarding requirements with a statutory trust model. Under the proposed regime, payment institutions and EMIs would hold safeguarded funds on trust for their customers, providing clearer legal protection in insolvency. The proposals also include enhanced daily reconciliation requirements, a requirement for annual safeguarding audits by independent auditors, and more detailed record-keeping obligations. The FCA intends to finalise the rules in 2025 with a transitional period. Firms should begin gap analysis against the proposed requirements now.

What happens to safeguarded funds if a payment institution becomes insolvent?

Under the current regime, safeguarded funds benefit from the protection in PSRs 2017 regulation 23(16): in the event of insolvency, the claims of payment service users are paid from the asset pool in priority to all other creditors. However, there is legal uncertainty about whether this creates a proprietary interest or merely a statutory priority. The FCA’s proposed move to a trust model is intended to resolve this uncertainty by ensuring that safeguarded funds are held on trust and are therefore not available to the firm’s general creditors. Until the reforms take effect, the practical protection depends on the quality of the firm’s safeguarding arrangements and the accuracy of its records.

Related payments regulation pages

See also our other payments regulation pages:

• Authorisation and Licensing
• Open Banking and Variable Recurring Payments
• PSR and Scheme Governance
• Operational Resilience and DORA

See also: Sector-Specific Data Protection.