CASS 15 and the safeguarding confidence gap

The CASS 15 deadline has passed. For most UK payment and e-money firms, the policies are written, ownership is assigned and the preparation programmes have run their course. On that measure, the sector got ready.

But the live regime tests something that preparation never did: not whether a firm understands the rules, but whether its safeguarding process can run every reconciliation day, produce evidence on demand and explain itself under scrutiny. That is a different question, and the answer across much of the sector is still being built.

Kani’s safeguarding readiness research, conducted across 75 compliance and finance professionals at FCA-regulated payment institutions and EMIs, captures the gap clearly. Some 32% of firms describe themselves as already compliant with the updated rules, and a further 49% have identified the changes they need and are implementing them. By that reading, four in five firms are ready or close to it.

Yet only 13% currently perform safeguarding reconciliations daily. The majority reconcile weekly (53%), more than a quarter monthly (28%), and a small group less often than that. Daily reconciliation sits at the centre of the updated regime, and nearly nine in ten firms are not yet operating at that cadence.

The confidence gap in its plainest form: Firms feel ready, and on paper they are. The operating model underneath has further to travel.

 

 

Daily reconciliation is a different process, not a faster one

The instinct, faced with a daily requirement, is to run the existing weekly process more often. The data suggests why that rarely works.

Moving reconciliation from weekly to daily does not simply increase the frequency of a task. It changes the risk the task is there to manage. Under a weekly cadence, a mismatch between safeguarding requirement and safeguarding resource can sit undetected for several days; daily reconciliation narrows that window to hours.

Investigation changes character too. A daily check examines a single day’s activity, while a weekly one turns root-cause analysis into reconstruction, with teams working backwards across days of transactions, system updates and manual adjustments to find where a break began.

Evidence is the third shift. The FCA’s resolution-pack standard expects recent reconciliations to be immediately available, and a process that runs infrequently makes timestamped positions, version control and traceability harder to maintain. A weekly rhythm does not just slow detection. It weakens the evidential trail the regime now depends on.

None of this is a scheduling problem. It is an operating-model problem, and it is the reason “we understand CASS 15” and “we run CASS 15” have turned out to be such different statements.

The pattern is bigger than safeguarding

It would be easy to read the reconciliation numbers as a safeguarding story alone. They are not. Safeguarding is simply the first regime where a wider pressure became a dated, mandatory, daily fact.

Kani’s separate research among 75 senior payments executives — CEOs, CTOs, CFOs and COOs across card processors, e-money institutions, issuers, acquirers and neobanks — points to the same tension at sector level. Nearly half (49%) say regulatory expectations are changing faster than their systems can adapt. A similar share (45%) say compliance costs are rising faster than revenue.

Those two figures explain the safeguarding data rather than just sitting alongside it. Systems struggle because regulatory change rarely arrives as a clean technical requirement; it cuts across data sources, reporting logic, controls and review processes that have evolved over years. The result is an operating model that can absorb a new rule intellectually faster than it can absorb it operationally. Safeguarding is where that lag stopped being abstract and acquired a go-live date.

 

 

Operating model decides how far a firm gets

If daily reconciliation is the test, the operating model largely determines the score — though not in the way firms often assume.

Grouped by approach, spreadsheet-only firms show the weakest cadence: two-thirds reconcile monthly or less often. Semi-automated and fully automated firms fare better, with around a third in that lowest bracket. Tooling clearly moves firms out of the weakest posture and into a more controlled weekly rhythm.

The more revealing point is where the improvement stops. Daily reconciliation stays low across every operating model, ranging only from 11% to 15%. Automation lifts the baseline; it does not, on its own, deliver daily control. For firms that have automated and still reconcile weekly, the question is whether daily operation was ever a design requirement, or whether existing workflows were built for weekly efficiency and never re-engineered.

 

 

The gap between weekly and daily is where the safeguarding operating model really matters. Safeguarding draws on bank data, ledger positions, processor files, customer balances, manual adjustments, exception review and sign-off. When those sit across different systems, manual effort can carry a periodic cycle but struggles to repeat reliably every day. Reaching daily is less about adding effort and more about removing the manual touchpoints that cannot scale with frequency.

Evidence is the second test

Frequency is only half of readiness. The other half is whether a firm can produce the evidence when asked.

Only 36% of firms report instant or near-instant access to a complete safeguarding evidence pack. Most need several hours, and a small but material group need two to five days. Against the resolution-pack standard, which expects key records to be immediately available, that distribution exposes a divide between firms that maintain evidence and firms that assemble it.

Maintained evidence is generated as the process runs — reconciliations, calculations, supporting records and review steps captured along the way, ready to retrieve. Assembled evidence is pulled together after the request, with teams locating files, extracting data, checking versions and tying figures back to source. The first holds up under a 48-hour retrieval expectation. The second is exposed the moment records are needed quickly or explained in detail.

Operating model shapes this sharply. Among fully automated firms, 44% have real-time access to evidence and 88% can produce a pack within one working day. Among spreadsheet-only firms, two-thirds need at least six hours and a third need more than a full day.

The same divide surfaces in audit confidence: while 84% of firms say they could explain every calculation to an auditor, only 35% are very confident, and spreadsheet-only firms show the weakest profile, with 22% lacking confidence their reports would withstand scrutiny. A figure can be accurate and still be hard to explain. Under CASS 15, firms need both.

 

 

Building for the daily standard

The lesson running through the research is consistent. CASS 15 readiness is not settled by understanding the rules or by having a programme in flight. It is settled by whether safeguarding can operate as a daily control without relying on manual assembly.

For firms still running weekly or monthly cycles, the next step is not to run the same process more often but to design one built for daily execution: data arriving in usable form without manual preparation, reconciliation logic applied consistently across every run, exceptions surfaced and escalated as they occur, and evidence generated as an output of the process rather than reconstructed on request.

The sector has done the harder-to-see half of the work. Awareness is near universal, and most firms are actively implementing change. What remains is the operational half — turning a understood regime into a process that runs every day and proves it did. The firms best placed for what comes next will be those that treat safeguarding as part of the financial operating model, not as a reporting exercise completed after the fact.

Kani’s safeguarding readiness research surveyed 75 professionals across FCA-regulated Authorised Payment Institutions and Electronic Money Institutions. The executive figures are drawn from a separate Kani survey of 75 senior payments leaders.

 

Preparing for daily safeguarding?

Preparing for daily safeguarding? Kani helps payment institutions and EMIs automate safeguarding reconciliation, maintain audit-ready evidence and meet the FCA’s daily expectation under CASS 15. Explore our safeguarding compliance solution.