The FCA’s CASS 15 safeguarding rules are now in force, introducing a more prescriptive regime for payment and e-money firms that receive or hold relevant funds.
The changes mark an important shift in how safeguarding is expected to operate day to day. Firms are no longer being assessed only on whether policies, procedures and controls exist. They also need to evidence that safeguarding arrangements are working in practice, with reliable records, repeatable reconciliations and clear oversight of exceptions, third parties and customer funds.
For many payment firms, the challenge is operational. Daily safeguarding reconciliation depends on clean data from multiple sources, including banks, processors, ledgers, custodians and internal systems. Monthly returns require consistent reporting information. Annual audits require evidence that can be explained and traced. Resolution packs need to remain current, rather than being assembled only when requested.
Firms reviewing the rules will naturally have practical questions. What needs to happen every reconciliation day? What evidence will auditors expect to see? How should breaks be logged and escalated? Which records need to be available, and how easily could they be produced if challenged?
This quick guide summarises the main CASS 15 safeguarding requirements and the evidence payment firms need to maintain under the updated regime. It covers daily reconciliation, monthly safeguarding returns, annual audits, CASS resolution packs, acknowledgement letters, third-party oversight and the practical questions firms should ask before their first safeguarding audit.
No forms. no follow ups 👇
