Emre Eryilmaz, Business Development Manager at reconciliation specialists Aurum Solutions, discusses everything that payment and e-commerce firms need to know about the Financial Conduct Authority’s (FCA) proposed safeguarding regime and the steps they can take to stay compliant. 

The regulatory landscape for payment and e-money institutions is poised for significant change. The FCA’s CP24/20 consultation – launched in September 2024 – proposes stricter safeguarding requirements such as enhanced reconciliation and record-keeping, more rigorous monitoring and reporting, and the introduction of a statutory trust. 

These measures aim to align these firms more closely with traditional financial institutions when it comes to protecting client assets.

At present, however, the rules governing these institutions differ. Payment and e-money firms are currently regulated by the Payment Service Regulations (2017) and the Electronic Money Regulations (2011), while traditional financial institutions holding client assets must comply with the FCA’s more robust Client Asset Sourcebook (CASS) rules.

With the consultation closing on 17 December and the FCA set to outline its final proposals in the first half of 2025, now is the time to assess the reasoning behind the proposed changes and how payment firms can prepare.

Safety first 

Poor practices around safeguarding client assets are by no means a new problem. It has long been in the press with headlines such as “Wirecard Scandal Exposed Chinks in UK Safeguarding Rules”; instances like this often leave customers without access to their funds

The FCA has responded accordingly and over the past couple of years has set the path to new safeguarding regulations. In 2023, it announced “enhanced rule-making powers” to strengthen safeguarding requirements for payments and e-money institutions; a commitment that has now been reaffirmed with the proposed changes to safeguarding rules. 

The incentive to tackle this issue is made even greater given the growing size of the UK fintech and payments market. As of 2023, the UK has an estimated 53 million users of digital payment services. People across the country rely on payment and e-money institutions for their day-to-day transactions and the FCA is right to recognise that this industry is too big to fail. 

Playing catch up 

While noteworthy news for payments and e-money institutions, many other traditional financial institutions already comply with what the FCA is seeking to enforce. 

For the likes of investment and insurance firms, CASS regulations already exist and are the blueprint for what the FCA is looking to introduce, who have themselves described the proposed rules as ‘CASS-style’.

Fortunately, the verdict is resoundingly positive for CASS rules. These rules played a pivotal role in restoring trust in financial services following the financial crises of the 2000s by preventing the misuse of client funds and ensuring the protection and return of client assets in the case of insolvency – and they continue to do so today. 

Even if payment and e-money institutions might fear that additional compliance requirements will distract from innovation, they should welcome new CASS-inspired regulations. They offer a route to building trust and having more timely access to data for purposes beyond compliance.   

What will be required? 

The proposed regulations draw inspiration from the CASS rules, emphasising several critical areas: 

  • Reconciliation – Institutions will be required to perform daily reconciliations between internal records and third-party accounts. This will ensure accurate segregation of client funds and allow firms to have the relevant data they require for sending new reports to the FCA as part of these changes.
  • Risk management – Payments firms will be required to maintain a “resolution pack” – similar to how banks and financial institutions must have recovery and resolution plans – to ensure they can return funds to a client in a timely manner should a collapse take place.
  • Oversight – Firms must appoint external auditors to verify compliance with safeguarding requirements and submit monthly regulatory returns to the FCA, outlining safeguarded amounts, reconciliation activities, and any breaches.
  • Third-party due diligence – The new regulations will probably demand that payment firms exercise an increased level of due diligence over their safeguarding partners and other third parties. They will also be encouraged to diversify their use of third parties to minimise risk.

How to get ahead

The FCA’s proposed safeguarding regulations mark a pivotal moment for payment and e-money institutions. The popularity of these firms continues to increase rapidly, and as of 2023, money held in e-money issuer safeguarding accounts and those by payment firms totalled a huge £18bn.  

As usage of these businesses grows, so too must their responsibility. By aligning their practices with those of traditional financial entities, these institutions can strengthen consumer protection and contribute to the stability of the financial sector. 

Compliance with these regulatory changes is not merely a regulatory obligation but an opportunity to build trust and resilience in an increasingly complex financial landscape.