Open mobile menu
Make an enquiry

Featured services

 

VIEW ALL SERVICES
Close
Home » Insights » CASS 15: How new FCA rules will change safeguarding obligations for EMIs and PSDs

CASS 15: How new FCA rules have changed safeguarding obligations for EMIs and PSD firms

21 Aug 2025

By Philip Buckingham, Compliance Director, UK at IQ-EQ and Daniel Rose, Partner, Audit and Assurance at Gravita

The Financial Conduct Authority (FCA)’s CASS 15 rules impose new client money safeguarding and audit obligations on electronic money institutions (EMIs) and payment services directive (PSD) firms. The FCA published its final rules on 7 August 2025, allowing a nine-month implementation period with the rules coming into effect 7 May 2026. If your firm has never had a CASS audit, now’s the time to assess readiness, update your systems and controls, and begin compliance planning.

The UK’s Client Assets Sourcebook (CASS) currently sets the standard for how investment firms with the relevant permissions are obliged to hold, safeguard and reconcile client money and assets. Traditionally, the most robust client money safeguarding standards have applied to investment firms under existing CASS 7 rules. But the lighter touch previously extended to e-money firms is changing.

The FCA’s new CASS 15 framework will bring client money safeguarding standards for e-money institutions and payment services firms toward parity with investment firms, introducing a significantly higher level of scrutiny than many of these firms have faced before. In a nutshell, there are four key new standards expected of these firms:

  1. Annual CASS audits by qualified auditors
  2. Monthly reporting
  3. Daily checks to make sure the right amount of money is being safeguarded to protect customers
  4. Better planning in case the firm fails so customers receive their money back sooner

Following the publication of the final rules in FCA Policy Statement PS25/12, CASS 15 implementation will occur on 7 May 2026, giving firms nine months to prepare. For those who haven’t previously been subject to a CASS audit, the arrival of CASS 15 represents a fundamental shift in what regulators will expect from your safeguarding systems, documentation, and reporting processes. In this article, we dive into each of the new standards for EMIs and PSD firms and outline what should be done now to prepare.

What are the new safeguarding requirements under CASS 15?

1. Annual CASS audits by qualified auditors

A CASS audit is an independent review of how your firm holds, safeguards and reports client money and assets.

Historically, e-money and payment firms haven’t needed to undergo CASS audit reports – or any audit reports – with the FCA. But under CASS 15, audit reports and a Breaches Schedule will be reportable to the FCA at least on an annual basis.

These annual audits are required to ensure that:

  • Your books and records correctly reflect and substantiate the clients for whom cash is held and reconciles to the cash held in a client account
  • You have robust systems and controls in place to operate the cash as well as safeguard those funds throughout the period

The Policy Statement confirms that the audits are to be completed by qualified, regulated auditors to ensure consistent audit quality.

Firms who do not meet the threshold of safeguarding £100,000 of relevant funds within a period of at least 53 weeks are exempt from the audit requirement, but are recommended to receive a voluntary audit to ensure they meet their obligations.

2. Daily checks to ensure right amount of money is being safeguarded

One of the key updates is that the rules now state that payment firms must conduct safeguarding reconciliations daily.

Reconciliations will be due every reconciliation day rather than business day, which is intended to ease the burden on firms. However, this does not prevent payment firms from deciding to perform a reconciliation on a business day that isn’t a reconciliation day due to the nature, volume and/or complexity of their business.

Reconciliations are intended to check the accuracy of a firm’s books and records. The FCA has therefore replaced the existing deposit resource and requirement with a higher-level comparison.

The new comparison considers relevant funds that should be held in relevant funds bank accounts, or as relevant assets in relevant assets accounts (the “D+1 segregation requirement”) against the balances of those accounts (the “D+1 segregation resource”). If the D+1 segregation resource is lower than the D+1 segregation requirement, the firm will need to remedy the shortfall.

Payment firms must document how they will meet their obligations to their clients under the safeguarding report. A firm’s policies and procedures should set out how they plan to ensure that the external safeguarding reconciliations will achieve their purpose. As such, the FCA has implemented the requirement to maintain resolution packs, with an amendment to clarify the requirement relating to client contracts. Resolution packs should include:

  • Where the relevant funds are held
  • A list of the firm’s agent and distributors
  • The firm’s procedures for the management, recording and transfer of relevant funds and assets

Resolution packs will help ensure payment firms maintain, and can easily retrieve, information that would help achieve a timely return of relevant funds to consumers.

In order to assist firms and achieve the most efficient model, most effective resolution packs tend to be “living documents” that link directly to the latest versions of the relevant records.

3. Monthly reporting

Under the new rules, firms will need to report to the FCA on a monthly basis regarding relevant funds safeguarded by the firm.

The reporting of regular information facilitates a targeted, proactive approach to the regulator’s supervision and assessment of risks across the portfolio. This follows the pattern of proactive monitoring taken by the FCA throughout the first half of 2025.

The FCA’s rationale for this approach includes:

  • Identifying firms that use a non-standard method of reconciliation
  • Determining which assets are held with custodians

The monthly return has been amended to reflect the new, higher-level comparison of the relevant funds that should be held in relevant accounts with the introduction of the D+1 segregation requirement.

Although throughout the new rules there have been thresholds implemented to avoid increasing scrutiny on smaller payment firms, this has not been applied to the monthly reporting requirements.

4. Planning for firm failures

As detailed above, the D+1 requirement and resource are being implemented to monitor whether firms have adequate safeguarding resources. If not, the firm is expected to remedy the shortfall. The firm should have organisational arrangements in place to ensure it does not settle such payments using funds it’s required to segregate.

Within the policies and procedures, the FCA expects to see evidence of this planning, such as an instruction to return the funds to the customer in an orderly manner. In the event of failure, the firm is expected to have funds safeguarded in a range of approved, secure, liquid assets that can be easily accessible for consumers requiring reimbursement post-failure.

How can EMIs and PSDs prepare for CASS 15?

Under CASS 15, e-money firms will need to:

  • Build stronger internal systems and controls to safeguard client money
  • Create and maintain a CASS Resolution Pack, a set of records that lay out how client money is held and protected
  • Align their operational set-up with current expectations for investment firms (e.g. continuous documentation, real-time audit readiness and enhanced FCA reporting capability)
  • Appoint a suitable auditor with CASS experience and formally report that auditor to the FCA

Understanding how CASS 15 will impact your firm – and planning sooner rather than later – is key to staying on the right side of regulators. The firms that thrive under CASS 15 will be the ones that start preparing now, not just a few weeks before implementation.

Your compliance roadmap should include:

  • Impact assessment: Understand which parts of your firm will be affected and how the new rules align with your current processes
  • Gap analysis: Identify where your current safeguarding systems fall short of the expected standards
  • Process and tech review: Evaluate whether your current tech stack and workflows are audit-friendly or require improvements
  • Resolution pack preparation: Compile the required documents, including safeguarding structure, account details, reconciliations, client agreements and failure resolution protocols, so you’re ready for inspection
  • Engage an auditor: Partner with a CASS-experienced auditor early to plan the process and avoid bottlenecks or last-minute surprises, ensuring your report is submitted within four months of the period end

Every action you take ahead of the finalised rules will help prevent rushed remediation, failed audits, or FCA interventions, reducing your risk and sending a strong readiness signal to clients and partners.

How Gravita and IQ-EQ can help prepare for CASS 15 audits and safeguarding compliance

Together, we help firms prepare, comply with and align to the updated CASS 15 requirements.

We provide regulatory support and compliance consulting:

  • CASS 15 impact assessments
  • Gap analysis and remediation planning
  • Process design and improvement for safeguarding systems and controls
  • Resolution Pack setup

Gravita delivers independent CASS audits:

  • Plan and undertake a smooth audit to confirm compliance with CASS 15
  • Client money audit report confirming compliance (or non-compliance) with CASS 15 throughout the period and the period end
  • Identification and formal documentation of breaches, either firm- or auditor-identified
  • Reporting and submitting audit results to the FCA

With our combined expertise, we can help you transition to CASS 15 smoothly, stay compliant and show regulators your safeguarding environment is built to last.

Ready to get ahead of CASS 15? Contact us to start your readiness plan today.

Meet our IQ-EQ author

Philip Buckingham

Director, Compliance, UK

United Kingdom

+44 20 7397 5450
LinkedIn

Philip Buckingham

Director, Compliance, UK

Regulatory Compliance
Subscribe to insights

Related insights

Insight

Private & Institutional Asset Owners

A guide to private funds: why, when, and where

26 Jun 2024

The state of digital adoption report
Insight

Fund & Asset Managers

The state of digital adoption report

17 May 2024

Insight

Fund & Asset Managers

What is private debt? Strategies, risks and rewards

By David Giannone

16 Apr 2024

View more insights
Working with IQ-EQ has been seamless – you and your team understand our business, advise us appropriately, and handle your side of our collective partnership so that we can focus on making good investment decisions. Evan Gibson SVP, Merchants Capital

Get in touch with us today

We’re ready to listen.

Make an enquiry

Interested in joining our team?

We are always on the lookout for passionate people that possess IQ and EQ to join our growing team.

View job vacancies