By Éilis Corcoran, Senior Compliance Consultant
With the FCA’s new safeguarding regime – including CASS 15, enhanced governance expectations and mandatory safeguarding audits under SUP 3A – going live on 7 May 2026, the window for firms to prepare is rapidly closing. This is no longer a regulatory change on the horizon. It is days away and firms must act now.
The FCA has repeatedly signalled that many electronic money institutions (EMIs) and authorised payment institutions (APIs) continue to fall short on basic safeguarding requirements: unclear fund flows, inconsistent reconciliations and records that won’t withstand audit scrutiny. Historic insolvencies revealed average shortfalls of 65% between customer balances and safeguarded funds, highlighting major weaknesses in governance, reconciliation and record‑keeping.
CASS 15 is designed to expose these weaknesses from day one. Firms that are not ready by 7 May risk immediate audit findings and regulatory attention.
Below are the key controls which must be in place now, not later.
1. The real problem: safeguarding controls don’t operate consistently
A recurring FCA finding is that firms have policies on paper, but controls that don’t operate as intended in practice. Inconsistency is the common cause of:
- Misidentified “relevant funds”
- Reconciliation discrepancies
- Unclear safeguarding account structures
- Missing or outdated documentation
CASS 15 responds directly by requiring daily internal and external reconciliations (excluding weekends, public holidays and relevant market closures), supported by clear, timely and accurate management information (MI).
What firms need to do now
- Automate reconciliation data collection where possible
- Build a single MI view covering discrepancies, ageing, breaches and corrections
- Document reconciliation logic clearly and ensure it’s applied consistently
Reconciliations must now function as core safeguarding controls, ready for immediate auditor review.
2. Governance must be provable – not implied
Under the new regime, safeguarding oversight must sit clearly with a designated senior manager, supported by evidence of review, challenge and escalation. This reflects the FCA’s ongoing emphasis on individual accountability.
What firms need to do now
- Assign a safeguarding owner with defined responsibilities
- Provide routine safeguarding MI to the board or equivalent governing body
- Refresh governance maps, role descriptions and escalation frameworks
Safeguarding governance must be designed to withstand scrutiny, including external audits.
3. Books and records must be complete, accurate and retrievable
The FCA continues to find firms unable to explain where funds are held or how they move through the business. CASS 15 formalises expectations around:
- Identification of relevant funds
- Safeguarding account structures
- Reconciliation methodologies
- End-to-end fund‑flow documentation
Critically, these records must be retrievable at short notice, not pieced together when auditors arrive.
4. Resolution readiness is now a regulatory expectation
Under CASS 10A, firms must maintain a Resolution Pack that enables an insolvency practitioner to return safeguarded funds quickly. This requires:
- A complete map of all safeguarding accounts
- Up-to‑date details of agents, distributors and custodians
- Clearly documented fund flows
- Defined reconciliation procedures and ownership
The Resolution Pack must be treated as a live operational framework, not an annual compliance exercise.
5. Safeguarding audits will expose operational weaknesses
Annual safeguarding audits (under SUP 3A) will require firms to demonstrate working controls, not just documented policies. Firms safeguarding less than £100,000 are exempt, but everyone else must prepare for independent testing.
FRC Interim Guidance – what it means for firms
The Financial Reporting Council’s (FRC) Interim Guidance is intended to support auditors during the transition to the new regime. It confirms that the guidance:
- Is non‑mandatory
- Does not replace EMRs, PSRs or CASS 15
- Is a temporary framework pending a dedicated safeguarding assurance standard expected in 2027
For firms, this means audits will be more structured and more consistent, though not yet a full “CASS 5‑style” audit. Firms should still expect:
- Deeper testing of reconciliations
- Assessment of governance and escalation
- Close scrutiny over the completeness and accessibility of the Resolution Pack
Strong documentation will not compensate for weak controls.
Additional expectations under the FRC Interim Guidance
Auditors are expected to apply a ‘zero‑materiality’ threshold, meaning even minor breaches will be reportable to the FCA.
The guidance also signals heightened scrutiny of fund flows, reconciliation processes and documentation quality. Auditors will expect processes to be clear, consistent and audit‑ready throughout the period, not reconstructed at year‑end.
With audits commencing after 7 May, firms must be audit‑ready from day one.
Where firms struggle most – and how we can help
1. Reconciliations and MI that actually work
We help firms implement reconciliation controls, exception tracking and MI frameworks that meet both FCA and audit expectations.
2. Governance that stands up to regulatory scrutiny
IQ‑EQ supports firms in allocating safeguarding responsibility, redesigning governance documentation and establishing robust board‑level reporting.
3. A Resolution Pack that is genuinely audit‑ready
We build structured, complete Resolution Packs designed for real insolvency scenarios, not compliance shelf‑ware.
4. Operational embedding, not tick‑box compliance
We translate policy into practice through controls, procedures, training and documentation that operate effectively day‑to‑day.
The deadline is fixed and the FCA will expect readiness
With CASS 15 going live on 7 May, firms no longer have time to spare.
Safeguarding must shift from reactive compliance to operational resilience – now.
IQ‑EQ is supporting EMIs and APIs across the sector to finalise reconciliations, strengthen governance and build audit-ready Resolution Packs.
To discuss how our UK compliance consulting team can support your CASS 15 implementation, get in touch today.
