Payments Safeguarding: Protecting Customer Funds Under PSR and EMR

What It Is

Safeguarding is the regulatory requirement for payment institutions and electronic money issuers to protect customer funds so that they can be returned in full if the firm becomes insolvent. It is set out in Regulation 23 of the Payment Services Regulations 2017 (PSR) for payment institutions and Regulation 21 of the Electronic Money Regulations 2011 (EMR) for e-money issuers. The FCA's approach to supervising safeguarding is detailed in its Approach Document and supplemented by Dear CEO letters, most notably the July 2023 letter that signalled a step change in supervisory intensity.

The safeguarding obligation is conceptually straightforward: customer funds must be ring-fenced from the firm's own money so that if the firm fails, those funds are available for distribution to customers rather than being absorbed into the general insolvency estate. In practice, safeguarding is operationally demanding. It requires real-time (or near-real-time) identification of relevant funds, physical segregation into designated accounts, daily reconciliation, and robust governance to ensure the entire process operates reliably under stress.

There are two permitted methods of safeguarding. The segregation method requires the firm to place relevant funds in a segregated account with an authorised credit institution or invest them in approved liquid assets. The insurance method requires the firm to hold an insurance policy or comparable guarantee that would pay out the full amount of customer funds in insolvency. The vast majority of firms use the segregation method because suitable insurance products are scarce and expensive.

Safeguarding is not a theoretical obligation. The FCA has taken enforcement action against multiple payment firms and e-money issuers for safeguarding failures, and the collapse of several firms in recent years — where customers lost money because safeguarding was deficient — has made this one of the regulator's highest-priority supervision areas. The FCA's 2023-2025 Payments Strategy identified safeguarding as the single most important consumer protection issue in the payments sector.

Why the FCA Cares

The FCA's concern with safeguarding is driven by the growth of the payments sector and the increasing volume of customer funds held by firms that, unlike banks, are not covered by the Financial Services Compensation Scheme (FSCS). Payment institutions and e-money issuers can hold billions of pounds of customer money, and if that money is not properly safeguarded, customers face total loss in insolvency. Unlike bank deposits, there is no FSCS safety net — safeguarding is the only protection mechanism.

The regulator's anxiety was validated by several high-profile failures. When payment firms collapsed with inadequate safeguarding arrangements, customers waited months or years for partial recoveries. The FCA identified a pattern: firms were treating safeguarding as a back-office function, delegating it to junior staff, conducting reconciliations infrequently, and allowing safeguarding shortfalls to develop without detection. In some cases, firms were deliberately using customer funds for operational purposes — a direct and serious breach.

The July 2023 Dear CEO letter to payments firms represented a watershed moment. The FCA stated that it had found "widespread and material weaknesses" in safeguarding across the sector and set out specific expectations for immediate improvement. The letter required firms to conduct an independent review of their safeguarding arrangements and report findings to the FCA. Subsequent supervisory work has confirmed that many firms had significant shortfalls between the amount they should have been safeguarding and the amount actually held in segregated accounts.

The FCA has also linked safeguarding to Consumer Duty. A firm that fails to protect customer funds is, by definition, not delivering good outcomes. The regulator expects firms to treat safeguarding as a board-level responsibility, with governance frameworks that ensure senior management understands the safeguarding position at all times and can intervene immediately if shortfalls develop. The FCA's proposed reforms to the safeguarding regime, consulted on in 2024-2025, would introduce a trust model more closely aligned with CASS (the Client Assets Sourcebook) requirements, further raising the operational bar.

Who It Affects

Safeguarding obligations apply to all authorised payment institutions (APIs) and authorised electronic money institutions (AEMIs) in the United Kingdom. Small payment institutions (SPIs) and small electronic money institutions (SEMIs) are exempt from the safeguarding requirements, but this exemption is contingent on their registration conditions and the FCA has been clear that it expects small firms to have appropriate arrangements for protecting customer funds even where safeguarding is not formally required.

The obligation captures a wide range of business models. Traditional money transfer operators must safeguard funds from the point of receipt from the sender until delivery to the recipient. E-money issuers — including prepaid card providers, digital wallet operators, and firms offering stored-value accounts — must safeguard the total float of outstanding e-money. Payment initiation service providers (PISPs) typically have limited safeguarding exposure because they do not hold funds, but firms that combine PISP activities with account-based services may have complex safeguarding requirements.

Firms that use agents or distributors face additional complexity. Where an agent receives customer funds on behalf of a payment institution, the safeguarding obligation transfers to the principal firm at the point of receipt by the agent. The firm must have systems and controls to track funds held by agents and ensure they are safeguarded within the required timeframe. Agent oversight failures are a recurring theme in FCA supervisory findings.

Banking partners are also affected. Credit institutions that hold safeguarding accounts for payment firms have their own obligations to ensure that the accounts are properly designated and that the bank does not exercise set-off or other rights against the safeguarded funds. The FCA has engaged directly with banks that provide safeguarding accounts to ensure they understand their role in the safeguarding chain.

What Firms Get Wrong

The most common failure is inadequate reconciliation. Safeguarding requires daily reconciliation between the firm's records of customer funds and the balance held in safeguarding accounts. Many firms conduct reconciliation less frequently than daily, use manual processes prone to error, or reconcile at an aggregate level that masks individual discrepancies. The FCA has found firms where reconciliation was weeks or months in arrears, during which significant shortfalls had developed undetected. A robust safeguarding framework requires automated, daily reconciliation with real-time exception reporting.

Second, firms fail to identify all relevant funds. The safeguarding obligation attaches to funds received in exchange for e-money or in connection with payment transactions, but the boundary can be complex. Fees, commissions, and charges that have been earned by the firm are not relevant funds and should be swept out of safeguarding. Conversely, funds in transit — held in operational accounts pending transfer to safeguarding — are relevant funds that should be safeguarded by the end of the next business day. Firms that do not have a clear, documented methodology for identifying relevant funds are at risk of both over-safeguarding (tying up working capital unnecessarily) and under-safeguarding (leaving customer funds unprotected).

Third, governance arrangements are weak. Safeguarding is frequently managed by the finance or treasury function with limited compliance oversight. The FCA expects safeguarding to be a board-level agenda item, with a named individual responsible for ensuring the safeguarding obligation is met at all times. The SMCR framework reinforces this: at a minimum, the compliance oversight function holder and the finance function holder should have explicit responsibility for safeguarding within their statements of responsibilities.

Fourth, firms underestimate the operational resilience dimension. Safeguarding is not just a steady-state obligation — it must work under stress. If the firm's banking partner withdraws safeguarding account services (which has happened), if there is a technology failure affecting reconciliation, or if the firm experiences a sudden surge in customer funds, the safeguarding framework must continue to function. Firms that have not stress-tested their safeguarding arrangements against realistic disruption scenarios are not meeting the FCA's expectations.

What Evidence Is Expected

The FCA expects firms to maintain comprehensive safeguarding documentation, starting with a safeguarding policy that sets out the firm's approach, the method used (segregation or insurance), the roles and responsibilities involved, and the reconciliation and escalation procedures. This policy must be approved by the board and reviewed at least annually.

Reconciliation records are the primary evidence base. The FCA expects daily reconciliation between internal records and safeguarding account balances, with clear documentation of any discrepancies, the reasons for those discrepancies, and the actions taken to resolve them. Where a shortfall exists — even temporarily — the firm must document when it was identified, why it arose, and how quickly it was remedied. Persistent or recurring shortfalls are a serious supervisory concern.

The FCA also expects evidence of the safeguarding account arrangements themselves: the account agreements with the credit institution, confirmation that the accounts are designated as safeguarding accounts and that the credit institution has acknowledged the trust status of the funds, and evidence that the firm has considered counterparty risk and diversification. Firms holding all safeguarded funds with a single credit institution are exposed to concentration risk that the FCA will question.

Management information must give the board a clear, current view of the safeguarding position. The FCA expects regular reporting to the board (at minimum quarterly, with real-time escalation for material shortfalls) covering: total safeguarding obligation, total funds safeguarded, any shortfalls or surpluses and their causes, reconciliation exception rates, and the status of any remediation actions. The FCA's supervisory approach includes requesting this MI directly and assessing whether it demonstrates genuine board engagement with safeguarding risk.

Good Implementation Looks Like

A firm with exemplary safeguarding practice treats the protection of customer funds as a non-negotiable operational priority, not a compliance exercise. Safeguarding is embedded in the firm's system architecture: funds are automatically routed to safeguarding accounts upon receipt, reconciliation runs continuously or at minimum daily with automated exception alerting, and any shortfall triggers immediate investigation and remediation.

The firm maintains safeguarding accounts with at least two credit institutions to mitigate concentration risk. Account agreements explicitly acknowledge the trust status of the funds and include provisions that prevent the credit institution from exercising set-off rights. The firm conducts periodic reviews of its banking partners' creditworthiness and has contingency arrangements for migrating safeguarding accounts if a banking relationship is terminated.

Governance is robust and layered. A named senior manager holds explicit responsibility for safeguarding under SMCR. The compliance function conducts independent assurance testing of safeguarding controls at least quarterly. The board receives regular safeguarding MI and discusses it as a standing agenda item. The internal audit function includes safeguarding within its risk-based audit plan. External auditors are engaged to provide an annual assurance opinion on safeguarding, which the FCA increasingly expects even where it is not yet formally required.

The firm stress-tests its safeguarding arrangements against scenarios including: sudden increase in customer fund volumes (e.g. following a marketing campaign or market event); loss of a safeguarding banking partner; technology failure affecting reconciliation; and fraud or operational error leading to a shortfall. The results inform contingency planning and are reported to the board. The firm also monitors regulatory developments — including the FCA's proposed move to a CASS-style trust model — and plans ahead for implementation rather than waiting for final rules.

Related Tool

The MEMA perimeter assessment tool helps payments firms determine the scope and nature of their safeguarding obligations. For firms operating across multiple payment services — combining e-money issuance with payment initiation, account information services, or traditional money remittance — the perimeter tool maps each activity to its regulatory classification and identifies the corresponding safeguarding requirements.

The FCA calculator module includes a safeguarding reconciliation framework that structures the daily reconciliation process, identifies discrepancies, and generates the documented output the FCA expects to see during supervisory engagement. It tracks the safeguarding obligation in real time against actual funds held, providing early warning of developing shortfalls before they become material.

The tool also generates board-ready MI reports covering the safeguarding metrics the FCA monitors: reconciliation exception rates, shortfall frequency and duration, counterparty exposure, and trend analysis. This information supports the governance framework the FCA expects — giving senior management and the board a clear, current view of whether customer funds are protected.

Related Service

Our FCA authorisation service provides end-to-end support for firms seeking authorisation as payment institutions or e-money issuers, with safeguarding as a central element of the application. The FCA's gateway assessment places significant weight on the adequacy of proposed safeguarding arrangements, and applications that do not demonstrate a robust, realistic safeguarding framework are likely to face extended assessment timelines or rejection.

We help firms design safeguarding frameworks that meet FCA expectations from day one — including the selection and negotiation of safeguarding account arrangements with credit institutions, the design of reconciliation processes, the drafting of safeguarding policies, and the allocation of SMCR responsibilities. For firms that are already authorised, we conduct independent safeguarding reviews that assess current arrangements against the standards set out in the FCA's Dear CEO letters and Approach Document.

For firms responding to FCA supervisory engagement on safeguarding — whether a routine information request, a requirement to commission an independent review, or a Voluntary Requirement or Own Initiative Requirement relating to safeguarding controls — we provide expert support at every stage. We understand the FCA's supervisory methodology for safeguarding, the evidence it requests, and the benchmarks it applies. Our team includes practitioners who have designed and operated safeguarding frameworks at authorised payment institutions and who have direct experience of FCA supervisory interactions in this area.

Related Sectors

Safeguarding is primarily a payments sector obligation but its implications extend across the financial services landscape. Traditional money transfer operators — firms facilitating international remittances and cross-border payments — face safeguarding challenges related to timing mismatches between fund receipt and delivery, correspondent banking arrangements, and multi-currency exposure. The FCA has found that some remittance firms hold funds for extended periods before completing the payment, creating prolonged safeguarding exposure that requires careful management.

E-money issuers face the most complex safeguarding obligations because the float of outstanding e-money can be large, variable, and difficult to reconcile in real time. Prepaid card issuers, digital wallet providers, and firms offering stored-value accounts for payroll or expense management must safeguard the full value of unredeemed e-money, which requires continuous tracking of issuance, redemption, and expiry. The growth of e-money in the UK — with billions of pounds now held in e-money accounts — has made this a systemically important safeguarding population.

Fintech firms that combine regulated payment services with unregulated activities face particular perimeter challenges. A firm that offers a payment account alongside investment or lending products must clearly delineate which funds are subject to safeguarding and which are subject to other regulatory protections (such as CASS for investment funds). The FCA has found that hybrid business models create confusion about safeguarding scope, and firms operating across multiple regulatory perimeters must have systems that correctly classify and protect funds according to the applicable regime.

The banking sector, while not itself subject to safeguarding (bank deposits being covered by FSCS), plays a critical role as the custodian of safeguarding accounts. Banks that provide safeguarding account services to payment firms must understand the trust nature of the funds, ensure proper account designation, and refrain from exercising set-off or combination rights. The FCA's engagement with banks on their safeguarding account practices reflects the systemic importance of this role in the customer protection chain.