Safeguarding Requirements for UK Payment Firms: 2026 Update

Safeguarding customer funds is the most fundamental operational obligation of any authorised payment institution or electronic money institution in the UK. It is also one of the most commonly misunderstood and inadequately implemented. The FCA's thematic review of safeguarding practices, published in 2023, found widespread non-compliance across significant parts of the sector — from technical failures in account designation to fundamental breakdowns in daily reconciliation. Against this backdrop, the FCA has consulted on, and is now implementing, the most significant overhaul of safeguarding rules since PSD2 came into force.

The Legal Framework

Safeguarding obligations for UK payment firms derive from the Payment Services Regulations 2017 (PSRs 2017) and the Electronic Money Regulations 2011 (EMRs 2011), both of which implement the original PSD2 and EMD2 requirements respectively. Regulation 23 of the PSRs 2017 and Regulation 20 of the EMRs 2011 set out the core obligation: relevant funds received from, or for the benefit of, payment service users must be safeguarded by the time of business on the following business day.

There are two permissible methods of safeguarding: (1) segregating relevant funds in one or more accounts held with an authorised credit institution, central bank, or qualifying money market fund; or (2) covering relevant funds with an insurance policy or comparable guarantee from an authorised insurer. In practice, the overwhelming majority of UK payment firms use the segregation method, given the cost and availability constraints of insurance coverage for this purpose.

Designated Accounts: The Technical Requirements

Safeguarded funds must be held in accounts that are clearly designated as safeguarding accounts — distinct from the firm's own operational funds, the funds of other firms, and any other funds held by the institution. The account designation must be reflected both in the account titling (with a safeguarding notation visible to the account-holding bank) and in the firm's internal records.

A critical and frequently misunderstood requirement is that safeguarding accounts must not be subject to any right of set-off or security interest in favour of the account-holding bank. This means that safeguarded funds cannot be pledged as collateral for the firm's own banking facilities, and the bank holding the safeguarding account cannot apply the funds against debts owed by the payment firm. Payment firms that hold safeguarding accounts at the same bank as their operational accounts must ensure, in writing, that the bank has acknowledged the segregated status of the safeguarding funds and will not exercise any right of set-off against them.

The FCA's 2023 review found that many firms could not demonstrate that they had obtained written confirmation from their account-holding banks that set-off rights had been waived. This is an immediate remediation priority for firms that cannot currently evidence this confirmation.

Daily Reconciliation: The Practical Standard

Regulation 23(5) of the PSRs 2017 requires payment firms to conduct an internal reconciliation of safeguarded funds on a daily basis. This reconciliation must confirm that the amount of relevant funds held in safeguarding accounts matches the total liability to payment service users at close of business. Any shortfall must be rectified immediately by topping up the safeguarding account from the firm's own funds.

The FCA's review found that reconciliation practices were one of the most common areas of failure. Specific failures included: reconciliation conducted weekly rather than daily; reconciliation calculations that used incorrect assumptions about which funds were "relevant" for safeguarding purposes; failure to include funds in transit in the reconciliation calculation; and reconciliation processes that were manual and error-prone, with no automated controls or independent review.

Best practice for daily reconciliation includes:

• An automated system that calculates the safeguarding requirement at the close of each business day based on live data from payment processing systems
• An automated comparison of the calculated requirement against the balance in safeguarding accounts
• An automated trigger that generates an exception report and escalation where a shortfall is identified
• A clear documented process for topping up the safeguarding account if a shortfall is identified, with defined responsibility and timeline
• An independent review of the reconciliation output by the compliance function (not just the operations team that produces it)
• Retention of reconciliation records for a minimum of five years

Trustee Arrangements and Statutory Trust

An alternative safeguarding structure permitted under the regulations is the establishment of a statutory trust over safeguarded funds, whereby an independent trustee holds the funds on trust for the benefit of payment service users. This structure provides stronger protection than simple segregation in some insolvency scenarios, as trust assets are technically not the property of the insolvent firm and should not be available to the firm's general creditors.

However, trustee arrangements are operationally complex and require careful legal structuring. The trustee must be genuinely independent, the trust deed must be properly drafted to ensure the statutory trust is effective, and the trustee must have appropriate oversight of the safeguarding account. Many smaller payment firms have opted not to use this structure due to the cost and complexity involved.

The FCA Consultation: What Is Changing

The FCA's consultation paper CP23/29, published in December 2023, proposed substantial changes to the safeguarding framework that are now being implemented through the Consumer Duty and the revised Payment Services Regulations. Key changes include:

• Enhanced record-keeping: Payment firms will be required to maintain, at all times, records sufficient to allow the FCA to identify all safeguarded funds and their location within 24 hours. This requires investment in record systems that can produce this output on demand.
• Annual safeguarding audit: Firms above a certain size threshold will be required to commission an annual independent audit of their safeguarding arrangements, with results reported to the board and shared with the FCA on request.
• Wind-down planning integration: Safeguarding arrangements must be integrated into the firm's wind-down plan, demonstrating that customer funds can be identified and returned in a failure scenario.
• Liquidity buffer: Firms must maintain a liquidity buffer specifically to cover potential shortfalls in safeguarding accounts — for example, where the value of funds in a qualifying money market fund falls below par.
• Reporting requirements: Enhanced regulatory reporting on safeguarding is being introduced, requiring firms to report safeguarding balances, method of safeguarding, and any breaches to the FCA on a regular basis.

Practical Steps for Compliance

For payment firms reviewing their safeguarding arrangements in light of these changes:

• Conduct an immediate gap analysis against the current FCA expectations in the Approach Document and the CP23/29 proposals
• Obtain and file written confirmation from account-holding banks that no set-off rights apply to safeguarding accounts
• Review and automate the daily reconciliation process — manual reconciliation is not sufficient for a growing payment business
• Ensure the board receives regular (at least monthly) reporting on safeguarding compliance, including reconciliation outcomes and any shortfalls identified
• Commission an independent audit of safeguarding arrangements even before it becomes mandatory — the findings will almost certainly reveal issues that benefit from early remediation

The FCA has made clear that safeguarding failures are treated as serious regulatory matters, capable of triggering formal enforcement action and, in severe cases, variation of permissions. For any firm operating a payment business in the UK, getting safeguarding right is not optional.