FCA Authorisation

Safeguarding Requirements for Payment and E-Money Firms: A Practical Guide

How UK payment and e-money firms must safeguard customer funds under the PSRs 2017 and EMRs 2011, plus the FCA's strengthened supplementary regime.

9 min read Published 17 Jul 2026
Safeguarding Requirements for Payment and E-Money Firms: A Practical Guide

Safeguarding is the single most important consumer-protection obligation for a UK payment institution or electronic money institution. Because these firms are not banks, customer money is not covered by the Financial Services Compensation Scheme if the firm itself fails. Safeguarding is the mechanism that fills that gap. It requires you to ring-fence the money customers hand over, keep it separate from your own working capital, and hold it in a way that survives your insolvency so it can be returned promptly.

The obligation sits in two pieces of legislation. Regulation 23 of the Payment Services Regulations 2017 governs payment institutions, and regulations 20 to 22 of the Electronic Money Regulations 2011 govern e-money institutions. Both give you the same core choice of methods and the same idea of a protected, clearly labelled account. On top of the legislation, the FCA has been tightening its expectations because too many failed firms left customers short. For firms that became insolvent between the first quarter of 2018 and the second quarter of 2023, the FCA found an average shortfall of 65 per cent between the funds owed to clients and the funds actually safeguarded.

This guide explains what the law requires today, what changed on 7 May 2026 under the FCA's supplementary regime, and how to build safeguarding controls that will pass an audit and survive a stress event. It is written for firms preparing for authorisation and for authorised firms tightening their arrangements ahead of the FCA's longer-term reforms.

What safeguarding is and why it matters

Safeguarding means keeping customer money apart from your firm's own money and holding it in a form that cannot be claimed by your general creditors if you go insolvent. The money you must protect is called relevant funds. Under regulation 23 of the Payment Services Regulations 2017, relevant funds are the sums you receive from a payment service user, or from another payment service provider on a user's behalf, for the execution of a payment transaction. Under the Electronic Money Regulations 2011, relevant funds are the funds you receive in exchange for electronic money that has been issued.

The stakes are high because payment and e-money firms fall outside deposit protection. If a bank fails, eligible depositors are covered by the Financial Services Compensation Scheme. If a payment or e-money firm fails, the scheme does not cover that failure. Safeguarding is therefore the only thing standing between a customer and the loss of their money. When it is done well, an insolvency practitioner can identify the ring-fenced pool quickly and return it. When it is done poorly, customers wait a long time and may not get everything back.

The FCA's concern is grounded in evidence. It has repeatedly pointed to large shortfalls in failed firms and to weak record keeping that makes it slow and costly to work out which funds belong to which customers. Getting safeguarding right is not a box-ticking exercise. It is the difference between customers being made whole and customers losing money.

The two safeguarding methods

The legislation gives you two ways to safeguard relevant funds, and you can use them in combination. The first method is segregation. You keep relevant funds separate from any other funds you hold, and if any relevant funds are still held at the end of the business day following the day you received them, you place them in a separate account with an authorised credit institution or the Bank of England, or you invest them in secure, liquid, low-risk assets held in a separate account with an authorised custodian. An authorised credit institution for this purpose cannot be in the same group as your firm.

The second method is insurance or a comparable guarantee. Instead of holding the money in a ring-fenced account, you arrange an insurance policy with an authorised insurer, or a comparable guarantee from an authorised insurer or an authorised credit institution, so that the relevant funds are covered. The provider cannot be in the same group as your firm. The policy or guarantee must be structured so that, on an insolvency event, its proceeds are payable into a separate designated account that is used only for those proceeds.

In practice, the overwhelming majority of firms use the segregation method, because insurance and guarantee cover that meets the regulatory tests is difficult and expensive to source. Whichever route you choose, the underlying account has to be a designated safeguarding account, labelled so that it is clear it is held for the purpose of safeguarding relevant funds, and no one other than your firm may have any interest in or right over the funds or assets in it.

FeatureSegregation methodInsurance or comparable guarantee method
Legal basisPSRs 2017 reg 23; EMRs 2011 reg 21PSRs 2017 reg 23; EMRs 2011 reg 22
How funds are protectedHeld in a separate designated account, or invested in secure liquid assets with an authorised custodianCovered by an insurance policy or comparable guarantee whose proceeds pay into a designated account on insolvency
Who can hold or provide itAuthorised credit institution or the Bank of England; authorised custodian for assetsAuthorised insurer, or comparable guarantee from an authorised insurer or authorised credit institution
Group restrictionProvider must not be in the same group as the firmProvider must not be in the same group as the firm
Typical useUsed by the large majority of firmsRare, due to cost and availability of qualifying cover
The two statutory safeguarding methods compared, based on PSRs 2017 reg 23 and EMRs 2011 regs 21 to 22.

The designated safeguarding account and timing

The centre of the segregation method is the designated safeguarding account. The legislation requires the account to be designated in such a way as to show that it is held for the purpose of safeguarding relevant funds, and it must be used only for holding those funds or assets, or the proceeds of an insurance policy or guarantee. This labelling matters more than it looks. The FCA has found in supervisory work that some firms named accounts after their operational function, or after an agent or distributor, rather than making the safeguarding purpose clear. An account that is not obviously a safeguarding account is harder for an insolvency practitioner to identify and protect.

Timing is the other point firms get wrong. You must keep relevant funds segregated from your own money at all times. For any relevant funds that are still held at the end of the business day following the day of receipt, those funds must be sitting in the separate account or invested in qualifying assets. For e-money, funds received through a payment instrument must be safeguarded by the end of five business days after the electronic money has been issued. A common failing is leaving customer money in a general operating account past these points, which breaks the ring-fence for as long as it lasts.

One further protection sits behind the account. No person other than your firm may have any interest in or right over the relevant funds or the relevant assets. That is what stops your general creditors reaching the money on insolvency and what allows the ring-fenced pool to be returned to customers.

Reconciliation and record keeping

Ring-fencing the money is only half the job. You also have to prove, every day, that the amount you have safeguarded matches the amount you owe customers. This is reconciliation, and it is where the FCA's strengthened rules bite hardest. Under the supplementary regime that took effect on 7 May 2026, firms must perform both an internal and an external safeguarding reconciliation at least once each reconciliation day. An internal reconciliation compares your own records of relevant funds against what should be safeguarded. An external reconciliation compares your internal records against the balances confirmed by the third party holding the funds, such as your safeguarding bank.

Reconciliation days exclude weekends, public holidays and days on which the relevant foreign markets are not open, so the requirement is not literally every calendar day. Where a reconciliation reveals a discrepancy, you have to investigate the reason and correct it. If there is a shortfall in the safeguarded account, you must top it up; if there is an excess, you must withdraw it, so that the designated safeguarding account holds the right amount by the end of the relevant day.

These reconciliation and record-keeping rules deliberately build on the approach the FCA already applies to investment firms under its Client Assets Sourcebook. Accurate, up-to-date books and records are what allow an insolvency practitioner to work out quickly who is owed what. Poor records are precisely what caused the long delays and large shortfalls the FCA identified in failed firms, so daily reconciliation is the single most effective control you can strengthen.

The FCA's strengthened supplementary regime

The FCA set out its reforms in consultation paper CP24/20 in September 2024 and confirmed them in policy statement PS25/12, published on 7 August 2025. The reforms come in two stages. The first stage, the supplementary regime, came into force on 7 May 2026 and strengthens the existing rules rather than replacing them. The second stage, an end-state regime, would replace the current statutory safeguarding requirements once the relevant legislation is repealed.

The supplementary regime introduces several concrete obligations beyond daily reconciliation. Firms must maintain a resolution pack, a set of documents and records designed so that an insolvency practitioner can achieve a timely return of funds to customers. A resolution pack typically records where relevant funds are held, lists the firm's agents and distributors, and sets out the firm's procedures for managing, recording and transferring relevant funds and assets. The FCA expects it to be a living document that links to the latest records. The regime also confirms annual safeguarding audits by a qualified auditor for certain authorised payment and e-money institutions, and introduces a new monthly regulatory return on safeguarding arrangements.

The scope of the supplementary regime covers authorised payment institutions, other than those providing only payment initiation or account information services, authorised e-money institutions, small e-money institutions, and credit unions that issue e-money in the UK. Small payment institutions are not caught automatically but may opt in. The rules now sit within a new Client Assets Sourcebook chapter, signalling the FCA's intent to move payment safeguarding onto the same footing as investment client-asset protection.

1
Map relevant funds
Identify every inflow that counts as relevant funds and when the safeguarding obligation starts for each.
2
Open a designated account
Set up an account clearly labelled as a safeguarding account with an eligible, out-of-group institution.
3
Segregate on time
Move relevant funds into the account within the statutory deadline every day without exception.
4
Reconcile daily
Run internal and external reconciliations each reconciliation day and correct any discrepancy the same day.
5
Build a resolution pack
Keep a living record of where funds sit, agents, and transfer procedures for an insolvency practitioner.
6
Arrange assurance
Commission the annual safeguarding audit and submit the required monthly return to the FCA.

The direction of travel and the statutory trust

The supplementary regime is an interim step. The FCA's longer-term intention, set out in PS25/12 as the end-state or post-repeal regime, is to impose a statutory trust over relevant funds, relevant assets and any insurance policies or guarantees used for safeguarding. Under a statutory trust, a firm would hold safeguarded funds on trust for its customers by operation of law, rather than relying on the account structure and contractual arrangements used today.

The reason for this shift is legal certainty. The insolvency of Ipagoo LLP exposed uncertainty about how safeguarded funds should be treated when a payments firm fails, which can increase both the risk of a shortfall and the time and cost of returning money. A statutory trust is intended to remove that uncertainty, speed up distributions and reduce the cost of returning funds. The FCA will review the supplementary regime once it has bedded in and consult further before finalising the end-state rules, so firms should treat the current requirements as a foundation rather than the last word.

For firms preparing for authorisation now, the practical message is to design safeguarding controls that are already close to a Client Assets Sourcebook standard. Daily reconciliation, clean records, a maintained resolution pack and clear account designation are all requirements today and all point in the direction the regime is heading. Building to that standard once avoids costly rework later. You can read how we help firms scope and implement these controls on our authorisation service page, and how ongoing safeguarding monitoring fits into a broader controls framework on our controls product page.

Conclusion

Safeguarding is the obligation that makes a payment or e-money firm safe to use. Because these firms sit outside deposit protection, the ring-fence you build around customer money is the only thing that protects customers if you fail. The law gives you two methods, segregation or insurance and comparable guarantee, and in practice nearly every firm segregates relevant funds into a clearly designated account held with an out-of-group institution. The technical detail that trips firms up is timing and labelling: moving funds within the statutory deadline every day, and naming the account so its safeguarding purpose is unmistakable.

The FCA's supplementary regime, in force since 7 May 2026, raises the bar with daily internal and external reconciliation, a maintained resolution pack, annual audits for many firms and a new monthly return, all building towards an eventual statutory trust. The firms that will cope best are those that treat safeguarding as a daily operational discipline rather than a static account arrangement. Build clean records, reconcile every reconciliation day, correct discrepancies immediately, and keep your resolution pack current. Do that, and you will be ready for the end-state regime when it arrives.

Frequently asked questions

What are relevant funds?

For payment institutions, relevant funds are sums received from a payment service user, or from another payment service provider on a user's behalf, to execute a payment transaction. For e-money institutions, they are funds received in exchange for electronic money that has been issued. These are the funds you must safeguard.

What are the two safeguarding methods?

Segregation, where you keep relevant funds separate and hold them in a designated account with an authorised credit institution or the Bank of England, or invest them in secure liquid assets with an authorised custodian. Or insurance or a comparable guarantee from an out-of-group authorised insurer or credit institution, with proceeds paid into a designated account on insolvency.

How quickly must relevant funds be safeguarded?

Relevant funds must be kept segregated at all times. Any relevant funds still held at the end of the business day following receipt must be in the separate designated account or invested in qualifying assets. For e-money received through a payment instrument, funds must be safeguarded by the end of five business days after the electronic money is issued.

How often must firms reconcile safeguarded funds?

Under the supplementary regime that took effect on 7 May 2026, firms must perform both an internal and an external safeguarding reconciliation at least once each reconciliation day. Reconciliation days exclude weekends, public holidays and days when the relevant foreign markets are closed. Any discrepancy must be investigated and corrected.

Does the Financial Services Compensation Scheme protect customer money if a payment firm fails?

No. The scheme does not cover the failure of the payment or e-money firm itself. Safeguarding is the mechanism that protects customer money, which is why the ring-fence and the designated account are so important. The scheme may in some cases look through the firm if the safeguarding bank fails, but not if the firm fails.

What is the statutory trust the FCA has proposed?

In PS25/12 the FCA proposes an end-state regime under which firms would hold safeguarded relevant funds, assets and insurance or guarantee proceeds on a statutory trust for customers. This is intended to remove the legal uncertainty exposed by the Ipagoo insolvency, speed up returns and cut distribution costs. It would replace the current requirements once the relevant legislation is repealed.

Ready to move money with confidence?

Nasara Authorise helps UK firms send and control payments with lower fees, better rates and full visibility.

Talk to an expert
Secure by designBank-grade security and encryption
Built for UK firmsMade for FCA-regulated businesses
Data protectedYour data stays private and controlled
Global reachCross-border payments worldwide