Safeguarding requirements for payment institutions and electronic (e-money) institutions

This page provides guidance for payment and e‑money institutions on safeguarding customer funds in relation to payment transactions and the issuance of e‑money.

The Payment Services Regulations 2017 (PSRs) and Electronic Money Regulations 2011 (EMRs) require firms to take steps to protect customer funds in the event of insolvency. This is known as ‘safeguarding’.

Payment and e-money institutions that are required to safeguard relevant funds must follow the requirements set out in regulation 23 of the PSRs and/or regulation 20 of the EMRs, as well as rules set out in Chapter 10A and Chapter 15 of the Client Assets Sourcebook (CASS), and in Chapters 3A and Chapter 16 of the Supervision Manual (SUP) as applicable.

Credit unions that issue e-money are also required to safeguard relevant funds and so the same rules and regulations would apply.

Authorised Payment Institutions (APIs), Authorised E-Money Institutions (AEMIs) and Small E-Money Institutions (SEMIs)

For APIs, AEMIs and SEMIs, safeguarding is a mandatory requirement and a condition of authorisation or registration (as applicable). 

Under the PSRs and EMRs, these institutions can safeguard relevant funds either by segregating them from all other funds they hold, or by arranging for the relevant funds to be covered by an insurance policy with an authorised insurer or a comparable guarantee. AEMIs which provide payment services that are unrelated to the issuance of e-money are also subject to the safeguarding provisions of the PSRs.

To ensure relevant funds are kept safe and to reduce the risk of financial loss if a firm fails, APIs, AEMIs and SEMIs are required to have a robust risk management framework in place that can:

  • Identify risks
  • Assess risks
  • Mitigate (reduce) risks

Safeguarding requirements for Small Payment Institutions (SPIs) and SEMIs under the PSRs

SPIs, and SEMIs which provide payment services that are unrelated to the issuance of e-money, can choose to comply with safeguarding requirements in the PSRs.

Where an SPI or SEMI chooses to safeguard relevant funds, it will need to apply the same level of protection that is expected of APIs under the PSRs. 

SPIs and SEMIs should tell us whether they have chosen to safeguard:

  • when they apply for registration, and
  • in their annual reporting returns.

If an SPI or SEMI decides to begin safeguarding relevant funds after it has been registered, or if it decides to stop safeguarding, it should let us know via submission of a SUP 15 notification form. Alternatively, the SPI or SEMI can call our firm Contact Centre.

Monthly reporting on safeguarding and relevant funds

Under SUP 16, all APIs, AEMIs, and SEMIs and SPIs which choose to safeguard, are required to submit monthly reporting on their safeguarding arrangements and relevant funds via My FCA within 15 business days of the end of each calendar month.

These reports provide us with an overview of firms’ safeguarding arrangements and the amount of relevant funds they hold.

Firms can refer to My FCA for their individual reporting schedule. Further guidance on regulatory reporting requirements and notifications can be found in Chapter 13 of the FCA Approach Document[1].  

Further guidance on safeguarding

Further rules and guidance are in The FCA Handbook references CASS 10A[2], SUP16.14A[3], SUP 3A[4] and CASS 15[5] and Chapter 10 of the FCA Approach Document[1]. This includes:

  • Daily Reconciliations: Firms must perform internal and external safeguarding reconciliations at least once each reconciliation day* to ensure accurate, up-to-date records.
  • Enhanced Due Diligence: Our rules set out the due diligence that is required when appointing or reviewing third parties that hold or manage relevant funds.
  • Resolution Packs: Firms must maintain "resolution packs" that are regularly updated to facilitate a quick return of funds to the firm’s clients in case of its failure.
  • Safeguarding Audits: New, clear requirements for audits, which include specific submission timelines (first audit within 6 months of the audit period end and all subsequent audits have to be submitted within 4 months of the audit period end). See SUP 3A.9.8 for more information.
  • Inbound Funds: The obligation to safeguard funds begins as soon as the firm is entitled to them, often when credited to an account in the firm's name.
  • Insurance/Guarantees: Policies must not restrict payouts, except for confirming insolvency, and a contingency plan must be in place 3 months before a policy expires.
  • Reporting: Monthly safeguarding reports to the FCA (form REP027) will be required, confirming compliance with safeguarding and reconciliation obligations.

* The definition of reconciliation day excludes weekends, bank holidays, and days when relevant foreign markets are not open.

FCA explains: Safeguarding for payment firms

We hosted a payments safeguarding policy webinar on 18 November 2025. The webinar provided a summary of the requirements in the new Supplementary Regime, including:

  • Key parts of CASS 15 along with the implementation period, organisational requirements, secure liquid assets, insurance and guarantees, selection and appointment of third parties, record keeping, and reconciliations. 
  • Resolution packs in CASS 10A.
  • Safeguarding audit requirements in SUP 3A. 
  • Key aspects of the safeguarding return in SUP 16.
  • An overview of the Approach Document guidance on the start and end of the safeguarding obligation.

You can watch the webinar here[6].

: Information changed Update following new safeguarding rules coming into effect.
: Editorial amendment page update as part of the website refresh
First published: Last updated: 07/05/2026 See all updates

More on PIs and EMIs

Electronic money and payment institutions home[7]

Source URL: https://www.fca.org.uk/firms/emi-payment-institutions-safeguarding-requirements

Links