Enquire
logo_outline-1
Home > Insights > Blogs > Trust & Security: How Payment Services Firms can Better Protect Client Funds

Trust & Security: How Payment Services Firms can Better Protect Client Funds

client assets client money Consumer Duty Compliance Monitoring
shutterstock_1477482134

writer icon

Author: Priscilla Gaudoin - Head of Risk & Compliance - Published April 2025

subject icon

Topics: Payment Services, CASS 15, Safeguarding

globe icon

Regions and Regulators: UK, FCA

 

Recognised CPD Badge (transparent) 24-25 1

 

 

Time to read: 2-3 minutes

Despite recent announcements that the Payment Services Regulator (PSR) will be disbanded, regulation is not going away.  The FCA is taking on increased responsibilities and ensuring that there are consistent messages to firms on how to safeguard funds and prevent harm to the consumer.

The FCA’s consultation paper: Changes to the safeguarding regime for payments and e-money firms (CP24/20) was published in September 2024, closed for comments in December 2024, and we’re now awaiting the final rules.

Within the paper, the FCA announced changes to the safeguarding regime for payments and e-money firms and made proposals to support its regulatory commitment to protecting consumers and reducing harm caused by a firm’s insolvency.

The proposals included the following obligations:

  • defined accounts and recordkeeping practices
  • enhanced monitoring and reporting
  • strengthened safeguarding practices
  • funds held under a statutory trust

What prompted this consultation? What does it mean for payment services firms, and what do firms need to do differently?

Key Regulatory Messages:

"Your firm’s Board or Executive Committee should consider which of the risks we highlight are applicable to your business and the action your firm will take to address them. We will expect your firm to explain the actions it has taken in response to this letter on request.”

(FCA Portfolio Letter: FCA priorities for payments firms, March 2023)

In March 2023, the FCA wrote to the CEOs of payment services firms highlighting three key areas for action which included demonstrating that:

  • the customers’ money is safe
  • firms do not compromise financial system integrity and
  • the customers’ needs are met.

The regulatory concerns stemmed from the risks posed to consumer protection, financial stability and compliance with regulatory obligations. Specific observations centred around the following areas:

  1. Weak safeguarding of customer funds
  2. Poor financial resilience
  3. Failure to meet regulatory requirements
  4. Inadequate governance and controls
  5. Misleading information
  6. Poor understanding of third party risks

Improvements Needed:

Figure 1: Building blocks of a trusted payment services sector

Following the portfolio letter, payment services firms should have reviewed their systems and controls and gathered evidence to demonstrate any actions taken. Improvements were required in the following areas:

Adequate Safeguarding:

The CASS sourcebook provides a framework that enables customers’ funds to be returned quickly when a firm becomes insolvent. In this area firms should have taken action to:

  • document processes to identify which funds are deemed relevant for the purposes of safeguarding
  • undertake reconciliations at least daily to ensure that safeguarded funds are adequate and not excessive
  • ensure that the accounts in which relevant funds are held (including an insurance policy or comparable guarantee) meet the requirements and are supported by the appropriate documentary evidence and
  • maintain appropriate records to enable the firm or a third party to easily identify a customer and its funds

Achieve financial resilience:

Firms were asked to review how they manage liquidity risk and consider whether they need to hold additional capital to mitigate any risks facing the business.   To support financial resilience, firms were asked to consider undertaking scenario planning and stress testing to understand their capital requirements and aid capital planning to ensure an orderly exit from the market.

Additionally, wind-down processes came under regulatory scrutiny. Firms must avoid causing undue harm when they exit the market by having a clear procedure that is communicated and can be readily implemented.

Integrity within Financial Services:

The portfolio letter also reminded firms to review and ensure appropriate processes and controls to fight financial crime. This requires firms to adopt appropriate onboarding checks with regular monitoring to demonstrate compliance as well as to identify any areas for improvement. Firms were also encouraged to report any suspicious activities.

In relation to fraud prevention, firms were asked to review their arrangements and how they respond to customers’ notifications of fraudulent activity on their accounts. These need to be responded to in a timely manner, but again, procedures need to be reviewed and updated where weaknesses are identified. Regulator monitoring of activities helps to identify any weaknesses and enable the firm be proactive in preventing fraud.

Consumer centric culture: 

The portfolio letter also addressed firms’ obligations under the Consumer Duty.   One important reminder related to the obligation of informing consumers that these firms are not banks, consequently the consumers’ monies are not protected by the Financial Services Compensation Scheme (FSCS).

What's changed since March 2023?

We're currently awaiting the FCA’s policy statement to be issued which will confirm the final rules for payment services firms.   During this time, there is plenty that a firm can do in anticipation of those rules given that the FCA provided many recommendations in its portfolio letter.

Crucially, time is now a key factor in compliance. Changes will be phased in over 6 and 12 months following the publication of the new rules.

The proposals outlined by the FCA focus upon:

  • Improved recordkeeping
  • Enhanced monitoring and reporting
  • Strengthened safeguarding practices
  • Holding funds under a statutory trust

These proposals are consistent with the FCA’s message in the March 2023 letter.

Interim versus End-State Rules:

During the interim period, a new chapter 15 of CASS sourcebook will outline requirements for payment services firms. Additionally, firms will need to consider its audit requirements in the new chapter, SUP 16 and current guidance in chapter 10 of the Approach document will be amended to remove any duplication.  

 

During the interim period, firms must focus on designing and implementing appropriate policies and procedures to ensure compliance with their obligations. This includes ensuring that firms maintain appropriate records and accounts to distinguish between relevant funds and other funds.

 

Internal reconciliations must be completed on relevant funds at least once each business day according to the rules outlined in CASS, and based on the internal accounting records, not third party data.

External reconciliations must be completed at least once a day according to the rules, and verified against the firm’s internal records. This helps to confirm the accuracy and validity fo the internal records.

Where any discrepancies are found, the firms need to understand the reason why and address the shortfall or remove any excess paid into the relevant funds account. This action must be completed by close of business on the day that the discrepancy is discovered.

Where an external reconciliation uncovers a discrepancy, the firm must investigate and resolve the issue.  These discrepancies then lead to regulatory notifications. How easily can your firm identify, escalate, resolve, and then notify the regulators?

Key actions required: 

Firms need to address the following areas:
  1. Recordkeeping & Reconciliations

This means firm must maintain clear records of client funds and implement a resolution pack to facilitate timely return of funds to clients by an insolvency practitioner.

  1. Audit and reporting

Prepare for annual audits to demonstrate compliance with the new rules and monthly regulatory returns.

  1. Strengthening safeguarding

Firms must consider the diversification of its safeguarding partners to avoid concentration risk.  Additionally, firms must undertake due diligence upon third parties, as well as have signed acknowledgement letters must be in place.

  1. Holding funds

Firms must set up a Statutory trust for client funds, assets and insurance policies. Whilst firms using Secure Liquid Assets (SLAs) to safeguard client funds, and must consider if additional permissions are needed to do so.

  1. Strengthening elements of safeguarding

Ensure all client funds are paid directly into a DSA with a central bank and template acknowledgment letters received.  

Agents and distributors must deposit any client funds directly into the Principal firm’s safeguarding client account which must be segregated by the principal firm for each agent.

More stringent criteria will apply and need to be met before insurance can be used to safeguard, ie the policy must be written in trust

Figure 2: Key actions to be completed

Ruleguard and Client Assets:

Ruleguard is an industry-leading GRC platform designed to help regulated firms manage the burden of evidencing and monitoring compliance. It has a range of tools to help firms fulfil their obligations across the UK, Europe and APAC regions.

With Ruleguard, firms can manage the following safeguarding requirements:

  • Generate and maintain a current reconciliation pack
  • Plan your compliance monitoring activities
  • Provide assurance to boards and other third parties of compliance
  • Facilitate compliance with workflows, attestations and task lists to confirm compliance
  • Share information with third parties to facilitate auditors
  • Track and manage policies and procedures

Ruleguard’s  Compliance Monitoring Solution and Client Assets Solution provide e-payment services firms with the tools to ensure robust oversight and regulatory alignment.

If you’d like to learn more please contact us for further information on: Tel: 0800 408 3845 or hello@ruleguard.com.

Related Webinars, White Papers and Blogs

Ruleguard hosts regular events on various regulatory topics. You can watch our webinars on-demand at your convenience, or read our blogs, white papers and tune in to our podcasts.

How Ruleguard can help

Ruleguard's Compliance Monitoring solution enables firms to automate and evidence their control checks, ensuring ongoing compliance with requirements such as AML, transaction monitoring, and safeguarding obligations.
 
The Client Assets Compliance module supports firms subject to CASS by providing a structured framework for managing reconciliations, acknowledgements, and oversight of third parties, reducing risk and ensuring end-to-end visibility across safeguarding processes.
 
Book a discovery call
grc-platform
Priscilla photo-1

About the author

In a career spanning 30 years, Priscilla has worked as a consultant, CCO and MLRO providing regulatory oversight and advice to firms across the financial services industry. She is responsible for our thought leadership programme, writing regular articles and white papers, and hosting webinars on a variety of regulatory matters.

She is a Fellow of the International Compliance Association, a certified GRC practitioner, and a member of the Institute of Risk Management.

 
Contact Priscilla