CASS 15: How new FCA rules have changed safeguarding obligations for EMIs and PSD firms

Written by  Dan Rose - Partner, Audit and Assurance
Published on:  12 August 2025

Written by Philip Buckingham, Compliance Director, UK at IQ-EQ and Dan Rose, Partner, Audit and Assurance at Gravita

IQ-EQ

The Financial Conduct Authority (FCA)’s CASS 15 rules impose new client money safeguarding and audit obligations on electronic money institutions (EMIs) and payment services directive (PSD) firms. The FCA published its final rules on 7th August 2025, allowing a nine-month implementation period with the rules coming into effect 7th May 2026. If your firm has never had a CASS audit, now’s the time to assess readiness, update your systems and controls, and begin compliance planning.

The UK’s Client Assets Sourcebook (CASS) currently sets the standard for how investment firms with the relevant permissions are obliged to hold, safeguard and reconcile client money and assets. Traditionally, the most robust client money safeguarding standards have applied to investment firms under existing CASS 7 rules. But the lighter touch previously extended to e-money firms is changing.

 

The FCA’s new CASS 15 framework will bring client money safeguarding standards for e-money institutions and payment services firms toward parity with investment firms, introducing a significantly higher level of scrutiny than many of these firms have faced before. In a nutshell, there are four key new standards expected of these firms:

 

  • Annual audits by qualified auditors
  • Monthly reporting for payment firms
  • Firms to conduct daily checks to make sure the right amount of money is being safeguarded to protect customers
  • Better planning if the firms fail so customers receive their money back sooner.

 

Following the publication of the final rules in FCA Policy Statement PS25/12, CASS 15 implementation will occur on 7th May 2026, giving firms nine months to prepare. For those who haven’t previously been subject to a CASS audit, the arrival of CASS 15 represents a fundamental shift in what regulators will expect from your safeguarding systems, documentation, and reporting processes. In this article, we dive into each of the new standards for EMIs and PSD firms and outline what should be done now to prepare.

 

What are the new safeguarding requirements under CASS 15?
1.    Annual CASS audits by qualified auditors

A CASS audit is an independent review of how your firm holds, safeguards and reports client money and assets.

 

Historically, e-money and payment firms haven’t needed to undergo CASS audit reports – or any audit reports – with the FCA. But under CASS 15, audit reports and a Breaches Schedule will be reportable to the FCA at least on an annual basis.

 

These annual audits are required to ensure that:

 

  • Your books and records correctly reflect and substantiate the clients for whom cash is held and reconciles to the cash held in a client account
  • You have robust systems and controls in place to operate the cash as well as safeguard those funds throughout the period

 

The Policy Statement confirms that the audits are to be completed by qualified, regulated auditors to ensure consistent audit quality.

 

Firms who do not meet the threshold of safeguarding £100,000 of relevant funds within a period of at least 53 weeks are exempt from the audit requirement, but are recommended to receive a voluntary audit to ensure they meet their obligations.

 

2.    Daily checks to ensure right amount of money is being safeguarded

One of the key updates is that the rules now state that payment firms must conduct safeguarding reconciliations daily.

 

Reconciliations will be due every reconciliation day rather than business day, which is intended to ease the burden on firms. However, this does not prevent payment firms from deciding to perform a reconciliation on a business day that isn’t a reconciliation day due to the nature, volume and/or complexity of their business.

 

Reconciliations are intended to check the accuracy of a firm’s books and records. The FCA has therefore replaced the existing deposit resource and requirement with a higher-level comparison.

 

The new comparison considers relevant funds that should be held in relevant funds bank accounts, or as relevant assets in relevant assets accounts (the “D+1 segregation requirement”) against the balances of those accounts (the “D+1 segregation resource”). If the D+1 segregation resource is lower than the D+1 segregation requirement, the firm will need to remedy the shortfall.

 

Payment firms must document how they will meet their obligations to their clients under the safeguarding report. A firm’s policies and procedures should set out how they plan to ensure that the external safeguarding reconciliations will achieve their purpose. As such, the FCA has implemented the requirement to maintain resolution packs, with an amendment to clarify the requirement relating to client contracts. Resolution packs should include:

 

  • Where the relevant funds are held
  • A list of the firm’s agent and distributors
  • The firm’s procedures for the management, recording and transfer of relevant funds and assets

 

Resolution packs will help ensure payment firms maintain, and can easily retrieve, information that would help achieve a timely return of relevant funds to consumers.

 

In order to assist firms and achieve the most efficient model, most effective resolution packs tend to be “living documents” that link directly to the latest versions of the relevant records.

 

3.    Monthly reporting

Under the new rules, firms will need to report to the FCA on a monthly basis regarding relevant funds safeguarded by the firm.

 

The reporting of regular information facilitates a targeted, proactive approach to the regulator’s supervision and assessment of risks across the portfolio. This follows the pattern of proactive monitoring taken by the FCA throughout the first half of 2025.

 

The FCA’s rationale for this approach includes:

 

  • Identifying firms that use a non-standard method of reconciliation
  • Determining which assets are held with custodians

 

The monthly return has been amended to reflect the new, higher-level comparison of the relevant funds that should be held in relevant accounts with the introduction of the D+1 segregation requirement.

 

Although throughout the new rules there have been thresholds implemented to avoid increasing scrutiny on smaller payment firms, this has not been applied to the monthly reporting requirements.

 

4.    Planning for firm failures

As detailed above, the D+1 requirement and resource are being implemented to monitor whether firms have adequate safeguarding resources. If not, the firm is expected to remedy the shortfall. The firm should have organisational arrangements in place to ensure it does not settle such payments using funds it’s required to segregate.

 

Within the policies and procedures, the FCA expects to see evidence of this planning, such as an instruction to return the funds to the customer in an orderly manner. In the event of failure, the firm is expected to have funds safeguarded in a range of approved, secure, liquid assets that can be easily accessible for consumers requiring reimbursement post-failure.

 

How can EMIs and PSDs prepare for CASS 15?

Under CASS 15, e-money firms will need to:

 

  • Build stronger internal systems and controls to safeguard client money
  • Create and maintain a CASS Resolution Pack, a set of records that lay out how client money is held and protected
  • Align their operational set-up with current expectations for investment firms (e.g. continuous documentation, real-time audit readiness and enhanced FCA reporting capability)
  • Appoint a suitable auditor with CASS experience and formally report that auditor to the FCA

 

Understanding how CASS 15 will impact your firm – and planning sooner rather than later – is key to staying on the right side of regulators. The firms that thrive under CASS 15 will be the ones that start preparing now, not just a few weeks before implementation.

 

Your compliance roadmap should include:

 

  • Impact assessment: Understand which parts of your firm will be affected and how the new rules align with your current processes
  • Gap analysis: Identify where your current safeguarding systems fall short of the expected standards
  • Process and tech review: Evaluate whether your current tech stack and workflows are audit-friendly or require improvements
  • Resolution pack preparation: Compile the required documents, including safeguarding structure, account details, reconciliations, client agreements and failure resolution protocols, so you’re ready for inspection
  • Engage an auditor: Partner with a CASS-experienced auditor early to plan the process and avoid bottlenecks or last-minute surprises, ensuring your report is submitted within four months of the period end

 

Every action you take ahead of the finalised rules will help prevent rushed remediation, failed audits, or FCA interventions, reducing your risk and sending a strong readiness signal to clients and partners.

 

How Gravita and IQ-EQ can help prepare for CASS 15 audits and safeguarding compliance

Together, we help firms prepare, comply with and align to the updated CASS 15 requirements.

 

We deliver independent CASS audits:

 

  • Plan and undertake a smooth audit to confirm compliance with CASS 15
  • Client money audit report confirming compliance (or non-compliance) with CASS 15 throughout the period and the period end
  • Identification and formal documentation of breaches, either firm- or auditor-identified
  • Reporting and submitting audit results to the FCA

 

IQ-EQ provides regulatory support and compliance consulting:

 

  • CASS 15 impact assessments
  • Gap analysis and remediation planning
  • Process design and improvement for safeguarding systems and controls
  • Resolution Pack setup

 

With our combined expertise, we can help you transition to CASS 15 smoothly, stay compliant and show regulators your safeguarding environment is built to last.

 

Ready to get ahead of CASS 15? Contact us to start your readiness plan today.

Similar Insights

Business Audit

Doing business in the UK – Audit and accountancy

10th June 2025
Written by: Thomas Adcock
Gravita have a team of experts who can smoothly guide overseas companies, if you are looking to set-up in the UK, please contact us here.
link to Find Out More
Accounts Audit

How accounts preparation can help you meet audit deadlines and reduce disclosure requirements

15th May 2025
Written by: Rachel Jackson
If you're part of a growing, more complex business now subject to external audit, you'll already know how much more rigorous the process becomes. Audit expectations rise. Deadlines tighten. Documentation is scrutinised.And yet, the accounts...
link to Find Out More
Audit

Understanding IFRS 18 and its impact on smaller AIM listed companies

8th May 2025
Written by: Joseph Brewer
IFRS 18 hasn't yet been endorsed in the UK, but it's expected to apply from 1st January 2027. To meet the requirements, you'll also need to prepare comparative figures ahead of that date.
link to Find Out More
Browse all insights

Sign up to Gravita's latest updates and newsletters

Stay up-to-date with our event invites, latest news and updates, straight from Gravita's experts.