Safeguarding is now one of the FCA’s key payments priorities: Are you compliant with CASS 15 and CASS 10A?
- bbphoenixfsc
- Jun 23
- 3 min read

The FCA’s message to payment and e-money firms is clear: safeguarding is no longer just a technical compliance topic. It is one of the regulator’s core priorities for the payments sector.
In its latest Payments Regulatory Priorities, the FCA identifies “keeping customers’ money safe” as one of its four key areas of focus. This sits alongside innovation in payments, Consumer Duty, and protecting financial system integrity.
For authorised payment institutions, electronic money institutions, small e-money institutions and relevant small payment institutions, the implication is clear: firms are expected to have made the necessary changes to comply with the new safeguarding rules.
This is not a “wait and see” moment, these processes should be embedded in the firms’ systems and controls.
CASS 15 and CASS 10A raise the bar significantly
The new safeguarding framework strengthens expectations across governance, reconciliations, record-keeping, oversight, third-party due diligence, audit readiness and wind-down preparedness.
In practical terms, firms need to be able to evidence that safeguarding is embedded into their operating model, not simply documented in policies.
That means asking some very direct questions:
Can senior management clearly demonstrate ownership of safeguarding risk?
Are daily internal and external reconciliations operating effectively?
Are exceptions identified, escalated and remediated quickly?
Are safeguarding accounts, acknowledgements, third-party arrangements and diversification considerations properly controlled?
Is the CASS 10A resolution pack complete, accurate, retrievable and usable in a stress or insolvency scenario?
Is the firm ready for the increased scrutiny that will come through safeguarding audits?
The FCA has also indicated that, as standards have been strengthened, it may see an increase in adverse safeguarding audit opinions in the short term. That should be a warning signal for firms that have not yet tested their arrangements in detail.
Safeguarding cannot be viewed in isolation
What is particularly interesting is how safeguarding connects with the other themes currently dominating payments discussions.
Stablecoins and AI are opening new opportunities for innovation, automation and new payment models. But innovation will only scale sustainably if customers, regulators and counterparties can trust that money is properly protected.
Consumer Duty reinforces the need for payment firms to deliver good outcomes, communicate clearly and avoid foreseeable harm. Safeguarding failures are therefore not only operational or prudential issues; they can also become conduct issues.
Financial crime and AML remain central to the FCA’s expectations. Weak governance, poor controls and inadequate oversight can create vulnerabilities across both safeguarding and financial crime frameworks.
Open banking continues to develop rapidly reshaping competition and customer experience. But again, customer confidence depends on resilient firms, clear accountability and robust controls.
The regulatory direction is consistent: innovation is welcome, but it must be built on strong governance, operational resilience and customer protection.
Have you got everything in place to meet the FCA’s higher expectations?
For payment and e-money firms, the question is no longer whether the safeguarding rules will materially change the control environment. They already have.
The real question is whether your firm can evidence compliance to the board, the FCA and the auditors.
A high-level gap analysis is no longer enough. Firms need practical implementation, control testing, clear governance, robust reconciliations, audit-ready evidence and a resolution pack that works in practice.
At Phoenix FSC, we help payment and e-money firms move from regulatory interpretation to operational execution. We support firms with safeguarding gap analysis, CASS 15 and CASS 10A implementation, governance design, reconciliation frameworks, audit readiness and practical remediation plans.
Safeguarding standards are moving one way only.
Compliance with the rules is now.



