FCA Safeguarding Audits

---

The Financial Conduct Authority (FCA) has strengthened its safeguarding regime for payment institutions and e-money firms, significantly increasing expectations around how customer funds are protected in practice.

The regime now focuses on demonstrable, operational safeguarding, requiring firms to evidence that arrangements are effective, consistently applied, and capable of functioning under both business-as-usual and stressed conditions.

Key requirements include:

End-to-end safeguarding arrangements
Firms must ensure that safeguarding structures, whether segregation or alternative methods, are fully aligned to their business model, transaction flows, and use of third parties. Safeguarding is expected to be designed and implemented as an operational framework, not just a policy position.

Enhanced record-keeping and auditability
Firms must maintain records that enable the identification, segregation, and return of relevant funds at any time, without delay. Records must be sufficiently robust to support an insolvency practitioner in a failure scenario.

Daily safeguarding reconciliations (D+1)
Firms are required to perform timely internal safeguarding reconciliations, supported by clear investigation and resolution processes for discrepancies. Reconciliation frameworks must be controlled, documented, and evidenced.

Annual safeguarding audit (reasonable assurance)
Firms within scope must arrange an annual safeguarding audit providing reasonable assurance over compliance with safeguarding requirements. These audits assess not only compliance, but also the effectiveness of controls, governance, and operational execution across the period. 

Governance and oversight
Safeguarding must be embedded within a firm’s governance structure, with clear accountability, management information, and oversight across all three lines of defence.

Third-party oversight
Firms must demonstrate appropriate due diligence, contractual protections, and ongoing monitoring of safeguarding institutions, including banks, custodians, and asset managers.

Resolution packs and wind-down readiness
Firms are required to maintain resolution packs that enable the prompt return of customer funds in an insolvency scenario. These must be complete, accurate, and operationally usable.

Regulatory reporting and evidence
The FCA expects firms to evidence compliance through structured reporting, clear audit trails, and the ability to demonstrate that safeguarding arrangements operate in practice as described.

The FCA’s focus is clear: firms must be able to demonstrate, with evidence, that safeguarding is working in practice on a continuous basis.

We offer two structured safeguarding services, depending on where your firm is in its journey and whether you require independent assurance or a full statutory audit.

1. Safeguarding Gap Analysis and Attestation

This service is designed for firms that want to assess and strengthen their safeguarding framework against the current FCA regime.

We:

• Conduct a detailed review of your existing safeguarding arrangements against CASS 15, the FCA Approach Document, and current regulatory expectations
• Assess key areas including safeguarding structure, reconciliations (including D+1), record-keeping, governance, and third-party oversight
• Identify gaps between your current arrangements and FCA expectations
• Produce a structured remediation plan with clear, practical recommendations

Once remediation actions have been implemented, we:

• Perform a follow-up review to validate that required changes have been embedded in practice
• Provide an attestation of compliance, confirming alignment with FCA safeguarding requirements based on the work performed

This provides firms with a clear, auditable position on safeguarding readiness without requiring a statutory audit.

2. Full Safeguarding Audit Support (End-to-End)

This service is designed for firms that require a formal safeguarding audit under the FCA regime.

We deliver this in two stages:

Stage 1 – Gap Analysis and Remediation

• Perform the same detailed safeguarding gap analysis as outlined above
• Produce a comprehensive remediation plan
• Support implementation where required, ensuring changes are operationally embedded and evidenced

Stage 2 – Statutory Audit Coordination

Once the firm is audit-ready, we introduce you to a suitably qualified statutory auditor with safeguarding audit experience. We support the audit process end-to-end, including:

• Preparing audit evidence packs 
• Responding to auditor queries 
• Reviewing draft findings 
• Supporting remediation of any audit observations 

This ensures that the statutory audit process runs efficiently and that the firm is properly prepared for reasonable assurance scrutiny.

Remediation Support (Applicable to Both Services)

For both services, we provide hands-on support in implementing required changes, including:

• Redesign of safeguarding frameworks and fund flows
• Reconciliation process design and documentation
• Record-keeping frameworks aligned to insolvency expectations
• Governance, oversight, and MI structures
• Third-party safeguarding due diligence and oversight frameworks
• Resolution pack development

Our focus is not just identifying gaps, but ensuring that safeguarding arrangements are operationally effective, evidenced, and capable of standing up to FCA scrutiny.