EMI Safeguarding Requirements Under PS25/12: What Has Changed

EMI safeguarding requirements in the UK have been fundamentally transformed by PS25/12, published by the FCA in August 2025. This policy statement represents the most significant overhaul of client fund protection for electronic money institutions since the Electronic Money Regulations 2011 (EMRs 2011) transposed the second Electronic Money Directive into UK law. PS25/12 introduces six substantive changes that affect every authorised and small electronic money institution in the United Kingdom. This article explains each change in detail, sets out the implementation timeline and provides practical guidance for firms preparing for compliance.

What Are EMI Safeguarding Requirements?

EMI safeguarding requirements are the regulatory obligations governing how electronic money institutions protect client funds. Under the EMRs 2011, EMIs that receive funds in exchange for electronic money must safeguard those funds so that they are available for return to customers in the event of the firm's insolvency. The safeguarding obligation exists because e-money represents a direct monetary claim by the customer against the issuing firm — if the firm fails, customers must be able to recover their funds. Safeguarding has historically been achieved through one of two methods: the segregation method (holding funds in a designated safeguarding account at an authorised credit institution) or the insurance method (covering the obligation through an insurance policy or comparable guarantee). In practice, almost all UK EMIs use the segregation method. PS25/12 enhances the safeguarding framework by introducing mandatory operational standards, governance requirements and external assurance — moving from a principles-based approach to a prescriptive one.

Who Must Comply with PS25/12?

This requirement applies to:

• All FCA-authorised electronic money institutions (AEMIs) issuing electronic money under the EMRs 2011
• All FCA-registered small electronic money institutions (SEMIs) where they hold client e-money funds
• Authorised payment institutions (APIs) holding client funds under the PSRs 2017
• Small payment institutions (SPIs) are not subject to PS25/12 safeguarding requirements, but may voluntarily opt in to the regime
• EMIs providing hybrid services — both e-money issuance and payment services
• Agent networks where the principal EMI is responsible for safeguarding at the agent level
• Firms operating under the temporary permissions regime that issue electronic money

Key Changes Under PS25/12

Change 1: Statutory trust replaces contractual segregation. Under the previous regime, safeguarding relied on contractual arrangements between the EMI and the credit institution holding the safeguarding account. PS25/12 introduces a statutory trust framework — safeguarded funds are held on trust for the benefit of e-money holders by operation of law. This means that in the event of the EMI's insolvency, safeguarded funds are automatically excluded from the insolvency estate and ring-fenced for customers. The statutory trust arises at the point of receipt of funds from the customer, not at the point of deposit into the safeguarding account. This is a fundamental change — it eliminates the risk that contractual safeguarding arrangements could be challenged by an insolvency practitioner.

Change 2: Daily reconciliation mandatory. PS25/12 mandates daily reconciliation of safeguarded funds. The firm must reconcile the total amount held across all safeguarding accounts against the total outstanding e-money float (the aggregate balance owed to all e-money holders) at the end of each business day. This replaces the previous approach where many firms reconciled weekly, fortnightly or monthly. Discrepancies must be investigated immediately, and any shortfall must be topped up by the end of the same business day. The reconciliation must be documented with a complete audit trail, including the data sources used, the calculation methodology, the result, any discrepancies identified, corrective actions taken and the individual who performed and signed off the reconciliation.

Change 3: Annual independent safeguarding audit. Firms must engage an independent external auditor to conduct an annual audit of safeguarding arrangements. The audit must assess compliance with all PS25/12 requirements — segregation, reconciliation, record-keeping, governance and approved institution standards. The auditor's report must be presented to the firm's board and made available to the FCA upon request. The auditor must be independent of the firm — they cannot be the same firm that provides the annual statutory audit if independence would be compromised.

Change 4: Board governance obligations. A named senior individual — typically the holder of the SMF16 (Compliance Oversight) controlled function — must be designated as the person responsible for safeguarding compliance. Safeguarding must be a standing agenda item at board meetings, with documented discussion, challenge and decisions. The board must receive regular MI on safeguarding — including reconciliation results, any shortfalls, corrective actions, audit findings and regulatory developments.

Change 5: Approved institution requirements tightened. The credit institution holding the safeguarding account must be authorised in the UK or an EEA state. PS25/12 introduces specific requirements for the written acknowledgement that the credit institution must provide. The acknowledgement must confirm: (a) the account is a safeguarding account, (b) the institution is aware of its regulatory purpose, (c) the institution will not combine safeguarded funds with the firm's own funds or set off against the firm's debts, and (d) the institution acknowledges that the funds are held on statutory trust. This is more specific than the previous requirement and some banks have been reluctant to provide the enhanced acknowledgement.

Change 6: New monthly reporting return. PS25/12 introduces a new safeguarding reporting return for higher-risk firms. The return captures data on total safeguarded funds, the institutions where funds are held, reconciliation results, any shortfalls and corrective actions. The frequency is monthly for firms identified by the FCA as higher-risk based on volume, complexity or supervisory history. Other firms will submit the data as part of their annual RMAR return.

The PS25/12 Compliance Process

Step 1 — Conduct a comprehensive gap assessment. Map every PS25/12 requirement against the firm's current safeguarding arrangements. Identify compliant areas and specific gaps. Prioritise gaps by risk and implementation complexity. Timeline: 2–4 weeks.

Step 2 — Implement the daily reconciliation process. Design, document and operationally embed a daily reconciliation process that meets PS25/12 standards. This includes identifying all data sources, automating calculations where possible, establishing sign-off and escalation procedures, and creating the documentation template. Timeline: 6–10 weeks.

Step 3 — Update banking arrangements. Review existing safeguarding account arrangements against the enhanced PS25/12 requirements. Obtain the updated written acknowledgement from the credit institution. If the current bank cannot provide the PS25/12-compliant acknowledgement, begin opening a new account — allow 8–12 weeks for bank onboarding. Timeline: 4–12 weeks.

Step 4 — Establish governance framework. Designate the named senior manager, update board terms of reference, add safeguarding as a standing agenda item, and design the board MI pack. Timeline: 2–4 weeks.

Step 5 — Engage an independent safeguarding auditor. Identify and appoint an external auditor with specific experience of EMI safeguarding. Schedule the first audit to complete before the compliance deadline. Auditors with relevant experience are in high demand — engage early. Timeline: engage by Q1 2026.

Common Mistakes in PS25/12 Implementation

The most common mistake is treating PS25/12 as a documentation exercise. Firms produce updated policies and procedures but do not change their actual operational processes. The FCA will identify this gap immediately — they examine operational reality, not written aspirations.

Second, inadequate reconciliation infrastructure. Firms that continue to use manual spreadsheets for daily reconciliation are at risk. Manual processes introduce human error, lack audit trails and cannot scale as transaction volumes grow. The FCA expects robust, repeatable, system-supported reconciliation.

Third, delayed engagement with the safeguarding bank. Obtaining the enhanced PS25/12 written acknowledgement has proven challenging for some firms. Banks that were comfortable with previous contractual arrangements are taking time to assess the implications of the statutory trust framework. Firms must initiate this conversation early.

Fourth, appointing an auditor too late. Independent safeguarding auditors with EMI experience are in limited supply. Firms that wait until Q2 2026 may find no auditor availability before the compliance deadline.

What Firms Should Do Now

1. Designate the SMF16 function holder (or equivalent senior manager) as the named individual responsible for safeguarding compliance and document this in the firm's governance framework.
2. Conduct the gap assessment immediately — map every PS25/12 requirement against current arrangements and produce a prioritised remediation plan.
3. Contact the safeguarding bank to discuss the enhanced written acknowledgement requirements. If the bank indicates it cannot comply, begin opening an alternative safeguarding account.
4. Implement daily reconciliation with full documentation, audit trail and same-day shortfall remediation — this is the operational core of PS25/12.
5. Add safeguarding as a standing board agenda item with documented MI from the next board meeting.
6. Engage an independent safeguarding auditor by the end of Q1 2026 and schedule the first annual audit.

Regulatory Context and Outlook

The FCA has been explicit that safeguarding is a supervisory priority for 2025–2026. The regulator's Dear CEO letter to payment and e-money firms (March 2024) identified safeguarding deficiencies as the single most significant area of concern. The FCA's review of safeguarding practices across the PI and EMI sector found widespread gaps in reconciliation, governance and record-keeping. PS25/12 is the FCA's response — a shift from principles-based expectations to prescriptive requirements with specific operational standards. The FCA has indicated that it will use the new safeguarding reporting data to identify firms that are not meeting PS25/12 standards and will intervene proactively. Firms that are not visibly progressing towards compliance can expect direct supervisory engagement.

Regulatory Counsel provides end-to-end PS25/12 compliance support for EMIs — from gap assessment through daily reconciliation implementation, banking arrangement review, governance framework design and audit preparation. Our team has direct experience of FCA safeguarding expectations and has worked with EMIs at every stage of the compliance process. Firms seeking specialist support with PS25/12 safeguarding compliance can contact Regulatory Counsel for a free initial consultation. See our safeguarding service for details.