Opening a Safeguarding Account: A Practical Guide for UK Payment Institutions

Safeguarding client funds is arguably the most critical regulatory obligation for UK Payment Institutions (PIs) and Electronic Money Institutions (EMIs), enshrined in the Payment Services Regulations 2017 (PSRs 2017) and Electronic Money Regulations 2011 (EMRs 2011). Without adequate safeguarding arrangements, a firm cannot operate lawfully. This guide demystifies the process of opening and maintaining a safeguarding account, offering practical steps and regulatory insights for UK PIs.

What is a Safeguarding Account and Why is it Necessary?

A safeguarding account is a designated bank account specifically opened by a Payment Institution to hold relevant funds received from or on behalf of its payment service users, entirely separate from the institution’s own operational funds. This separation is necessary because it ensures that such funds are protected in the event of the PI’s insolvency, guaranteeing that client money cannot be used to pay the PI’s creditors. The regulatory requirement for safeguarding stems directly from Regulation 23 of the PSRs 2017 and Regulation 21 of the EMRs 2011, which mandate that firms must protect users’ funds received in exchange for payment services or e-money issuance. The Financial Conduct Authority (FCA) views safeguarding as fundamental to consumer protection and market integrity, making its robust implementation a non-negotiable aspect of authorisation and ongoing compliance. Failure to comply can lead to significant enforcement action, including fines, restrictions, or even revocation of authorisation. The FCA’s approach, as detailed in its Payment Services and Electronic Money Approach Document, emphasises that firms must have clear, documented policies and procedures for safeguarding, which are regularly reviewed and tested. Many firms seek specialist advice on these matters. Our team provides comprehensive assistance with safeguarding policy development.

What are the Approved Safeguarding Methods?

UK regulations permit two primary methods for safeguarding relevant funds: segregation of funds and insurance/guarantee, although the former is overwhelmingly more common in practice for PIs. The first method, segregation of funds, involves placing relevant funds in a separate bank account with an authorised credit institution, designated as a safeguarding account. Regulation 23(1)(a) of the PSRs 2017 specifies that relevant funds must be held in a separate account from any other funds held by the payment institution. This account must be held with a credit institution (e.g., a bank), or an authorised e-money institution. The funds must be identifiable as client funds, and the payment institution must have internal procedures to track and reconcile these funds. The second method, insurance or comparable guarantee, stipulated in Regulation 23(1)(b) of the PSRs 2017, involves covering the funds with an insurance policy or comparable guarantee from an insurance company or credit institution. This option is less frequently chosen due to its complexity and potentially higher cost, as firms must ensure the policy adequately covers their liabilities in the event of insolvency. Firms opting for this method must satisfy the FCA that the policy provides an equivalent level of protection to segregation. Most PIs will opt for the segregation method. Crucially, irrespective of the method chosen, the relevant funds must be protected such that, in the event of the PI’s insolvency, they are excluded from the PI’s estate and available to reimburse payment service users. This critical insolvency remoteness is what safeguarding truly aims to achieve.

How to Select a Suitable Safeguarding Bank?

Selecting the right safeguarding bank is a critical initial step for any Payment Institution, requiring thorough due diligence beyond simply comparing account fees. The chosen credit institution must be a UK-authorised bank with the necessary infrastructure and understanding to support safeguarding arrangements. The FCA expects firms to conduct robust due diligence on prospective safeguarding institutions. This includes assessing the bank’s financial stability, its understanding of payment services regulations, its capacity to handle the volume and type of transactions envisioned, and its willingness to enter into the necessary legal agreements. Key considerations include the bank's ability to: - Establish a separate designated safeguarding account. - Provide clear statements and reporting that facilitate reconciliation. - Understand and comply with the insolvency remoteness requirements. - Offer appropriate payment rails and settlement services compatible with the PI’s business model.

Firms should also consider the bank’s appetite for new payment institutions, as some traditional banks may be hesitant due to perceived regulatory risk or lack of understanding. It is prudent to approach several banks, provide a clear explanation of your business model, regulatory status, and specific safeguarding needs. An effective due diligence process will involve: - Reviewing the bank’s terms and conditions related to safeguarding accounts. - Assessing their financial health and credit ratings. - Understanding their operational capabilities, including online banking platforms and support. - Discussing their experience with other regulated payment institutions. - Ensuring their AML/CTF controls are robust and will not unduly impede legitimate transactions.

Engaging with banks that have experience in the FinTech sector can often simplify this process. For further information on bank selection and navigating challenges, see our insight on banking relationships for FinTechs.

What Legal Agreements and Operational Procedures Are Required?

Once a safeguarding bank is selected, formal legal agreements and robust internal operational procedures must be put in place to ensure compliance. The primary legal document will be an account agreement or safeguarding agreement with the chosen credit institution. This agreement must clearly specify that the account holds client funds for safeguarding purposes, that these funds are separate from the PI’s own money, and that they are protected in the event of the PI’s insolvency. It should explicitly state that the PI’s own creditors have no claim over these funds. Key clauses typically include: - A declaration that the account is a trust account or designated safeguarding account. - Acknowledgement by the bank that funds in the account belong to the PI’s payment service users. - Provisions for reconciliation and reporting. - Clauses addressing the treatment of funds in the event of PI insolvency.

Beyond the external agreement, the PI must develop a comprehensive set of internal operational procedures for safeguarding, as detailed in its safeguarding policy. These procedures must address: - Identification of relevant funds: Clear criteria for determining which funds need to be safeguarded. - Segregation process: How funds are transferred into the safeguarding account and accounted for. - Reconciliation: Daily reconciliation of safeguarding account balances with internal client ledgers. This is a critical FCA expectation. - Withdrawal procedures: Controlled processes for disbursing funds from the safeguarding account, ensuring they are only used for legitimate payment services. - Contingency plans: What happens if the safeguarding bank fails or if there is a disruption to the safeguarding arrangements. - Record-keeping: Detailed records of all safeguarding activities, including transaction trails and reconciliation reports. - Staff training: Ensuring all relevant staff understand their safeguarding responsibilities.

Regulation 23(7) of the PSRs 2017 explicitly requires payment institutions to keep relevant funds separate from their own funds, and to implement internal organisational measures to protect payment service users’ funds. The FCA Handbook, particularly in its Payment Services and Electronic Money Approach Document, provides further guidance on these expectations, emphasising the need for clear audit trails and robust internal controls. Firms should consider these ongoing requirements when developing their initial safeguarding framework.

Ongoing Monitoring, Reconciliation, and Reporting

Safeguarding is not a static obligation; it requires continuous monitoring, meticulous daily reconciliation, and adherence to reporting requirements. The FCA’s expectation is that safeguarding arrangements are not just set up correctly but are actively managed and regularly reviewed. Daily reconciliation is paramount. Payment Institutions must reconcile the funds held in their safeguarding accounts with their internal records of client balances at the end of each business day. This process confirms that all client funds have been accurately safeguarded and identifies any discrepancies promptly. Discrepancies, no matter how small, must be investigated and resolved without delay. The FCA places significant weight on the effectiveness of reconciliation procedures.

Monitoring extends to the performance of the safeguarding bank, including reviewing the bank’s financial health, service levels, and any changes to its terms or conditions. Firms should have a framework for periodic review of their safeguarding arrangements, ideally annually, or more frequently if there are significant changes to the business model or regulatory landscape.

Reporting obligations also exist. While there is no specific 'safeguarding report' that firms submit daily, the FCA collects data on firms' safeguarding arrangements through various regulatory returns (e.g., PSD007/EMD007 statistical data reports) and thematic reviews. Firms are also expected to promptly notify the FCA of any significant issues or breaches related to safeguarding, under Principle 11 of the Principles for Businesses, which requires firms to deal with their regulators in an open and cooperative way. This includes notifying the FCA of: - Any material change to the safeguarding arrangements. - Any breaches of safeguarding requirements. - Significant reconciliation issues that cannot be resolved. - Any concerns about the solvency or operational capacity of the safeguarding institution.

Insolvency practitioners guidance, such as that issued by the FCA in 2021 on 'Insolvency and resolution of payment and e-money institutions', further underscores the importance of clear reconciliation and record-keeping to facilitate the return of funds to customers if a firm becomes insolvent. Adherence to these ongoing duties demonstrates a commitment to robust client money protection. For more details on regulatory reporting, refer to our article on FCA regulatory reporting for Payment Institutions.

What are the Common Pitfalls and How to Avoid Them?

Navigating the complexities of safeguarding account setup and ongoing management can present several pitfalls, but with careful planning and robust internal controls, these can largely be avoided. One common pitfall is the failure to clearly identify ‘relevant funds’. Not all funds received by a PI are ‘relevant funds’ requiring safeguarding. For example, operational fees deducted by the PI for services rendered are not safeguarding-eligible funds once they are legally due to the PI. Misclassifying funds can lead to either over-safeguarding (tying up capital unnecessarily) or, more critically, under-safeguarding (leaving client funds exposed). Firms must have a clear policy for when funds become ‘relevant funds’ and when they cease to be so.

Another significant issue is inadequate reconciliation. Relying on manual processes, infrequent reconciliation, or processes that are not clearly documented greatly increases the risk of undetected discrepancies. The FCA expects daily reconciliation. Firms should invest in automated reconciliation tools where possible and ensure that reconciliation is performed by adequately trained personnel independent of payment processing teams.

Poor or generic legal agreements with safeguarding banks also pose a risk. A standard commercial bank account agreement may not contain the specific insolvency remoteness clauses required by the PSRs 2017. Firms must ensure the agreement explicitly confirms the safeguarding nature of the account and the protection of client funds from the PI's creditors.

Furthermore, lack of contingency planning for safeguarding bank failure or operational disruption is a serious oversight. What if the safeguarding bank itself faces insolvency or has technical outages? PIs should consider having accounts with multiple safeguarding banks or at least a clear disaster recovery plan that outlines how funds would be protected and moved in such scenarios.

Finally, failure to update safeguarding policies and procedures as the business model evolves or as new products are introduced is a common error. A safeguarding framework designed for a simple B2C remittance service may not be suitable for a complex B2B payments platform without significant amendments. Regular reviews, ideally annually, and after any material business change, are crucial. Understanding the nuances of new payment streams and their impact on safeguarding obligations is critical for continued compliance. Engaging a regulatory consultant at the outset can help navigate these complexities and avoid costly mistakes.