Safeguarding of customer funds is the cornerstone of prudential regulation for payment institutions and electronic money institutions. The requirement to segregate and protect customer funds — ensuring they are available for return to customers even if the firm becomes insolvent — is the primary mechanism by which the regulatory framework protects consumers. Setting up compliant safeguarding accounts is one of the most operationally challenging steps for newly authorised firms, and maintaining compliance with the evolving safeguarding standards is an ongoing obligation that demands dedicated resources and robust processes. This guide covers the practical aspects of safeguarding account setup, bank selection, account structure and the enhanced requirements introduced by PS25/12.
The Legal Framework for Safeguarding
The safeguarding obligation for payment institutions is set out in Regulation 23 of the Payment Services Regulations 2017. For electronic money institutions, the equivalent provision is Regulation 21 of the Electronic Money Regulations 2011. Both regimes require firms that hold customer funds — referred to as 'relevant funds' — to protect those funds using one of two methods:
Method 1: Segregation. Customer funds must be deposited in a separate account at an authorised credit institution (a bank) that is designated as a safeguarding account. The funds must not be commingled with the firm's own money (beyond what is necessary to cover bank fees). The bank must acknowledge that the funds are held on trust for the firm's customers and are not subject to any right of set-off, combination or counterclaim by the bank against the firm.
Method 2: Insurance or guarantee. Customer funds are protected by an insurance policy from an authorised insurer or a comparable guarantee from an authorised credit institution. The policy must provide cover equivalent to the safeguarding obligation — meaning the insurer or guarantor must pay out amounts equal to the customer funds if the firm becomes insolvent. This method is less commonly used due to the difficulty and cost of obtaining suitable policies.
Choosing a Safeguarding Bank
Selecting a bank to hold safeguarding accounts is one of the most practically difficult aspects of PI and EMI setup. Many UK banks have restricted or withdrawn safeguarding account services for payment institutions, citing the compliance burden, risk of involvement in financial crime through PI customer flows, and the operational complexity of maintaining segregated accounts with the required acknowledgement letters.
Firms should approach multiple banks simultaneously and should expect the process to take 2–6 months from initial enquiry to account opening. Key factors in bank selection include: willingness to provide the required written acknowledgement letter; experience with payment institution safeguarding requirements; fee structure (some banks charge significantly more for safeguarding accounts); operational capabilities for same-day or real-time reconciliation; geographic reach if the firm requires multi-currency safeguarding; and the bank's own financial stability and credit rating.
Firms should maintain safeguarding accounts at more than one bank where possible. Concentration risk — having all customer funds at a single institution — is a supervisory concern, particularly for larger firms. The FCA has highlighted concentration risk in multiple Dear CEO letters and thematic reviews.
Account Structure and Segregation
The safeguarding account must be structured to ensure clear legal separation between customer funds and the firm's own assets. In practice, this means: the account must be designated as a client or trust account in the bank's records; a written acknowledgement from the bank must confirm the segregated status and absence of set-off rights; the account title should clearly identify it as a safeguarding account (e.g., '[Firm Name] Client Safeguarding Account'); and the firm must maintain a master record of safeguarding accounts, acknowledgement letters and bank contact details.
For firms processing high volumes or multiple currencies, the account structure may include multiple safeguarding accounts — potentially at different banks or in different currencies. Each account must comply with the segregation requirements and be covered by appropriate acknowledgement letters.
PS25/12 Enhanced Safeguarding Requirements
The FCA's Policy Statement PS25/12 introduced significantly enhanced safeguarding requirements that took effect from 2025. Key changes include: end-of-day reconciliation replacing the previous requirement for reconciliation at least once per business day; defined timescales for resolving reconciliation discrepancies (shortfalls must be remedied by the next business day); enhanced record-keeping requirements including a safeguarding resolution pack that can be used by an insolvency practitioner; and more prescriptive requirements for the content and form of the bank acknowledgement letter.
These changes materially increase the operational burden on payment institutions and EMIs. Firms must invest in reconciliation systems capable of producing accurate end-of-day positions, automated discrepancy detection and rapid resolution processes. Manual reconciliation using spreadsheets — while technically possible for small firms — is increasingly difficult to justify under the enhanced standards.
Reconciliation Processes
Safeguarding reconciliation involves comparing the total customer funds owed (the safeguarding requirement) against the total funds held in designated safeguarding accounts (the safeguarding position). The reconciliation must identify any shortfall or excess and trigger corrective action within the prescribed timescales.
The reconciliation process should include: automated extraction of the safeguarding requirement from the firm's core payment or e-money system; automated extraction of the safeguarding position from bank account feeds; comparison and identification of discrepancies; escalation procedures for shortfalls exceeding defined thresholds; documented investigation of discrepancies; and regular reporting to senior management and the board on safeguarding compliance.
Common Compliance Failures
The FCA has identified recurring safeguarding compliance failures across the payment institution and EMI sector. The most common include: delays in depositing customer funds into safeguarding accounts (funds should be segregated by the end of the business day following receipt, or immediately for EMIs receiving cash); failure to obtain or maintain current bank acknowledgement letters; commingling of firm funds with customer funds in safeguarding accounts; inadequate reconciliation frequency or methodology; failure to remediate shortfalls within required timescales; and absence of a safeguarding resolution pack.
Regulatory Counsel advises payment institutions and EMIs on safeguarding account setup, PS25/12 compliance, reconciliation processes and FCA supervisory preparation. Contact us for a free initial consultation. See our safeguarding reviews service page for more.
Frequently Asked Questions
SPIs are not legally required to safeguard under Regulation 23 of the PSRs 2017. However, the FCA encourages voluntary safeguarding, and firms upgrading to API status must have safeguarding in place.
Typically 2–6 months from initial bank enquiry to account opening. Many banks are restrictive about offering safeguarding accounts, so firms should approach multiple banks simultaneously.
A written confirmation from the bank that customer funds in the safeguarding account are held on trust, are segregated from the firm's own assets, and are not subject to set-off rights.
Under the enhanced PS25/12 requirements, reconciliation must be performed at least daily (end-of-day). Shortfalls must be remedied by the next business day.