Resources

An 8-point checklist to help Payment and E-money firms’ safeguarding audit compliance

Resources

An 8-point checklist to help Payment and E-money firms’ safeguarding audit compliance

This page was last updated on January 27, 2025

Payment and e-money firms are required by the Financial Conduct Authority (FCA) to undertake an annual safeguarding audit. Here we share a handy 8-point checklist designed to help firms strengthen their compliance in this area ahead of their audit.

Background

The FCA’s requirement for payment and e-money firms to undertake an annual safeguarding audit is linked to The Payment Services and Electronic Money Regulations. It seeks to ensure both compliance with regulatory requirements and assure customers and regulators that their funds are protected.

You can find out more about safeguarding audits in this article: Payment and e-money firms’ safeguarding audits – common questions answered.

Firms can strengthen their safeguarding approach in this area by using this 8-point checklist ahead of their audits.

8-Point CHECKLIST

1. Understand the current regulatory framework

Firms should prioritise time to become familiar with the relevant regulations and guidelines governing safeguarding in the UK. For starters, see the information provided by the FCA.

2. Establish internal safeguarding policies and procedures

It is vital to develop robust internal policies and procedures that outline how your organisation complies with the safeguarding requirements. Talk to an external specialist adviser or appoint a dedicated person in your organisation (see point 4). They can help to assess your operations and make recommendations on changes needed to shore up your safeguarding approach.

3. Ensure customer funds are segregated

It is paramount that you have appropriate mechanisms in place to segregate customer funds from your own operational funds. Maintain separate accounts or safeguard your trust arrangements to ensure that customer funds are protected, and not at risk in the case of insolvency.

4. Appoint a safeguarding officer

Designate a specific individual or internal team responsible for overseeing safeguarding measures across your firm. They should be tasked with understanding the regulatory requirements and ensuring your firm has a robust approach to the other 7 points in this checklist.

5. Perform risk assessments

It is important to conduct regular risk assessments. These should aim to identify potential vulnerabilities so you can develop appropriate risk mitigation strategies. The assessments should include evaluating risks associated with safeguarding, such as internal fraud, financial stability, or inadequate segregation of funds.

6. Maintain adequate documentation

To demonstrate your compliance and support the audit, it is crucial that your firm keeps detailed records of all your safeguarding activities. These records should include your policies, procedures, risk assessment outcomes, internal audit reports, and any other relevant documentation.

7. Regular training to bolster safeguarding awareness across the firm

Safeguarding should be viewed as a firm-wide responsibility. That’s why it is important to train employees on their roles and responsibilities regarding safeguarding measures. This includes educating them on the importance of segregating customer funds, detecting suspicious activities, and reporting any concerns or breaches.

8. Stay updated

And finally, keep abreast of any regulatory changes or updates related to safeguarding. Follow the FCA or our Financial Services team’s updates for news of the latest developments.

Changes ahead – CP24/20

In Autumn 2024, the FCA issued new guidance CP24/20, which impacts E-Money Firms. They also launched a safeguarding consultation, which closed in December 2024. The consultation will guide the final safeguarding rules the FCA intends to implement in stages. In doing so, it will work alongside HM Treasury to transition relevant PSRs and EMRs provisions into the FCA Handbook.

It is anticipated these next steps from the FCA are likely and that the outcome of the consultation will be published in Summer 2025:

Interim rules and a policy statement will be published in the first half of 2025.
The interim rules will then be implemented over a six-month period.
The FCA will publish final rules (end state) for which firms will then have 12 months to implement.

For more details see: Changing the safeguarding regime for payments and e-money firms

Can we help?

At Shipleys, we’ve been helping many payment and e-money issuing businesses comply with the latest regulations. For further information, contact one of our specialists shown on this page.

Specific advice should be obtained before taking action, or refraining from taking action, in relation to this summary. If you would like advice or further information, please speak to your usual Shipleys contact.