Is the clock running out for safeguarding execution?

For years, safeguarding was treated as a compliance formality – a policy document reviewed annually, a box ticked ahead of audits. That era is over. The FCA’s CASS 15 deadline arrives on 7 May 2026, shifting compliance from annual audit cycles into everyday operations.
The new requirements will strengthen how firms protect customer funds and assets, moving beyond box-ticking compliance toward demonstrable, ongoing control and accountability. It will require firms to implement more robust governance, enhanced record-keeping, regular reconciliation, and clearer evidence that client assets are properly segregated and always protected.

For payment and e-money firms, safeguarding has shifted from a back-office policy exercise to an execution challenge, and the urgency is real.

AutoRek’s Future of Payment Operations report found that only 33% of organisations say they are fully prepared for upcoming safeguarding and client money deadlines. Half report that implementation is still in progress. The data exposes a clear gap between regulatory expectation and operational reality.

Most payments leaders understand what CASS 15 requires: daily internal and external fund reconciliations, clear segregation of customer funds, and demonstrable audit trails. The problem is that the infrastructure needed to consistently deliver this simply doesn’t exist within most firms.

Fragmented data disrupts operations at 80% of payments firms. Where systems can’t reconcile automatically, real-time visibility breaks down. Without it, firms cannot demonstrate that client funds are properly segregated at any given moment, which is precisely what CASS 15 demands. Legacy systems and third-party processor limitations are the primary culprits, preventing the real-time visibility that safeguarding demands.

Fragmented data doesn’t just slow reconciliation. Instead, it creates blind spots that become apparent under regulatory stress.

Compounding this problem is that many firms are reliant on manual workarounds and spreadsheet driven reconciliation, with 69% citing this as their biggest scalability constraint. For them, the shift to CASS 15 is not an incremental upgrade.

As transaction volumes continue to rise, labour-intensive processes don’t just increase in cost. They introduce disproportionate operational risk. Each new payment channel, each additional data source, each exception requiring manual investigation adds burden without adding control.

CASS 15 requires firms to demonstrate that safeguarding is embedded in daily operations, not bolted on at month-end. That means automated data pipelines capable of ingesting and validating data across multiple sources in real time. It means exception monitoring that flags discrepancies immediately, not during the next batch run. And it means audit trails that capture every transaction decision automatically, not reconstructed retrospectively ahead of a regulatory review. Spreadsheet-driven reconciliation cannot simultaneously keep pace with rising transaction volumes and meet daily compliance obligations.

Without automation, operations cannot sustainably scale to meet demand. Legacy architecture simply wasn’t built for this.

Our survey reveals that 84% of payments organisations anticipate that their safeguarding controls will require updates within the next 12 months due to regulatory evolution. CASS 15 marks the starting point for a sustained period of heightened scrutiny.

Firms that treat safeguarding as a point-in-time compliance exercise will find themselves on the back foot as requirements continue to progress. Those that embed safeguarding into their control frameworks are building infrastructure that adapts as regulations change, reduces cost per transaction as volumes grow, and supports growth under sustained regulatory pressure.

Safeguarding readiness, in this context, becomes a competitive differentiator. Institutional clients, payment partners, and retail customers increasingly often make decisions based on the operational credibility of the firms they work with. Demonstrating robust, automated safeguarding controls moves beyond satisfying the FCA to building the trust that sustains long-term commercial relationships.

With less than two months until the CASS 15 deadline, the firms still in planning or early implementation stages are running out of time. Each step of the process – assessing infrastructure gaps, selecting and implementing solutions, educating teams, and validating controls – needs time to ensure this is right.

The firms investing in safeguarding now aren’t just meeting a deadline. They are operationally stronger, better positioned to absorb future regulatory change, and more trusted by the clients they serve. May 2026 will make the division between the two groups impossible to ignore.

Nick Botha, VP Payments and Retail Banking, AutoRec

“Is the clock running out for safeguarding execution?” was originally created and published by Electronic Payments Internationala GlobalData owned brand.

The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site.