CASS 15 Services: Complete Guide for Payment Firms 2026

CASS 15 is the FCA’s new safeguarding regime for UK payment institutions and e-money firms, coming into force on 7 May 2026. It introduces strict requirements for daily reconciliations, client fund segregation, and robust audit trails to protect customer funds. Firms must implement comprehensive operational controls, automated systems, and enhanced governance frameworks to achieve compliance.

The clock is ticking. On 7 May 2026, the Financial Conduct Authority’s Client Assets Sourcebook (CASS) 15 regime became mandatory for UK payment service providers. This isn’t just another regulatory update—it’s a fundamental reshaping of how electronic money institutions (EMIs) and authorised payment institutions (APIs) safeguard client funds.

For firms operating under the Payment Services Regulations 2017 and Electronic Money Regulations, the shift from basic safeguarding to comprehensive CASS controls represents a significant operational leap. But what exactly does CASS 15 demand, and how can firms navigate this transition effectively?

What Is CASS 15?

CASS 15 establishes a rigorous safeguarding framework specifically designed for payment services and electronic money firms. Unlike previous safeguarding requirements, this regime introduces detailed operational standards that mirror the controls traditionally applied to investment firms handling client money.

The regime targets firms that hold customer funds as part of their payment operations. Whether processing transactions, issuing e-money, or facilitating cross-border payments, these entities must now demonstrate daily control over every penny held on behalf of clients.

Here’s the thing though—CASS 15 doesn’t just ask firms to segregate funds. It demands proof. Daily proof.

Who Must Comply With CASS 15?

The scope covers two primary categories of financial institutions:

• Electronic Money Institutions (EMIs): Firms authorised to issue electronic money under the Electronic Money Regulations. These institutions hold funds that customers have prepaid for future transactions or stored value.
• Authorised Payment Institutions (APIs): Entities licensed under the Payment Services Regulations to provide payment services, including money remittance, payment initiation, and account information services.

Small payment institutions and certain exempted entities may fall outside the regime’s scope, but the FCA expects the vast majority of customer-facing payment firms to prepare for full compliance.

Core Requirements of the CASS 15 Regime

The new safeguarding regime introduces several non-negotiable obligations that fundamentally alter operational workflows.

Daily Reconciliations

Firms must perform daily reconciliations of client funds held in safeguarding accounts. This requirement represents a significant departure from previous practices where monthly or periodic checks were acceptable. The daily cadence ensures that any discrepancies, shortfalls, or operational errors surface immediately rather than weeks later.

These reconciliations must cover all safeguarding accounts, internal records, and client balances. Automation becomes essential—manual processes simply can’t sustain this pace without introducing error risk.

Segregation and Account Structure

Client funds must be held in designated safeguarding accounts, completely segregated from the firm’s own operational funds. CASS 15 tightens the rules around account structure, requiring clear documentation of how funds are allocated and protected.

Firms must also establish robust processes for handling client money in transit, ensuring that funds remain protected throughout the payment lifecycle.

Audit Trails and Documentation

Every movement of client funds requires a comprehensive audit trail. The FCA expects firms to maintain detailed records that demonstrate compliance not just at month-end, but at any given moment.

This documentation must be readily accessible for regulatory review. When auditors or FCA supervisors request evidence, firms need to produce complete records within tight timeframes.

Key Operational Challenges Firms Face

Now, this is where it gets interesting. Regulatory compliance on paper is one thing. Operational reality is another.

Technology and System Limitations

Many payment firms operate on legacy systems that weren’t designed for daily reconciliations at scale. Manual spreadsheets, disconnected databases, and batch processing workflows simply can’t meet CASS 15’s real-time demands.

Upgrading or replacing core banking infrastructure takes months—sometimes years. Firms that haven’t started this journey yet face significant time pressure.

Resource and Skills Gaps

CASS compliance requires specialized knowledge. Firms need staff who understand both the technical reconciliation processes and the regulatory framework. According to discussions within the compliance community, recruitment in this space has intensified as firms compete for limited talent.

Training existing teams takes time. Building institutional knowledge around CASS controls can’t happen overnight.

Data Quality and Integration

Daily reconciliations expose data quality issues immediately. If client records, transaction logs, and bank statements don’t align perfectly, reconciliation breaks fail. Firms must clean up years of accumulated data inconsistencies before CASS 15 controls can function reliably.

Real talk: this is often the most underestimated challenge in CASS implementations.

Practical Steps to Achieve CASS 15 Readiness

With the 7 May 2026 implementation date approaching, firms must prioritize concrete actions over theoretical planning.

Conduct a Comprehensive Gap Analysis

Map current safeguarding practices against CASS 15 requirements. Identify specific shortfalls in technology, processes, governance, and documentation. This assessment should produce a detailed remediation roadmap with clear ownership and deadlines.

Invest in Automation Technology

Manual processes won’t scale to daily reconciliations. Firms must implement automated reconciliation platforms that can ingest data from multiple sources, identify breaks, and generate audit-ready reports without manual intervention.

According to BNY’s work with payment firms, one of AstroPay’s entities has been able to allocate approximately 40-50% of safeguarding funds into diversified money market funds USD following implementation of automated safeguarding solutions, demonstrating both compliance and operational efficiency improvements.

Establish Robust Governance Frameworks

CASS 15 requires designated oversight functions with clear accountability. Firms must appoint individuals responsible for CASS compliance, define escalation procedures, and establish regular reporting to senior management and boards.

This governance layer ensures that safeguarding isn’t just a back-office function but a board-level priority.

Test, Test, Test

Before 7 May 2026, firms should run parallel operations—executing daily reconciliations alongside existing processes. This testing phase reveals integration issues, workflow bottlenecks, and data quality problems while there’s still time to fix them.

Get Your CASS 15 Setup Ready Now

CASS 15 brings tighter safeguarding rules for payment firms, with more pressure on how client funds are handled and controlled. Acumon supports FCA-regulated firms with audit, risk and governance work, helping teams understand where their current setup may not meet new expectations.

Fix Safeguarding Gaps Before FCA Review

Here’s how Acumon helps firms prepare for CASS 15:

• Review of safeguarding arrangements and client fund handling
• Assessment of controls around reconciliation and record-keeping
• Identification of gaps against FCA expectations
• Support in strengthening governance and oversight
• Alignment of reporting processes with regulatory requirements

If you need to align your setup with CASS 15, get in contact with Acumon and review your current position before requirements tighten.

How CASS 15 Services Support Compliance

Many firms are turning to specialized CASS 15 services to bridge capability gaps. These services span several categories.

Technology Platforms and Software

Purpose-built reconciliation platforms automate the daily matching of client balances, bank statements, and internal records. These systems flag discrepancies, generate exception reports, and maintain comprehensive audit logs.

Advisory and Consulting Services

Specialist consultants help firms design CASS-compliant operating models, document policies and procedures, and prepare for regulatory scrutiny. This support proves particularly valuable for firms without prior CASS experience.

Managed Services and Outsourcing

Some providers offer end-to-end CASS operations as a managed service. This approach allows firms to achieve compliance without building complete in-house capabilities, though it requires careful oversight to ensure the outsourced function meets regulatory standards.

Training and Education Programs

Workshops, certification programs, and ongoing education help firms build internal expertise. Understanding CASS principles enables teams to operate controls effectively rather than just mechanically following procedures.

What Happens After 7 May 2026?

Compliance day isn’t the finish line—it’s the starting gun.

The FCA will expect firms to demonstrate sustained compliance through ongoing monitoring, regular attestations, and periodic audits. Supervisory reviews will test whether firms genuinely operate CASS controls or just maintain paper compliance.

Firms should anticipate increased scrutiny around operational resilience. Can safeguarding controls withstand system failures, staff turnover, or unexpected transaction volumes? The regulatory expectation is that client fund protection remains robust under stress.

But wait. There’s also an opportunity here. Firms that build strong CASS capabilities gain competitive advantages. Enhanced operational controls, better data quality, and improved governance frameworks deliver benefits beyond regulatory compliance—they enable more efficient operations and stronger risk management.

Conclusion

CASS 15 represents the FCA’s most significant update to payment firm safeguarding in years. The regime demands operational excellence, technological capability, and governance maturity that many firms are still building.

With the 7 May 2026 implementation date approaching, firms must accelerate preparation efforts. The requirements aren’t negotiable, and the operational changes required can’t be implemented overnight.

That said, firms that approach CASS 15 strategically gain more than regulatory compliance. Enhanced controls, improved data quality, and robust governance frameworks deliver lasting competitive advantages in an increasingly regulated market.

The time for planning has passed. Implementation must be the priority now. Firms should assess current readiness, identify critical gaps, and deploy resources to achieve operational compliance before the regulatory deadline arrives.

Frequently Asked Questions