CLOSE
Ocorian Compliance UK & Europe > Insights > Getting ready for CASS 15: What should your immediate priorities be?

Getting ready for CASS 15: What should your immediate priorities be?

| UK & Europe | Articles

The FCA have published their policy statement (PS25/12) to strengthen the safeguarding regime and to align rules with the Client Asset Sourcebook (CASS). The policy statement sets out final rules and guidance for the ‘interim rules’ now referred to as the ‘Supplementary Regime’ and firms have 9 months until the rules come into force on 7 May 2026.

The policy statement sets out material changes in the FCA’s approach, including the approach to the end-state rules (‘Post-Repeal Regime’) being reconsidered. The FCA has considered proportionality based on feedback, as well as other areas, where the regulator has held their position, citing the need for strengthened measures. The FCA has also published intended amendments to the Payment Services and Electronic Money Approach Document (‘Approach Document’) reflecting the safeguarding changes.

The Supplementary Regime will be the acid test for strengthening the safety of the payments ecosystem. The FCA intend to conduct a review of the implementation of the regime, once a full audit period has passed and this will inform their approach to consulting on further changes, if they deem necessary.

Key changes

Reconciliations:

  • Reconciliation requirements have been codified in the new rules and firms should no longer see this as simply guidance in the Approach Document.
  • The FCA have clarified that reconciliation points must be at the same time every day and firms should align both internal and external reconciliation points
  • The requirement to conduct daily reconciliations on each business day the firm operates has now been clarified to exclude weekends, bank holidays and days on which relevant foreign markets are closed
  • Firms can perform non-standard methods of reconciliations, however, are required to document this and receive approval from an independent auditor (separate to its safeguarding audit) confirming this meets the payment firm’s obligations

Safeguarding audits:

  • The FCA have confirmed all payment firms (excluding SPIs and Credit Unions) will need to be audited by qualified auditors
  • An exemption from the audit requirement will be available to firms that have not safeguarded relevant funds more than £100,000 over a period of at least 53 weeks
  • The requirement for a limited assurance engagement where a payment firm has not held relevant funds has been removed.
  • Firms with audit periods that covers the date when new rules come into force, auditors will assess firms against the rules that were in place at the time.
  • Auditors will have an extended first audit submission deadline of 6 months post period end to submit the final report to the FCA. The following audit periods will remain at 4 months post period end.

What are your immediate priorities?

Although the FCA have introduced elements of proportionality and there is an extension of the transitional period, the policy statement introduces significant regulatory change. We recommend that payment firms prioritise their action plan to become CASS 15 ready and consider the following steps:

Gap analysis and change management plan: Perform a gap analysis between your existing safeguarding policies, procedures, and internal controls against the Supplementary Regime. Once gaps are identified and mapped across the new rules, you should create a detailed plan for specifying and prioritising the change efforts.

Audit findings: If your firm has received audit findings in prior periods, you should ensure they prioritise remediation and incorporate that into the gap analysis.

Operationalising plans: Turning plans into action and practical steps will require you to carefully consider your firm’s business model, flow of funds, data readiness, resource capacity and systems and controls. This will identify complex areas which may require additional consideration to determine the appropriate solution.

Governance: The FCA view poor governance and oversight as a root cause of regulatory issues. The new rules require firms to appoint an individual of sufficient skill and authority to have adequate oversight for safeguarding and to oversee the implementation of the new rules. Your governing body will also be required to have sufficient oversight and understanding of the firm’s compliance with safeguarding requirements.

We expect that firms of a certain scale and complexity will need to have a Safeguarding Committee with suitable individuals and backed with good quality management information to evidence decision making and oversight.

Proactive identification of risks: With all regulatory and operational changes there come risks. You should proactively identify any operational and safeguarding risks at an early stage as well as considering a mitigation strategy. Where you identify there are significant risks to meeting safeguarding requirements, you should consider a clear action plan to address these.

Documentation: The changes made are likely to be material, so you’ll need to ensure documentation evidencing key decisions made and challenges over interpretation of the new safeguarding requirements is gathered and saved. You’re also expected to document how processes and controls are changing to reflect the new regulation. This documentation will be key to support your first CASS audit under the new rules to provide an audit trail of the timing and testing of changes made.

How can Ocorian help you prepare for CASS 15?

From our experience, we expect that the FCA will undertake proactive engagement with firms to understand their readiness for the new rules and evidence of how they have prepared for the Supplementary Regime.

Our expertise in auditing firms, paired with industry, regulator and in-house experience, means we understand the regulatory changes you will face.

We are available to support throughout this transitional period and beyond. Our key areas of support include:

  • identifying key operational and safeguarding risks facing firms and recommending remediation actions to mitigate these risks
  • performing gap analysis reviews to analyse the current safeguarding environment against the new FCA requirements
  • building processes and controls to meet the rules and requirements, and the spirit they were written in
  • conducting readiness reviews and testing by doing a deep dive into firms’ overall policy and governance arrangements
  • ensuring that firms’ operational ability meets regulatory standards.

Get in touch if you need support.

Services

Get in touch

Chloe Arnold-Martin

Principal Consultant

Chloe specialises in providing regulatory and compliance advice on CASS and safeguarding for a range of financial services firms.

Send a message:

Samee Hussain

Samee Hussain

Senior Consultant

Samee specialises in providing regulatory and compliance advice to payments and e-money firms. Samee has extensive experience with regulatory authorisations processes as well as FCA supervision.

Send a message:

Want more insights like this?

Join our mailing list

Our insights

| UK & Europe

Getting ready for CASS 15: What should your immediate priorities be?

The FCA have published their policy statement (PS25/12) to strengthen the safeguarding regime and...

| UK & Europe

Proposed regulation of cryptoassets: What can firms do to prepare?

Around 12% of UK adults own or have previously owned crypto. With the phenomenon becoming more ma...

| UK & Europe

What next for the PE backed consolidators

Not all Private Equity (PE) firms have the same objectives. The traditional view of PE has been t...
  • UK & Europe
  • CONTACT
  • UK & Europe
  • CONTACT
  • UK & Europe
  • CONTACT
  • UK & Europe
  • CONTACT
  • UK & Europe
  • CONTACT