Skip to content
In the news TRM Labs × Finray — audit-ready crypto transaction monitoring for banking
Finray
Book a briefing

FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta

The FCA PS25/12 Supplementary Safeguarding Regime introduces operational safeguarding rules in CASS 15, resolution-pack rules in CASS 10A, audit rules in SUP 3A and monthly REP027 reporting in SUP 16.14A. The radar maps 90+ controls across the four Handbook surfaces, the prior-regime change-delta, enforcement cases and the UK vendor universe. Corebanq recused.

Cluster
Corebanq
Published
Updated
Version
1.1.0
Disclosure
Finray product recused from ranking

Last reviewed   ·  Version 1.1.0  ·  Evidence cutoff 

FCA Supplementary Safeguarding Regime — CASS 15, CASS 10A, SUP 3A, SUP 16.14A operational delta

The FCA PS25/12 Supplementary Safeguarding Regime is the UK Handbook overlay that turns payment and e-money safeguarding into a daily, auditable operating discipline. It does not replace Payment Services Regulations 2017 regulation 23 or Electronic Money Regulations 2011 regulation 20 during the Supplementary Regime; it adds CASS 15 for operational safeguarding, CASS 10A for the resolution pack, SUP 3A for safeguarding audit and SUP 16.14A for the monthly REP027 return. The policy statement, instrument and Approach Document amendments came into force on 7 May 2026. Primary sources: https://www.fca.org.uk/publications/policy-statements/ps25-12-changes-safeguarding-regime-payments-and-e-money-firms, accessed 2026-05-10; https://www.fca.org.uk/publication/policy/ps25-12.pdf, accessed 2026-05-10; https://api-handbook.fca.org.uk/files/instrument/Glossary-GEN-CASS-SUP/FCA%202025/38-2026-05-07.pdf, accessed 2026-05-10.

Corebanq is built and operated by Finray Technologies Ltd, the publisher of this graph. Corebanq is recused from any qualitative ranking. Inclusion is for completeness in the buyer-guide vendor universe under the editorial methodology at /intelligence/methodology/.

The scope correction matters. Authorised payment institutions, except PIS/AIS-only firms, authorised e-money institutions, small e-money institutions and credit unions issuing e-money are the mandatory perimeter; small payment institutions can opt in. AISP-only and PISP-only firms are exclusions unless another activity creates relevant-funds exposure. Primary sources: https://www.fca.org.uk/firms/emi-payment-institutions-safeguarding-requirements, accessed 2026-05-10; https://www.handbook.fca.org.uk/handbook/CASS/15/1.html?date=2026-05-07, accessed 2026-05-10; https://www.handbook.fca.org.uk/handbook/PERG/15.html, accessed 2026-05-10.

The four Handbook surfaces

CASS 15 is the operational surface. It covers allocation of relevant funds, mixed remittances, approved secure liquid assets, insurance or comparable guarantee, third-party selection, acknowledgement letters, records and reconciliations. Daily internal reconciliation, external reconciliation and D+1 comparison need data lineage, exception workflow and owner evidence, not a month-end spreadsheet rebuilt after the fact. Primary sources: https://www.handbook.fca.org.uk/handbook/CASS/15/1.html?date=2026-05-07, accessed 2026-05-10; https://www.handbook.fca.org.uk/handbook/CASS/15/2.html?date=2026-05-07, accessed 2026-05-10; https://www.handbook.fca.org.uk/handbook/CASS/15/8.html?date=2026-05-07, accessed 2026-05-10.

CASS 10A is the insolvency-readiness surface. It requires a CASS resolution pack for safeguarding institutions receiving or holding relevant funds under CASS 15. The pack must be maintained, retrievable within the required window and capable of showing account details, agreements, policies, records, agents, distributors, third parties and critical people. Primary sources: https://www.handbook.fca.org.uk/handbook/CASS/10A/1.html?date=2026-05-07, accessed 2026-05-10; https://www.handbook.fca.org.uk/handbook/CASS/10A/2.html?date=2026-05-07, accessed 2026-05-10; https://www.handbook.fca.org.uk/handbook/CASS/10A/3.html?date=2026-05-07, accessed 2026-05-10.

SUP 3A is the assurance surface. It creates the safeguarding audit framework for relevant institutions and external auditors, including appointment, independence, reasonable assurance, report period, delivery timing and governing-body receipt. The audit tests whether the firm can evidence its own CASS 15, CASS 10A, SUP 16.14A and statutory safeguarding obligations. Primary sources: https://www.handbook.fca.org.uk/handbook/SUP/3A/1.html?date=2026-05-07, accessed 2026-05-10; https://www.handbook.fca.org.uk/handbook/SUP/3A/5.html?date=2026-05-07, accessed 2026-05-10; https://www.handbook.fca.org.uk/handbook/SUP/3A/9.html?date=2026-05-07, accessed 2026-05-10.

SUP 16.14A is the reporting surface. It requires the monthly safeguarding return within 15 business days of calendar month-end except for the month in which a firm becomes a safeguarding institution. The FCA firm page identifies REP027, so balances, methods, breaches, third-party account data and attestations need the same evidence base as daily reconciliation. Primary sources: https://www.handbook.fca.org.uk/handbook/SUP/16/14A.html?date=2026-05-07, accessed 2026-05-10; https://www.fca.org.uk/firms/emi-payment-institutions-safeguarding-requirements, accessed 2026-05-10.

Auditor universe — the 7 CASS-qualified firms

SUP 3A delegates the safeguarding-audit opinion to a CASS-qualified audit firm with auditor independence determined under the chapter. Seven UK audit firms have published Supplementary-Regime guidance materials and operate CASS-qualified practices serving payment institutions and electronic money institutions: KPMG LLP, Ernst & Young LLP, Deloitte LLP, BDO LLP, Grant Thornton UK LLP, Forvis Mazars LLP (formerly Mazars LLP), and RSM UK. Each is recorded in the graph as a vendor with the evidence-for edge type pointing at the SUP 3A audit control (C15). The list is non-exhaustive: smaller CASS-qualified firms exist; the editorial bar required published Supplementary-Regime guidance to be enumerated by name in this radar.

Court precedent — Re Ipagoo and Re Allied Wallet

The legal basis the Supplementary Regime addresses operationally is built on two High Court judgments. Re Ipagoo LLP [2022] EWCA Civ 302 (Court of Appeal, 9 March 2022) and Re Allied Wallet Ltd [2022] EWHC 1877 (Ch) (High Court, 15 July 2022) together established that PSRs regulation 23 and EMRs regulation 24 do not create a statutory trust over relevant funds, but grant a priority interest over a segregated asset pool, with shortfalls reconstituted from non-safeguarded assets on an “equality is equity” basis. That legal posture left customers exposed in 12 payment-firm insolvencies between Q1 2018 and Q2 2023 with an average safeguarding shortfall of 65 per cent (80 per cent for EMIs alone) and an average two-year wait for distribution. PS25/12 addresses this operationally through CASS 15 + CASS 10A; the proposed Post-Repeal Regime would address it structurally through a statutory trust.

UK ↔ EU divergence

UK firms lost PSD2/EMD2 passporting at the end of the Brexit transition period. A group running both UK and EEA payment or e-money entities now reconciles two parallel regimes (and, where stablecoin or crypto activity sits inside an EMI group, a third regime layer via MiCA, which has applied from 30 December 2024). The EU statutory comparators remain PSD2 Article 10 (PI safeguarding) and EMD2 Article 7 (EMI safeguarding), with EBA/GL/2017/09 the authorisation-information guideline and EBA Q&A 2024_7165 the most recent EBA clarification on central-bank settlement accounts as safeguarding instruments. The EU is moving toward PSD3 / PSR1, currently in trilogue and expected to take effect from 2027 at the earliest. Cross-border firms should therefore plan for two parallel regimes during 2026–2027: the FCA Supplementary Regime in the UK and PSD2 Article 10 + EMD2 Article 7 in the EEA, with PSD3/PSR1 as the EEA forward-looking layer.

The operational delta a UK-and-EEA group must reconcile: account-designation evidence (CASS 15.3.4R-style acknowledgement letters in the UK; case-by-case under PSD2 Article 10 in the EEA), reconciliation cadence (daily under CASS 15; not specified at instrument level in PSD2/EMD2), independent audit (SUP 3A annual reasonable assurance in the UK; subject to NCA discretion in the EEA), monthly reporting (REP027 in the UK; no equivalent at instrument level in the EEA), and resolution pack (CASS 10A in the UK; no equivalent at instrument level in the EEA — the EU Bank Recovery and Resolution Directive applies to credit institutions, not PIs/EMIs).

What changes from the prior regime

Before PS25/12, UK safeguarding rested mainly on PSRs regulation 23, EMRs regulation 20, the FCA Approach Document and supervisory letters. The Supplementary Regime keeps that statutory base but gives firms a rule-indexed control environment. The largest change is cadence: internal safeguarding reconciliation must be performed at least each reconciliation day, external reconciliation must compare internal and third-party records at least each reconciliation day, and the standard method adds a D+1 comparison of requirement and resource. That cadence makes exception age, source system, top-up and closure evidence central, not optional. Primary sources: https://www.legislation.gov.uk/uksi/2017/752/regulation/23, accessed 2026-05-10; https://www.legislation.gov.uk/uksi/2011/99/regulation/20, accessed 2026-05-10; https://www.handbook.fca.org.uk/handbook/CASS/15/8.html?date=2026-05-07, accessed 2026-05-10.

The second change is monthly regulatory visibility: SUP 16.14A and REP027 convert safeguarding from periodic policy assertion into recurring data return. The third is audit independence through SUP 3A. The fourth is resolution-pack discipline: CASS 10A requires account, agreement, policy, third-party, agent, distributor and systems-access evidence to be findable under insolvency pressure. The fifth is scope precision. AISP-only and PISP-only firms are not mandatory CASS 15 buyers, while APIs with relevant funds, AEMIs, SEMIs and credit unions issuing e-money are in the core perimeter. Primary sources: https://www.handbook.fca.org.uk/handbook/SUP/16/14A.html?date=2026-05-07, accessed 2026-05-10; https://www.handbook.fca.org.uk/handbook/SUP/3A/9.html?date=2026-05-07, accessed 2026-05-10; https://www.handbook.fca.org.uk/handbook/CASS/10A/1.html?date=2026-05-07, accessed 2026-05-10.

Named enforcement and supervisory action since 2018

The forensic register is included to keep the buyer conversation concrete. Premier FX was publicly censured after the FCA identified failures to safeguard relevant funds, lack of designated safeguarding accounts, inadequate records and customer funds that were not distinguishable from firm funds (FCA Final Notice: Premier FX, accessed 2026-05-10). Allied Wallet is included through the FCA statement and Gazette winding-up material, where concerns included management, conduct and safeguarding customer funds. Primary sources: https://www.fca.org.uk/news/statements/allied-wallet-limited, accessed 2026-05-10; https://www.thegazette.co.uk/notice/3499762, accessed 2026-05-10.

Wirecard Card Solutions UK is included because the FCA requirements were framed to protect e-money funds held in safeguarded accounts after the German parent insolvency event; the Loot administration statement is a connected UK customer-impact reference. Primary sources: https://www.fca.org.uk/news/news-stories/requirements-imposed-wirecard-authorisation, accessed 2026-05-10; https://www.fca.org.uk/news/statements/wirecard-has-announced-winding-down-its-business, accessed 2026-05-10; https://www.fca.org.uk/news/statements/loot-financial-services-limited-administration, accessed 2026-05-10.

Rational FX, Xpress Money, Monneo and JNFX are included as special-administration cases where the FCA source links the event to PSR safeguarding, fund assessment or the payment/e-money insolvency regime. Biilz is included because the FCA Final Notice states the firm had not taken adequate measures to safeguard electronic money holders’ funds and proposed an account not in the firm’s name. Currency Matters is included as a First Supervisory Notice and special-administration row, not as a final enforcement finding; the FCA cited failures to provide safeguarding reconciliation and supporting statements, an inadequate safeguarding or prudential position and suspected misappropriation. Primary sources: https://www.fca.org.uk/news/news-stories/rational-foreign-exchange-limited-enters-special-administration, accessed 2026-05-10; https://www.fca.org.uk/news/news-stories/xpress-money-services-limited-enters-special-administration, accessed 2026-05-10; https://www.fca.org.uk/news/news-stories/monneo-ltd-enters-special-administration, accessed 2026-05-10; https://www.fca.org.uk/news/news-stories/jnfx-ltd-enters-special-administration, accessed 2026-05-10; https://www.fca.org.uk/publication/final-notices/biilz-uk-ltd-2024.pdf, accessed 2026-05-10; https://www.fca.org.uk/publication/supervisory-notices/first-supervisory-notice-currency-matters-limited.pdf, accessed 2026-05-10.

Ipagoo is a court-material cross-reference, not an FCA enforcement row. It is included because the Court of Appeal material is relevant to legal uncertainty about the status of safeguarded funds and therefore to resolution-pack and segregation analysis (Court of Appeal: Ipagoo LLP in administration, accessed 2026-05-10). The radar does not infer missing fines, FRNs or final findings where the dossier did not retrieve them from primary material.

What buyers should test in vendor due diligence

A vendor can support a safeguarding control, but the regulated firm remains accountable. Buyers should test whether the platform can produce the customer-liability population, safeguarding requirement, safeguarding resource and exception list from one source of truth; classify PSU funds, e-money balances, own funds, fees, returns, refunds, chargebacks and settlement-in-transit balances at event level; prove daily internal reconciliation, D+1 comparison and external reconciliation with timestamps and exception ageing; preserve acknowledgement letters, account metadata and counterparty diligence; evidence concentration limits across bank, custodian, insurer, guarantor, group, currency and country; generate REP027 inputs without reconstruction; assemble CASS 10A pack artefacts within the retrieval window; and expose audit trails, breach logs and governing-body evidence to a SUP 3A auditor.

Vendor-owned materials are due-diligence inputs only. A supports edge in this graph means the vendor or product material describes functionality relevant to a control surface; it does not mean the FCA has endorsed that vendor, that a buyer is compliant by using it or that Corebanq is ranked against comparators.

How to read the radar

The graph separates public authorities, regulations, supervisory standards, controls, vendors, products, licensed-entity cases, status classes and the UK jurisdiction. Regulator nodes use round rectangles, regulation nodes use hexagons, standard nodes use rectangles, controls use diamonds, vendors use ellipses, products use vee shapes, licensed-entity cases use octagons, status classes use triangles and the jurisdiction node uses a star. The useful reading path is regulation to control, forensic case to control, product to control and product to vendor; reverse inference should be avoided.

The regulatory layer starts with PS25/12, the FCA instrument, CASS 15, CASS 10A, SUP 3A, SUP 16.14A, PSRs regulation 23, EMRs regulation 20 and PESAR. The supervisory-standard layer adds the Approach Document and EBA reference material. The control layer breaks the regime into account designation, segregation, liability scoping, mixed remittances, method selection, counterparty diligence, concentration, reconciliation, reporting, audit, governance, notifications and group/outsourcing boundaries. The vendor layer is deliberately non-ranking, and supports edges are vendor-owned evidence only, with no FCA endorsement implied.

Editorial conclusion

PS25/12 makes implicit safeguarding discipline explicit and machine-checkable. Firms that already operate daily liability scoping, safeguarded-resource evidence, third-party oversight, audit trails and insolvency-ready records will absorb the regime mainly as documentation and reporting pressure. Firms that do not will discover the gap quickly, because the monthly REP027 cycle gives weak reconciliation fewer places to hide.

This radar should be read alongside /intelligence/safeguarding-reconciliation-solvency-discipline/ for the wider EU + UK safeguarding-as-solvency framing; /intelligence/emi-pi-authorisation-withdrawals/ for the forensic withdrawal register; /intelligence/emi-pi-licensing-success/ for the licensing-success population; and /intelligence/eu-uk-pi-emi-core-banking/ for the broader buyer-guide.

Layout
cose-radar
Nodes
118
Edges
225
Last reviewed
2026-05-10
Evidence cutoff
2026-05-10
Pending outreach
1
Showing 10 / 10
Jurisdiction (1)
Outcome classes used to group forensic rows. (1)
Service-scope breadth (4)
  • regulator
  • regulation
  • standard
  • control
  • vendor
  • product
  • licensed-entity
  • status-class
  • jurisdiction
  • finray product (COI)

Reference index

The interactive forensic graph above and the tables below cover named safeguarding, insolvency and court-material cases. The graph is for filtered exploration; the tables index the case register, UK jurisdiction perimeter and outcome classes as plain text — for search engines, citation tools and readers who prefer linear reading.

Outcome classes used to group forensic rows.s (5)

The 5 outcome classes group the 10 named cases by the public-source action type. Counts are exact for this graph; class boundaries follow the dossier's editorial taxonomy and do not create new regulatory findings.

Outcome classes used to group forensic rows.s observed in the 10-case UK safeguarding forensic register.
Outcome class Description
regulator-revocation regulator-revocation is an outcome class used to group forensic rows in the radar.
voluntary-cancellation voluntary-cancellation is an outcome class used to group forensic rows in the radar.
application-refused application-refused is an outcome class used to group forensic rows in the radar.
lapsed-without-renewal lapsed-without-renewal is an outcome class used to group forensic rows in the radar.
regime-transition-non-completed regime-transition-non-completed is an outcome class used to group forensic rows in the radar.

Jurisdictions (1)

Jurisdiction coverage for this radar is the United Kingdom perimeter. EU material appears only as comparator or standard evidence, not as a non-UK enforcement register.

the 10-case UK safeguarding forensic register by jurisdiction.
Jurisdiction Records Description
United Kingdom 10 UK perimeter for the FCA Supplementary Safeguarding Regime radar.

Named cases (10)

Every named case in the FCA, Gazette and Court of Appeal primary-source register at the cut-off, grouped by jurisdiction. Listing is editorial and does not imply regulator endorsement, ranking or a finding beyond the cited source. Outcome classes are editorial groupings from the cited primary material; no missing FRNs, fines or final findings are inferred.

United Kingdom 10 records

named safeguarding cases with United Kingdom as the perimeter.
Entity Outcome class Scope Website
Allied Wallet winding-up regulator-revocation forensic case fca.org.uk
Biilz UK Ltd Final Notice regulator-revocation forensic case fca.org.uk
Currency Matters FSN/special administration regulator-revocation forensic case fca.org.uk
Ipagoo court cross-reference regime-transition-non-completed forensic case judiciary.uk
JNFX special administration voluntary-cancellation forensic case fca.org.uk
Monneo special administration voluntary-cancellation forensic case fca.org.uk
Premier FX censure voluntary-cancellation forensic case fca.org.uk
Rational Foreign Exchange special administration voluntary-cancellation forensic case fca.org.uk
Wirecard Card Solutions restrictions regime-transition-non-completed forensic case fca.org.uk
Xpress Money special administration regulator-revocation forensic case fca.org.uk

Source: the FCA, Gazette and Court of Appeal primary-source register, cut-off 2026-05-10. The full forensic pack — named-case register, control-pattern mapping, FRN retrieval carry list, and UK safeguarding source dossier — is available under briefing scope; email partnership@finray.tech with the subject line "FCA safeguarding forensic pack".

Regulators (8)

National Competent Authorities, supervisory authorities, and pan-EU European Supervisory Authorities indexed in this radar. Each row links to the regulator's primary-source URL with the date the source was last accessed. Listing is alphabetical by jurisdiction code; inclusion is editorial, not a directive. Volume of regulators per jurisdiction reflects the local supervisory architecture (single-supervisor vs sectoral split) and is not a quality signal.

Regulators indexed in this radar with their jurisdiction and primary-source URLs.
Regulator Jurisdiction Scope Primary source
Bank of England public authority or primary public-source body Bank of England is a public authority or public-source body associated with the regime evidence. View source
Courts of England and Wales public authority or primary public-source body Courts of England and Wales is a public authority or public-source body associated with the regime evidence. View source
European Banking Authority public authority or primary public-source body European Banking Authority is a public authority or public-source body associated with the regime evidence. View source
Financial Conduct Authority public authority or primary public-source body Financial Conduct Authority is a public authority or public-source body associated with the regime evidence. View source
Financial Reporting Council public authority or primary public-source body Financial Reporting Council is a public authority or public-source body associated with the regime evidence. View source
HM Treasury public authority or primary public-source body HM Treasury is a public authority or public-source body associated with the regime evidence. View source
Prudential Regulation Authority public authority or primary public-source body Prudential Regulation Authority is a public authority or public-source body associated with the regime evidence. View source
The Gazette public authority or primary public-source body The Gazette is a public authority or public-source body associated with the regime evidence. View source

Regulatory anchors and supervisory standards

The legal instruments and supervisory standards an institution in this segment must satisfy. Each row links to the primary source — official journal page, supervisor circular, or standards body — with the date the source was last accessed.

Regulatory anchors and supervisory standards covered in this radar, with primary-source links.
Anchor Scope Primary source
FCA PS25/12 Regulation FCA PS25/12 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. View source
FCA CP24/20 Regulation FCA CP24/20 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. View source
FCA 2025/38 Instrument Regulation FCA 2025/38 Instrument is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. View source
HMT PSR review Regulation HMT PSR review is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. View source
PSRs 2017 regulation 23 Regulation PSRs 2017 regulation 23 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. View source
EMRs 2011 regulation 20 Regulation EMRs 2011 regulation 20 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. View source
PESAR 2021 Regulation PESAR 2021 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. View source
CASS 10A.1 Regulation CASS 10A.1 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. View source
CASS 10A.2 Regulation CASS 10A.2 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. View source
CASS 10A.3 Regulation CASS 10A.3 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. View source
CASS 15.1 Regulation CASS 15.1 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. View source
CASS 15.2 Regulation CASS 15.2 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. View source
CASS 15.3 Regulation CASS 15.3 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. View source
CASS 15.4 Regulation CASS 15.4 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. View source
CASS 15.5 Regulation CASS 15.5 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. View source
CASS 15.6 Regulation CASS 15.6 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. View source
CASS 15.7 Regulation CASS 15.7 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. View source
CASS 15.8 Regulation CASS 15.8 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. View source
SUP 3A Regulation SUP 3A is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. View source
SUP 16.14A Regulation SUP 16.14A is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. View source
PERG 15 Regulation PERG 15 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. View source
SYSC 15A Regulation SYSC 15A is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. View source
PRA SS2/21 Regulation PRA SS2/21 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. View source
PSD2 Article 10 Regulation PSD2 Article 10 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. View source
EMD2 Article 7 Regulation EMD2 Article 7 is a regulatory anchor for the Supplementary Safeguarding Regime or its statutory baseline. View source
FCA Approach Document May 2026 draft Standard FCA Approach Document May 2026 draft is a supervisory or guidance source used to interpret the safeguarding regime. View source
EBA-GL-2017-09 Standard EBA-GL-2017-09 is a supervisory or guidance source used to interpret the safeguarding regime. View source
EBA Q&A 2024_7165 Standard EBA Q&A 2024_7165 is a supervisory or guidance source used to interpret the safeguarding regime. View source
Re Allied Wallet Ltd [2022] EWHC 1877 (Ch) Standard Re Allied Wallet Ltd [2022] EWHC 1877 (Ch) is a court judgment interpreting EMRs reg 24 safeguarded-asset pool status. View source
Re Ipagoo LLP [2022] EWCA Civ 302 Standard Re Ipagoo LLP [2022] EWCA Civ 302 is a Court of Appeal judgment interpreting PSRs reg 23 safeguarded-asset pool status. View source

Controls

The control domains those regulatory anchors require. Each control sits at the intersection of one or more regulations and one or more vendor products that implement it.

Control domains required by the regulatory anchors above.
Control What it covers
Account designation The firm must be able to evidence that relevant-funds bank accounts and relevant-assets accounts are opened, named and acknowledged so third parties understand the safeguarding character of the account. Bank of England settlement accounts are treated separately for acknowledgement-letter purposes.
Relevant-funds segregation Relevant funds must not be used for own-account purposes and must be protected through the statutory safeguarding method chosen by the firm.
Liability scoping The firm must allocate relevant funds to clients promptly, track unallocated and unidentified receipts, and calculate individual safeguarding balances without masking negative client balances.
Mixed remittance handling Inbound receipts containing both relevant and non-relevant money require a written policy and daily currency adjustments where relevant.
Safeguarding-method selection The firm may use segregation, approved secure liquid assets, or insurance/comparable guarantee where the statutory and CASS conditions are met.
Third-party diligence The firm must exercise due skill, care and diligence when selecting, appointing and reviewing safeguarding banks, custodians, insurers, guarantors and third-party managers.
Concentration and diversification The firm must consider concentration and diversification across approved banks, custodians, insurers, guarantors and relevant assets.
Internal reconciliation Internal safeguarding reconciliation must be performed as frequently as necessary and at least once per reconciliation day using the firm’s own records rather than bank statements.
D+1 comparison The standard method requires D+1 comparison of segregation requirement and resource and prompt discrepancy resolution, including top-up using own funds where required.
External reconciliation External reconciliation must compare internal records to third-party records at least every reconciliation day and resolve external discrepancies without undue delay.
Books without delay The firm must maintain records and accounts that distinguish relevant funds from other funds and determine client-specific totals promptly and at any time.
Resolution-pack retrieval The CASS resolution pack must be maintained and retrievable by the firm or an insolvency officer as soon as practicable and within 48 hours; specified records should be retrievable immediately.
Resolution-pack content The pack must include a master document, account and counterparty details, agreements, insurers/guarantors, agents/distributors, outsourcing and relevant CASS 15 records.
Monthly safeguarding return Safeguarding institutions must submit a monthly safeguarding return within 15 business days of month-end except for the month in which they become safeguarding institutions.
Annual safeguarding audit Relevant institutions in scope must appoint an independent external auditor and obtain a reasonable-assurance safeguarding report covering CASS 15, CASS 10A, SUP 16.14A and applicable statutory obligations.
Governance owner A director or senior manager must oversee safeguarding compliance; the governing body must receive resolution-pack compliance reporting at least annually and receive the safeguarding audit report.
FCA notifications The firm must notify the FCA on certain insurance/guarantee events, reconciliation failures, unresolved inaccuracies, material shortfalls and inability to comply with the resolution-pack rule.
Group and outsourcing boundary Group members and outsourced providers can hold documents or perform operational functions only if retrieval, access and oversight obligations remain satisfied. Group treasury cannot obscure the statutory safeguarding boundary.

Vendors and products

Named vendors active in this control space and the specific products each ships. Listing is alphabetical within the graph's evidence set; inclusion is editorial, not commercial, and is not a recommendation. Finray Technologies Ltd ships products in this space and is recused from any ranking — see the methodology page for the conflict-of-interest framework.

Vendors and the specific products each ships into this control space.
Vendor Products Vendor source
Tuum Tuum is included in the UK PI/EMI vendor universe; edges are due-diligence support signals only.
  • Tuum core banking — Tuum core banking is a product or service surface mapped to controls only where public material supports the due-diligence question. ( product page )
Vendor site
Mambu Mambu is included in the UK PI/EMI vendor universe; edges are due-diligence support signals only.
  • Mambu core capabilities — Mambu core capabilities is a product or service surface mapped to controls only where public material supports the due-diligence question. ( product page )
  • Mambu Payments — Mambu Payments is a product or service surface mapped to controls only where public material supports the due-diligence question. ( product page )
Vendor site
Thought Machine Thought Machine is included in the UK PI/EMI vendor universe; edges are due-diligence support signals only.
  • Thought Machine Vault Core — Thought Machine Vault Core is a product or service surface mapped to controls only where public material supports the due-diligence question. ( product page )
Vendor site
Corebanq / Finray Technologies Ltd Corebanq / Finray Technologies Ltd is included in the UK PI/EMI vendor universe; edges are due-diligence support signals only. Finray Technologies — recused from ranking
  • Corebanq — Corebanq is a product or service surface mapped to controls only where public material supports the due-diligence question. ( product page )
Vendor site
ReconArt ReconArt is included in the UK PI/EMI vendor universe; edges are due-diligence support signals only.
  • ReconArt reconciliation — ReconArt reconciliation is a product or service surface mapped to controls only where public material supports the due-diligence question. ( product page )
Vendor site
ClearBank ClearBank is included in the UK PI/EMI vendor universe; edges are due-diligence support signals only.
  • ClearBank accounts — ClearBank accounts is a product or service surface mapped to controls only where public material supports the due-diligence question. ( product page )
Vendor site
Modulr Modulr is included in the UK PI/EMI vendor universe; edges are due-diligence support signals only.
  • Modulr accounts/payments — Modulr accounts/payments is a product or service surface mapped to controls only where public material supports the due-diligence question. ( product page )
Vendor site
LHV Bank LHV Bank is included in the UK PI/EMI vendor universe; edges are due-diligence support signals only.
  • LHV safeguarding accounts — LHV safeguarding accounts is a product or service surface mapped to controls only where public material supports the due-diligence question. ( product page )
Vendor site
Currencycloud Currencycloud is included in the UK PI/EMI vendor universe; edges are due-diligence support signals only.
  • Currencycloud platform — Currencycloud platform is a product or service surface mapped to controls only where public material supports the due-diligence question. ( product page )
Vendor site
Audit-firm cohort Audit-firm cohort included for due diligence on SUP 3A safeguarding audit support; not a ranking or independence conclusion.
  • Safeguarding audit services — Safeguarding audit and advisory services are included where audit-firm public materials discuss PS25/12 or safeguarding-audit readiness. ( product page )
Pending
10x Banking 10x Banking is included in the UK PI/EMI vendor universe as a due-diligence comparator.
  • 10x banking platform — 10x banking platform is a product or service surface mapped to controls only where public material supports the due-diligence question. ( product page )
Vendor site
SaaScada SaaScada is included in the UK PI/EMI vendor universe as a due-diligence comparator.
  • SaaScada platform — SaaScada platform is a product or service surface mapped to controls only where public material supports the due-diligence question. ( product page )
Vendor site
Skaleet Skaleet is included in the UK PI/EMI vendor universe as a due-diligence comparator.
  • Skaleet platform — Skaleet platform is a product or service surface mapped to controls only where public material supports the due-diligence question. ( product page )
Vendor site
Pismo Pismo is included in the UK PI/EMI vendor universe as a due-diligence comparator.
  • Pismo platform — Pismo platform is a product or service surface mapped to controls only where public material supports the due-diligence question. ( product page )
Vendor site
Cashbook Cashbook is included in the UK PI/EMI vendor universe as a due-diligence comparator.
  • Cashbook bank reconciliation — Cashbook bank reconciliation is a product or service surface mapped to controls only where public material supports the due-diligence question. ( product page )
Vendor site
Trintech Trintech is included in the UK PI/EMI vendor universe as a due-diligence comparator.
  • Trintech Cadency — Trintech Cadency is a product or service surface mapped to controls only where public material supports the due-diligence question. ( product page )
Vendor site
BlackLine BlackLine is included in the UK PI/EMI vendor universe as a due-diligence comparator.
  • BlackLine reconciliations — BlackLine reconciliations is a product or service surface mapped to controls only where public material supports the due-diligence question. ( product page )
Vendor site
FloQast FloQast is included in the UK PI/EMI vendor universe as a due-diligence comparator.
  • FloQast reconciliation — FloQast reconciliation is a product or service surface mapped to controls only where public material supports the due-diligence question. ( product page )
Vendor site
Marqeta Marqeta is included in the UK PI/EMI vendor universe as a due-diligence comparator.
  • Marqeta card programme infrastructure — Marqeta card programme infrastructure is a product or service surface mapped to controls only where public material supports the due-diligence question. ( product page )
Vendor site
KPMG LLP KPMG LLP is included in the UK PI/EMI audit-firm universe as a SUP 3A safeguarding-audit evidence node. No products listed Vendor site
Ernst & Young LLP Ernst & Young LLP is included in the UK PI/EMI audit-firm universe as a SUP 3A safeguarding-audit evidence node. No products listed Vendor site
Deloitte LLP Deloitte LLP is included in the UK PI/EMI audit-firm universe as a SUP 3A safeguarding-audit evidence node. No products listed Vendor site
BDO LLP BDO LLP is included in the UK PI/EMI audit-firm universe as a SUP 3A safeguarding-audit evidence node. No products listed Vendor site
Grant Thornton UK LLP Grant Thornton UK LLP is included in the UK PI/EMI audit-firm universe as a SUP 3A safeguarding-audit evidence node. No products listed Vendor site
Forvis Mazars LLP Forvis Mazars LLP is included in the UK PI/EMI audit-firm universe as a SUP 3A safeguarding-audit evidence node. No products listed Vendor site
RSM UK RSM UK is included in the UK PI/EMI audit-firm universe as a SUP 3A safeguarding-audit evidence node. No products listed Vendor site
Certificate of Registration NQA · UKAS Management Systems
ISO/IEC 27001:2022 Certificate of Registration issued by NQA to Finray Technologies Ltd, certificate number 215646, valid 21 October 2025 to 21 October 2028
Search
Type to search across Finray, products, company, and journal.

    Press Esc to close · to open the highlighted result.

    Book a briefing 01 / 03

    Step 01

    Identify the institution

    Who is requesting the briefing.