For years, safeguarding was treated as a compliance formality – a policy document reviewed annually, a box ticked ahead of audits. That era is over. The FCA’s CASS 15 deadline arrives on 7 May 2026, shifting compliance from annual audit cycles into everyday operations.
The new requirements will strengthen how firms protect customer funds and assets, moving beyond box-ticking compliance toward demonstrable, ongoing control and accountability. It will require firms to implement more robust governance, enhanced record-keeping, regular reconciliation, and clearer evidence that client assets are properly segregated and always protected.
For payment and e-money firms, safeguarding has shifted from a back-office policy exercise to an execution challenge, and the urgency is real.
Go deeper with GlobalData
Access deeper industry intelligence
Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.
AutoRek’s Future of Payment Operations report found that only 33% of organisations say they are fully prepared for upcoming safeguarding and client money deadlines. Half report that implementation is still in progress. The data exposes a clear gap between regulatory expectation and operational reality.
The infrastructure gap
Most payments leaders understand what CASS 15 requires: daily internal and external fund reconciliations, clear segregation of customer funds, and demonstrable audit trails. The problem is that the infrastructure needed to consistently deliver this simply doesn’t exist within most firms.
Fragmented data disrupts operations at 80% of payments firms. Where systems can’t reconcile automatically, real-time visibility breaks down. Without it, firms cannot demonstrate that client funds are properly segregated at any given moment, which is precisely what CASS 15 demands. Legacy systems and third-party processor limitations are the primary culprits, preventing the real-time visibility that safeguarding demands.
Fragmented data doesn’t just slow reconciliation. Instead, it creates blind spots that become apparent under regulatory stress.
Why manual workarounds won’t solve it
Compounding this problem is that many firms are reliant on manual workarounds and spreadsheet driven reconciliation, with 69% citing this as their biggest scalability constraint. For them, the shift to CASS 15 is not an incremental upgrade.
As transaction volumes continue to rise, labour-intensive processes don’t just increase in cost. They introduce disproportionate operational risk. Each new payment channel, each additional data source, each exception requiring manual investigation adds burden without adding control.
CASS 15 requires firms to demonstrate that safeguarding is embedded in daily operations, not bolted on at month-end. That means automated data pipelines capable of ingesting and validating data across multiple sources in real time. It means exception monitoring that flags discrepancies immediately, not during the next batch run. And it means audit trails that capture every transaction decision automatically, not reconstructed retrospectively ahead of a regulatory review. Spreadsheet-driven reconciliation cannot simultaneously keep pace with rising transaction volumes and meet daily compliance obligations.
Without automation, operations cannot sustainably scale to meet demand. Legacy architecture simply wasn’t built for this.
Safeguarding readiness as competitive differentiator
Our survey reveals that 84% of payments organisations anticipate that their safeguarding controls will require updates within the next 12 months due to regulatory evolution. CASS 15 marks the starting point for a sustained period of heightened scrutiny.
Firms that treat safeguarding as a point-in-time compliance exercise will find themselves on the back foot as requirements continue to progress. Those that embed safeguarding into their control frameworks are building infrastructure that adapts as regulations change, reduces cost per transaction as volumes grow, and supports growth under sustained regulatory pressure.
Safeguarding readiness, in this context, becomes a competitive differentiator. Institutional clients, payment partners, and retail customers increasingly often make decisions based on the operational credibility of the firms they work with. Demonstrating robust, automated safeguarding controls moves beyond satisfying the FCA to building the trust that sustains long-term commercial relationships.
Prepared vs unprepared
With less than two months until the CASS 15 deadline, the firms still in planning or early implementation stages are running out of time. Each step of the process – assessing infrastructure gaps, selecting and implementing solutions, educating teams, and validating controls – needs time to ensure this is right.
The firms investing in safeguarding now aren’t just meeting a deadline. They are operationally stronger, better positioned to absorb future regulatory change, and more trusted by the clients they serve. May 2026 will make the division between the two groups impossible to ignore.
Nick Botha, VP Payments and Retail Banking, AutoRek
