CASS 15: What are my safeguarding audit obligations?
5 Sep 2025 • Audit and Assurance • Financial Services • Safeguarding Audits
Written by
In August, the FCA officially published its long-awaited policy statement, PS 25/12, which sets out the changes to the Safeguarding regime for payments firms that are responsible for safeguarding relevant funds. Here, we explore some of the key changes to audit requirements.
Background
See here for our summary of key changes which come into effect on 7 May 2026.
In the table below we have highlighted the key impacts that the policy changes will have on the safeguarding audit regime for payments firms.
Which type of firm will require a safeguarding audit? | The audit requirement applies to: 1. Authorised Payment Institutions (APIs) that are authorised to carry out payment services other than payment initiation services or account information services; 2. Electronic Money Institutions (EMIs) Other safeguarding institutions are still required to have in place adequate arrangements to safeguard relevant funds. Voluntarily arranging an audit may help ensure that these obligations are met. |
Are there any exemptions? | If a Payments firm has not been required to safeguard more than £100,000 of relevant funds at any time over a period of at least 53 weeks, it will not have to arrange a safeguarding audit. |