Payment and E-Money Firms Safeguarding Audit

The FCA now requires firms covered by Payment Service Regulations and Electronic Money Regulations to have an ‘Annual Audit of Compliance with Safeguarding Requirements’

16 February 2021


In July 2020, the FCA released some finalised guidance for firms covered by the Payment Service Regulations (PSR) and Electronic Money Regulations (EMR) with respect to Coronavirus. The document set out expectations on how firms under these rules should manage safeguarding customers’ funds, but for the first time included a requirement for these firms to have an ‘Annual Audit of Compliance with Safeguarding Requirements’.

The full guidance can be read here

Auditors already had a responsibility to report to the FCA any breaches they found under the PSR or EMRs which are of material significance to the FCA, but there was no separate client money (CASS) style audit required.


A fresh development

So it is quite an unusual situation that the FCA have asked EMI and PSR firms to have an 'audit' of their safeguarding arrangements, but without any clear guidance on the content of the audit or the format of the report.

It's also a little unclear when this applies from and when the deadline is. We are assuming that it is 4 months after the year end, in line with other similar FCA reporting requirements, and applies to year ends from July 2020.



The FCA uses the term 'audit', which is usually reserved for statutory audits, or CASS audits where there is a specific audit framework, but there is no audit standard by the Financial Reporting Council in this instance.

The FCA guidance requires that the firm is to ask the auditor to provide an opinion addressed to the firm on:

This is very similar wording to a Reasonable Assurance Client Money (CASS) audit. The approach to the engagement will therefore be similar, and will involve an examination of the various safeguarding provisions during the year and at the end of the period, to ensure the firm has controls in place and has complied with them. At the end of the engagement, the auditor will provide a letter addressed to the firm covering the points mentioned above.


Can we help?

Shipleys works with a number of firms affected by this new requirement and we will be working with our clients on the new safeguarding audit obligation. Please get in touch if you would like further information.


Specific advice should be obtained before taking action, or refraining from taking action, in relation to this summary. If you would like advice or further information, please speak to your usual Shipleys contact.

Copyright © Shipleys LLP 2021

Current Issues

Women missing out on state pension

Thousands of women are thought to have been underpaid the state pension, thanks to a rule change in 2008 and computer errors.

Insolvency, Restructuring and Refinancing – IBSA Conference 2021

Shipleys is delighted to sponsor the International Business Structuring Association's (IBSA) Autumn conference, with Ben Bidnell joining the panel of expert speakers.
Autumnal leaves.

Pension freedom age to rise

The earliest age at which you can withdraw cash from a private pension, without facing tax penalties, is set to increase from 55 to 57 on 6 April 2028.