Payment and E-Money Firms Safeguarding Audit


Payment and E-Money Firms Safeguarding Audit

This page was last updated on June 2, 2023
Since 2021, the Financial Conduct Authority (FCA) has required firms covered by The Payment Service Regulations and Electronic Money Regulations to have an ‘Annual Audit of Compliance with Safeguarding Requirements’. Here we explain the implications.


Back in July 2020, the FCA released guidance for firms covered by the Payment Service Regulations (PSR) and Electronic Money Regulations (EMR) indicating they expected regulated institutions to arrange specific annual audits of their compliance in line with the safeguarding requirements of the PSR/EMR.

In 2021, this became a requirement with the FCA expecting firms to perform an independent safeguarding audit on an annual basis.  Interestingly, auditors had already had a responsibility to report to the FCA any breaches they found under the PSR or EMR which were of material significance. However, no separate client money (CASS) style audit had been required.


When the FCA stipulated the requirement for safeguarding audits, it didn’t give clear guidance on the content of the audit, or the format its report should take. Even now, the FCA has still not provided details of the period the assurance opinion should cover.

The FCA does, however, expect that most firms may wish to align the period with their accounting year-end.

Neither the temporary guidance published in July 2020, nor the consultation in January 2021, set out the timing of the reports –  including a deadline for when the reports should be submitted.

Similar to Client Asset (CASS) reports, it may be reasonable to assume the safeguarding audit should be completed within 4 months of the period end date to mirror the CASS regime requirements, with the report itself following a similar format.


In this regard the FCA uses the term ‘audit’, which is usually reserved for statutory audits, or CASS audits where there is a specific audit framework. Saying that, no audit standard has been issued by the FCA.

The FCA guidance simply requires that the firm is to ask the auditor to provide an opinion addressed to the firm on:

This is very similar wording to a Reasonable Assurance Client Money (CASS) audit. The approach to the engagement has similarities and involves an examination of the various safeguarding provisions during the year, and at the end of the period. This is to ensure the firm has controls in place and has complied with them.

At the end of the engagement, the auditor then provides a letter addressed to the firm covering the points mentioned above.


Shipleys has been working with many firms affected by this requirement and has a track-record in conducting robust and reliable safeguarding audits to meet the FCA’s requirements. Please get in touch if you would like further information.

Specific advice should be obtained before taking action, or refraining from taking action, in relation to this summary. If you would like advice or further information, please speak to your usual Shipleys contact.

Copyright © Shipleys LLP 2023

Current Issues

Financial Services sector - digital style image image of graphs, numbers etc

Financial Services Update – May 2024

In this issue we cover the latest FCA developments and guidance notes for the sector.

Property update: Spring 2024

Our property specialists give a round-up of the latest developments and tax changes for property owners

Preparing for the 2025 scrapping of non-domiciled status

Chancellor Jeremy Hunt’s March Budget included an announcement that non-domiciled tax status is to be abolished.