Payment and E-Money Firms Safeguarding Audit


Payment and E-Money Firms Safeguarding Audit

This page was last updated on June 2, 2023
Since 2021, the Financial Reporting Council (FCA) has required firms covered by The Payment Service Regulations and Electronic Money Regulations to have an ‘Annual Audit of Compliance with Safeguarding Requirements’. Here we explain the implications.


Back in July 2020, the FCA released guidance for firms covered by the Payment Service Regulations (PSR) and Electronic Money Regulations (EMR) indicating they expected regulated institutions to arrange specific annual audits of their compliance in line with the safeguarding requirements of the PSR/EMR.

In 2021, this became a requirement with the FCA expecting firms to perform an independent safeguarding audit on an annual basis.  Interestingly, auditors had already had a responsibility to report to the FCA any breaches they found under the PSR or EMR which were of material significance. However, no separate client money (CASS) style audit had been required.


When the FCA stipulated the requirement for safeguarding audits, it didn’t give clear guidance on the content of the audit, or the format its report should take. Even now, the FCA has still not provided details of the period the assurance opinion should cover.

The FCA does, however, expect that most firms may wish to align the period with their accounting year-end.

Neither the temporary guidance published in July 2020, nor the consultation in January 2021, set out the timing of the reports –  including a deadline for when the reports should be submitted.

Similar to Client Asset (CASS) reports, it may be reasonable to assume the safeguarding audit should be completed within 4 months of the period end date to mirror the CASS regime requirements, with the report itself following a similar format.


In this regard the FCA uses the term ‘audit’, which is usually reserved for statutory audits, or CASS audits where there is a specific audit framework. Saying that, no audit standard has been issued by the FCA.

The FCA guidance simply requires that the firm is to ask the auditor to provide an opinion addressed to the firm on:

This is very similar wording to a Reasonable Assurance Client Money (CASS) audit. The approach to the engagement has similarities and involves an examination of the various safeguarding provisions during the year, and at the end of the period. This is to ensure the firm has controls in place and has complied with them.

At the end of the engagement, the auditor then provides a letter addressed to the firm covering the points mentioned above.


Shipleys has been working with many firms affected by this requirement and has a track-record in conducting robust and reliable safeguarding audits to meet the FCA’s requirements. Please get in touch if you would like further information.

Specific advice should be obtained before taking action, or refraining from taking action, in relation to this summary. If you would like advice or further information, please speak to your usual Shipleys contact.

Copyright © Shipleys LLP 2023

Current Issues

autumn leaves on the ground and falling 2023 Autumn statement

The Chancellor’s 2023 Autumn Statement

An overview of the key announcements and their implications for businesses and individuals.
keyboard with a 'common mistakes' button

Common Mistakes and Misassumptions with Real-Time Information (RTI) Reporting

Over the past decade, Real-Time Information (RTI) has greatly improved Pay As You Earn (PAYE) reporting processes. Common mistakes and misassumptions can, however, trip up employers.
ecommerce on a phone with boxes

E-commerce transactions with the EU – fresh VAT implications

The EU has released fresh proposals around its VAT in the Digital Age (ViDA) plans - potentially impacting those UK businesses trading in the EU bloc.