Toggle mobile menu Open search

CASS 15 Hub

Your essential resource for CASS 15 news and commentary

Home /  CASS 15 Hub

From May 2026, the new CASS 15 rules from the Financial Conduct Authority (FCA) have overhauled the safeguarding regime for payments firms and e-money firms. 

As part of these changes, all authorised payments institutions (APIs) and e-money institutions (EMIs) require an external audit of safeguarding practices each year.

For firms within the scope of CASS 15, the changes are a huge step up from the previous safeguarding requirements. Our specialists in safeguarding audits are here to ease the pressure, ensuring that your business is compliant with the CASS 15 regulations.

What do the new CASS 15 requirements include?

  • An annual external audit of safeguarding practices
  • More detailed record keeping and daily reconciliations
  • Maintaining a schedule of breaches
  • Regular client money and asset returns (CMAR)
  • Maintaining a CASS resolution pack

An introduction to CASS 15

Safeguarding audit specialists Jon Wedge, Alisha O’Donovan and Elana Dimmer take you through:

  • Why the FCA has introduced CASS 15, a new chapter to its Client Asset Sourcebook
  • Key changes from the existing legislation
  • The impact on existing payments firms and e-money firms
  • Practical steps that existing firms should take
  • What should new applicants be aware of

What should firms do to comply with CASS 15?

As part of your new processes, two areas of particular importance are the CASS resolution pack and the schedule of breaches.

Daily reconciliations CASS resolution pack Schedule of breaches

One of the most fundamental operational shifts under CASS 15 is the requirement for daily reconciliations, both internal and external. EMIs must also maintain stronger books and records. This will ensure that safeguarding liabilities and funds can immediately be identified at any point in time, as well as allowing effective completion of regulatory returns.

In the event of insolvency, the pack will assist liquidators in the orderly wind-down of the firm. Key information in the pack would include clear directions to ensure the safe return of relevant funds.

The pack needs to be accurate, compliant and up to date: material changes should be made within five days. The pack is a window into your firm, so it’s important for you to make the right impression on the FCA from the start.

To help your business meet the FCA’s reporting requirements for breaches – in the annual safeguarding audit report, in the monthly CMAR, and as soon as you become aware of them – we recommend that your schedule of breaches report be continually reviewed. This will ensure that the audit report isn’t the first time that ‘Those Charged with Governance’ (e.g. your board of directors) are made aware of breaches identified internally.

The FCA will consider an empty schedule of breaches as more of a red flag than one with breaches. This is because an empty schedule would indicate that your firm’s systems and controls are not effective enough to identify breaches.

Under CASS, any discrepancy at all must be reported, along with the remedial action taken.

The top 5 boardroom questions every EMI CEO should be asking

Based on our specialist experience of working with e-money institutions, and our insight into CASS 15, here are the top five questions that CEOs should be asking at board level.

Read our insight

Immediate actions to take

  • Undertake a gap analysis, bridging where you are now to the new rules
  • Engage qualified professionals, consultants, and auditors in order to help you put a plan in place to bridge those gaps
  • Make sure that safeguarding is a standing board agenda item

More details about what the new rules mean for e-money institutions (EMIs), our experts’ view on CASS 15 and the advantages of preparing your business early.

How BKL can help

Our financial services and fintech audit specialists work closely together, sharing knowledge and supporting clients as a team.

We can apply our years of experience working with and auditing EMIs to ensure that your business is compliant with CASS 15 and other FCA regulations.

By working closely with regulatory advisers and solicitors who also specialise in financial services and CASS rules, we’ll give you extensive support throughout your fintech’s journey.

Together we will reduce the stress around regulatory compliance, freeing you to focus on innovating, helping your customers and securing your EMI’s future.

If you want to discuss how we can help you please speak to your usual BKL contact or use the form below.

Webinar Replay

Designed to help senior leadership and board members understand the upcoming changes and ensure their firms are equipped for compliance and safeguarding audits.

Watch webinar replay

You may find of interest

London Financial area

FRC interim guidance for EMI safeguarding audits – our key takeaways

 

Read more

What could the new CASS Assurance Standard mean for EMIs?

 

Read more

 

Motion over bridge

Your first CASS 15 audit: helping you comply with the new rules

 

Read more

EMIs, audit requirements and CASS 15: Webinar replay

 

Watch webinar

Our services

audit

Audit & Assurance

 

Read more

Financial Services

 

Read more

Our experts

Jon Wedge

Head of Financial Services

Jon’s profile

Alisha O’Donovan

Assurance Director

Alisha’s profile

Elana Dimmer

Assurance Senior Manager

Elana’s profile

Contact Jon

What is CASS 15 in technical terms?

CASS 15 is a new section of the Financial Conduct Authority’s Client Assets Sourcebook that sets out enhanced safeguarding rules for e-money institutions and payment firms to better protect customer funds.

What is CASS 15 in simple terms?

CASS 15 is a set of FCA rules that require payment and e-money firms to properly protect customer money, with clearer processes, stronger oversight, and independent audits.

Why have the FCA introduced CASS 15?

The FCA have introduced CASS 15 to improve consumer protection, increase transparency, and address weaknesses in how some firms safeguard customer funds.

When did CASS 15 come into force in the UK?

CASS 15 came into force in May 2026. Firms that didn’t prepare well in advance should take action now to ensure compliance.

Which firms need to comply with CASS 15?

CASS 15 applies to UK e-money institutions (EMIs), authorised payment institutions (APIs), and some small payment institutions (SPIs) that safeguard customer funds.

What is CASS 15 safeguarding?

CASS 15 safeguarding refers to the rules and processes firms must follow to protect customer funds, including segregation, governance, controls, and audit requirements.

What are the key CASS 15 requirements?

Key requirements include stronger governance, clear safeguarding policies, segregation of funds, regular reconciliations, enhanced record-keeping, and mandatory safeguarding audits.

How is CASS 15 different from previous FCA safeguarding rules?

CASS 15 has introduced a more structured and auditable framework, with clearer rules, stronger governance expectations, and mandatory audits, replacing the more principles-based approach.

What does CASS 15 mean in practice for firms?

In practice, firms need to formalise and strengthen safeguarding frameworks, improve documentation, enhance controls, and prepare for independent audits.

What changes do firms need to make under CASS 15?

Firms may need to update policies, strengthen governance, improve reconciliations, enhance documentation, and ensure full audit readiness.

What is a CASS 15 audit?

A CASS 15 audit is an independent review of a firm’s safeguarding arrangements to ensure customer funds are properly protected and FCA requirements are met.

Do EMI firms need a safeguarding audit under CASS 15?

Yes. E-money institutions will be required to undergo formal safeguarding audits under CASS 15.

How do you prepare for a CASS 15 audit?

Preparation includes conducting a gap analysis, reviewing controls, strengthening governance, documenting processes, and testing audit readiness.

How long does it take to prepare for CASS 15 compliance?

Preparation can take several months depending on the complexity of the firm’s safeguarding arrangements and existing maturity.

How much work is required to become CASS 15 compliant?

The level of effort varies. Firms with less developed safeguarding frameworks may require significant remediation, while more mature firms may need targeted improvements.

When should firms start preparing for CASS 15?

Firms should start as early as possible to allow time for gap analysis, implementation, and audit readiness ahead of the 2026 deadline.

Do firms need to act now on CASS 15?

Yes. Early action is recommended, as implementing governance, control, and audit changes can take significant time.

What are safeguarding reconciliations and why are they important?

Safeguarding reconciliations ensure that customer funds held match internal records. They are critical for demonstrating that funds are properly protected.

What are the main safeguarding methods under FCA rules?

Firms typically safeguard funds through segregation in designated accounts or through insurance or comparable guarantees.

What are the FCA safeguarding rules for payment institutions?

FCA rules require firms to protect customer funds, maintain accurate records, perform reconciliations, and ensure funds are accessible if the firm fails.

What are the biggest risks under CASS 15?

Key risks include weak governance, poor documentation, failed audits, inaccurate reconciliations, and increased FCA scrutiny.

What happens if a firm does not comply with CASS 15?

Non-compliance may result in FCA enforcement action, financial penalties, reputational damage, and operational restrictions.

What happens if you fail a CASS 15 audit?

Failing an audit can lead to remediation requirements, increased regulatory scrutiny, and potential enforcement action.

Does CASS 15 increase regulatory scrutiny?

Yes. CASS 15 increases FCA oversight, with greater focus on governance, documentation, and audit evidence.

Did I already comply with CASS 15 requirements?

Most firms will have needed to enhance governance, controls, and documentation to meet the new standards.

Can smaller firms take a simplified approach to CASS 15?

While proportionality may apply, all firms must still meet core safeguarding requirements and demonstrate effective protection of customer funds.

How can firms assess their readiness for CASS 15?

Firms can conduct a gap analysis of their safeguarding framework, controls, governance, and documentation against CASS 15 requirements.

How can firms ensure CASS 15 compliance?

Firms should strengthen safeguarding frameworks, improve controls, prepare for audit, and seek expert advice where needed.

Who can help with CASS 15 compliance and audits?

Specialist advisers such as BKL can support with readiness assessments, gap analysis, audit preparation, and ongoing compliance.

Stay informed. Make better decisions.

By signing up to BKL’s news and insights, you’ll receive clear, expert commentary that cuts through the noise. Whether it’s changes in tax, developments in property, or emerging trends in sectors like fintech, our updates are designed to keep you informed, prepared, and one step ahead.

Inbox on a laptop