CASS 15: A Practical Guide to the New Safeguarding Rules

The FCA’s introduction of CASS 15 marks the most significant shift in UK client‑asset protection for fintechs since the 2013 overhaul of the Client Assets Sourcebook. By extending the rigorous safeguarding framework traditionally reserved for investment firms to payment institutions, e‑money providers and credit unions, regulators aim to eliminate the protection disparity that has plagued the sector. The move follows a series of high‑profile failures where inadequate fund segregation left consumers exposed, prompting a consultative process that culminated in the August 2025 final rules.

CASS 15’s operational demands are extensive. Firms must secure an annual audit from a registered audit firm, a departure from the previous practice of allowing non‑audit entities. Monthly reporting to the FCA introduces a continuous data‑flow requirement, while daily internal reconciliations and the mandatory use of statutory trusts replace the legacy segregated‑account model. These changes necessitate substantial IT upgrades, new governance structures, and documented wind‑down plans, driving compliance budgets upward. For organizations with client funds exceeding £100,000 (about $127,000), the cost of audit, reporting infrastructure, and staff training will be a material line‑item.

Strategically, firms should treat CASS 15 as a catalyst for broader operational maturity rather than a mere checklist. Early gap analyses, swift appointment of qualified auditors, and phased technology rollouts will mitigate implementation risk. Advisors and accountants can add value by guiding clients through policy rewrites, risk‑based training programs, and contingency planning. As the market adapts, firms that embed the new safeguards into their culture will not only avoid penalties but also differentiate themselves in a competitive fintech landscape where consumer trust is increasingly tied to regulatory rigor.