Despite growing adoption across the legal sector, Third-Party Managed Accounts still attract a surprising number of myths. Some are born from unfamiliarity. Some from a natural resistance to changing something that's worked for decades. And some from genuine questions that simply haven't been answered clearly enough.
This guide addresses the ten most common misconceptions we hear from law firms, and sets the record straight with evidence, regulatory clarity, and real-world context.
We've built our reputation on how we handle client money. We're not prepared to hand that over to a third party.
This is the most persistent barrier to TPMA adoption, and it rests on a misunderstanding of how the model actually works.
Using Shieldpay does not mean handing over control. It means redistributing where the burden of safeguarding sits. Your firm still initiates every payment, approves every disbursement, and sets every parameter for how funds move. The TPMA provider holds the money in a regulated, ring-fenced account, but nothing moves without your instruction. You remain in charge of the what, the when, and the who. We handle the how.
In fact, many firms find that a TPMA gives them more visibility than a traditional client account, not less. Matter-level reconciliation, real-time dashboards, full audit trails, and read-only client access are all built in. Compare that to the manual reconciliation process most in-house accounts rely on, and the picture of "control" starts to look different.
True control isn't doing everything yourself. It's having confidence that everything is done right.
At least when the money is in our client account, we know who's responsible for it.
Every provider offering TPMA services must be authorised and regulated by the Financial Conduct Authority as a payment institution. This is not optional and it is not a light-touch regime. You can verify any provider's status on the FCA register in minutes.
As an FCA-regulated payment institution, Shieldpay is subject to the Payment Services Regulations 2017, which require us to hold client funds in safeguarded accounts, completely separate from our own operational funds. We undergo independent safeguarding audits, maintain adequate capital, and are required to report regularly to the FCA on the effectiveness of our risk management framework.
This is a materially different risk profile from a traditional client account, where the firm itself carries the full regulatory liability for safeguarding. Any error, even an unintentional one, can result in SRA disciplinary action. Under a TPMA model, the regulatory responsibility for safeguarding shifts to the FCA-regulated provider. Your firm still has a duty to act in your clients' best interest and to meet your regulatory obligations, but with more control and traceability and less operational risks of handling funds and independent oversight by a FCA regulated party.
The question of where money is "safer" deserves honest scrutiny. High-profile firm collapses, including Axiom Ince, demonstrated that client accounts held in a firm's own name are not automatically more secure. The structure that makes them feel familiar is the same structure that makes them vulnerable.
How do we know a private company's commercial interests won't come before our clients' best interests?
FCA-regulated payment institutions are subject to principles that closely mirror, and in some respects go further than, those governing SRA-regulated firms. The Consumer Duty requires that fees charged represent fair value relative to the services delivered. We cannot simply extract profit from safeguarded funds. We are required to demonstrate that our pricing reflects the outcomes we deliver.
The funds Shieldpay holds are classified as "safeguarded funds," not deposits. That means they are ring-fenced from our balance sheet, insolvency-remote, and cannot be used for any commercial purpose. We hold client money with our banking partners including Citi and ClearBank. There is no mechanism by which commercial considerations can override our obligation to protect those funds.
More practically, our business depends on the trust of law firms who are themselves regulated, commercially sophisticated, and accountable to their own clients. The incentive to act in clients' interests isn't just regulatory. It's existential. Over 40 of the UK's top 100 law firms work with us, and more than £18 billion in transactions has passed through our platform. That track record doesn't survive if client outcomes are treated as secondary.
We've got our own processes for fraud prevention. We don't need a third party to do it for us.
Law firms are among the most targeted organisations in the UK for financial fraud. According to data from Shieldpay's own research, 75% of UK law firms experienced a cyber attack in the last 12 months, and over 75% of cybercrime incidents reported were linked to client accounts specifically. The volume and value of money moving through those accounts makes them an obvious target.
The honest reality is that fraud prevention requires dedicated expertise, specialist tools, and continuous investment. Most law firms, even large ones, are not built to be financial crime specialists. Unless a firm can afford to hire experienced and skilled financial crime professionals and keep them up to date with evolving typologies, there's a ceiling on what in-house processes can realistically achieve.
Our platform includes KYC screening, Confirmation of Payee (CoP) bank account validation to prevent misdirected payments, transaction monitoring designed around the specific fraud typologies targeting law firms, mandatory multi-factor authentication on all payment authorisations, and continuous monitoring of suspicious activity patterns. These controls are built into every transaction, not applied selectively. We act as a last line of defence, and our 2024 AML audit returned a score of 99.66%.
No system is 100% impervious to a determined fraudster. But the combination of specialist expertise, dedicated tooling, and regulatory oversight represents a materially stronger position than most firms can maintain in-house.
When money is in our named client account, we know exactly where it is and what protections are in place.
A TPMA is a bank account. It just sits in the name of the TPMA provider rather than your firm. The key difference is what happens to those funds if something goes wrong.
The first thing to be clear about: Shieldpay is not a bank. We are an FCA-regulated payment institution. That means client funds are not protected by the Financial Services Compensation Scheme (FSCS) in the event that Shieldpay itself becomes insolvent. This is a requirement the FCA is explicit about, and we make no attempt to obscure it. What protects your clients' funds in that scenario is safeguarding, which is a legally separate and robust protection in its own right.
Under FCA safeguarding rules, Shieldpay holds all client funds in ring-fenced accounts, completely segregated from our own operational money, with our banking partners including Citi and ClearBank. Those funds are insolvency-remote: they cannot be used to meet Shieldpay's creditors in the event of our insolvency. The Payment and Electronic Money Institution Insolvency Regulations 2021 provide a further statutory framework ensuring safeguarded funds remain protected throughout any insolvency process, with a structured wind-down to return funds to entitled parties or transfer them to another regulated provider.
The protection model for a TPMA is therefore different from a traditional bank account, but it is not weaker. Safeguarding is a dedicated, regulated protection mechanism designed specifically for payment institution clients. Combined with our ISO 27001:2022 certified security infrastructure, multi-cloud architecture, £100 million aggregate professional indemnity cover, and £100 million aggregate crime cover, the overall protection framework is substantial.
The right question isn't whether the protection is familiar. It's whether it is fit for purpose. On that measure, the case for safeguarding as a primary protection model is well grounded in both regulation and practice.
Outsourcing introduces a dependency we can't control. That's a new risk we'd be taking on.
Outsourcing always carries some element of risk. The question is whether those risks are smaller or larger than the risks of keeping everything in-house. In the context of client money management, the evidence strongly favours a specialist third party.
When you manage client funds yourself, your firm carries full regulatory liability for safeguarding under the SRA Accounts Rules. Any mismanagement, whether due to process failure, human error, or fraud, can result in disciplinary action, reputational damage, and financial liability to clients. The Compensation Fund offers a backstop for consumers, but its cost is passed back to firms.
When you use Shieldpay, the regulatory responsibility for safeguarding client funds transfers to an FCA-regulated provider with dedicated expertise, specialist infrastructure, independent audits, and comprehensive insurance coverage. Your firm retains visibility and authorisation rights over every transaction, and remains subject to its own SRA obligations and duties to clients. What changes is that the specific operational burden of holding, reconciling, and safeguarding client money no longer sits with your accounts team. That's a meaningful reduction in workload and in the risk of error, even if it isn't a wholesale transfer of your firm's compliance responsibilities.
The practical benefits are substantial too. According to Shieldpay's Time is Money research, 73% of legal professionals are concerned about the risks and time costs of holding client funds. 42% say due diligence is the most time-intensive part of managing payments. KYC checks alone take two to three working days for 40% of firms, and four to nine days for a further 32%. Those hours are non-billable. They represent a real and ongoing cost that outsourcing can eliminate.
We've managed client money this way for decades. Why change something that works?
The client account has served the profession well. That's not in dispute. But "tried and tested" is a description of the past, not a guarantee for the future, and the conditions that made it work are changing faster than many firms have noticed.
Start with what your peers are actually doing. According to Shieldpay's research, 49% of top UK law firms already outsource their client account function to a paying agent, escrow provider, or banking partner. 36% have introduced internal rules restricting the types of transactions they'll run through their own client account. The tradition argument doesn't reflect what the market is doing. It reflects what the market used to do.
Then consider the regulatory direction of travel. The SRA paused immediate structural reform in September 2025, but it was explicit that its long-term ambition to reduce reliance on client accounts remains unchanged. The consultation cited risks of financial crime, consumer harm, and systemic vulnerability as the drivers. Firms that wait for a mandate before exploring alternatives will face a compressed timeline to adapt, with less choice about how they do it.
There's also a client expectation dynamic worth addressing. The SRA's own consumer research found that while client accounts were perceived as transparent, this did not translate into greater confidence or trust. Participants in the research actually expressed a preference for TPMAs as a way to reduce risk, with many willing to pay a small premium for the added protection. The assumption that clients want their money held by the firm is, in many cases, incorrect.
Finally, the cost of the status quo is higher than it appears. Every hour spent on reconciliation, compliance reporting, and KYC administration is an hour not spent on billable work. 59% of firms in Shieldpay's research say they hold themselves to higher standards than regulation requires and are actively looking for better ways to manage client money. Those firms are already asking different questions. The firms still waiting are, by definition, already behind them.
We can't afford delays. Every hour counts when a transaction is live. We need payments to move when we need them to move — not when a third party is ready."
Speed matters. We understand that. Which is why Shieldpay uses the same payment infrastructure as any high street bank, without adding extra steps or delays.
For payments up to £1 million, we use Faster Payments, which settles in seconds. For larger amounts, we use CHAPS, the same-day settlement system used for high-value transactions across the UK. For international payments, we work to the same cut-off times as the banks, with coverage across 86+ jurisdictions and support for SWIFT, SEPA, and other major payment rails.
The experience from your firm's perspective is not materially different from using a bank portal: you enter the payment details, confirm the instruction, and the payment is made. The difference is that the compliance controls, KYC checks, and reconciliation are automated around that process, rather than sitting as a separate workload for your accounts team.
If anything, the speed advantage runs in the other direction. Manual KYC processes in-house take days. Shieldpay's digital onboarding automates verification for payers and payees, with real-time status updates and a full audit trail throughout. For complex, multi-party transactions, the time saving is significant.
We can't just rip out our existing processes. The operational lift would be enormous.
This is one of the most common concerns we hear, and one of the easiest to address. You don't have to replace anything.
A hybrid model, where you keep your client account for routine, low-risk transactions and use a TPMA for complex, high-value, or multi-party work, is explicitly permitted by the SRA, provided clients are informed about how their money is being held. The SRA's own consultation documentation referenced the growing number of firms asking about parallel operation.
In practice, many firms start small. They trial Shieldpay on a single matter type, perhaps a litigation settlement or an M&A transaction, assess the impact, and build confidence before expanding. There is no commitment to go further than the use case where the benefit is most immediate.
This approach also means the operational lift is manageable. Shieldpay provides consultative onboarding, workflow mapping to identify where the Payment Account can be integrated without disruption, training for finance, compliance, and fee earner teams, and ongoing support. You start with the transactions that carry the most risk or consume the most time. You prove the benefit. You decide how far to go.
For firms that do ultimately move toward full payment account adoption, the additional benefits are compelling: elimination of the annual accountant's report requirement, potential reduction in professional indemnity premiums, and removal of SRA Compensation Fund contribution obligations. But that's a destination, not a starting requirement.
Interest on client balances is a real commercial consideration. We can't ignore it.
The Law Society's Financial Benchmarking Survey shows that net interest income across the sector rose by over 1,000% in a single year, from £2.6 million in 2022 to £27.5 million in 2023. For many firms, that income has become meaningful. It would be wrong to pretend otherwise.
But the picture isn't as straightforward as it first appears. Funds held in a TPMA are classified as safeguarded funds rather than deposits, which means TPMA providers cannot pay interest in the traditional sense. What Shieldpay can do, and does, is share the income earned on safeguarded balances with firms and, where appropriate, with their clients. Rates vary in line with the base rate and will differ between providers, but the principle is the same: clients don't have to be worse off.
There's also the other side of the ledger to consider. Full payment account adoption eliminates the annual independent audit costs associated with client money handling. It can reduce professional indemnity insurance premiums. And it removes the SRA Compensation Fund contribution obligation. Those are real savings that need to be weighed against any difference in interest income.
The commercial case isn't automatic in either direction. It depends on your firm's balance profile, practice mix, and risk appetite. What we'd encourage any firm to do is model the full picture before assuming the client account wins on income grounds. In many cases, particularly for firms handling complex or high-value transactions, the numbers look different on examination.
Shieldpay works with law firms as a payments partner, not just a service provider. Whether you're exploring a hybrid model for a specific use case or want to understand the full picture on payment account adoption, our team can walk you through the options without pressure.
Talk to a Shieldpay specialist at sales@shieldpay.com
Shieldpay Ltd is authorised and regulated by the Financial Conduct Authority under the Payment Services Regulations 2017 (firm reference number 770210). Shieldpay Trustee Services Limited is registered and supervised by HMRC as a Trust Services Provider (firm reference number XKML00000214627).