Skip to content
Close
Sign in
Contact us
Sign in
Contact us

Solutions

Applications

Resources

Shieldpay is CASS 15 compliant

On 7 May 2026, the FCA's new CASS 15 regime came into force. For payment institutions and e-money firms across the UK, it represents the most significant overhaul of safeguarding requirements in years.

Shieldpay operates in line with its regulatory obligations under the CASS 15 regime as of the effective date.

This page sets out what the regime actually requires, what it means for law firms using a third-party managed account, and why at Shieldpay we're treating compliance as the starting point rather than the destination.

CASS 15 Compliance - round corners
CASS 15 Compliance 2 - round corners

What is CASS 15?

CASS 15 is the FCA's new Supplementary Safeguarding Regime for payment institutions (PIs) and e-money institutions (EMIs), introduced through Policy Statement PS25/12. It replaces the previous safeguarding framework that operated under the Payment Services Regulations and Electronic Money Regulations.

The intent is straightforward: bring the safeguarding standards applied to PIs and EMIs in line with the rigorous client asset protections that have long applied to investment firms. If you're familiar with CASS 7 (the client money rules for MiFID firms), CASS 15 is the closest equivalent for the payments sector.

The practical effect is that safeguarding is no longer a compliance-only activity. It becomes a core governance obligation.

What's actually changed

  • From "adequate" to daily reconciliations.
    The previous regime required reconciliations at an "adequate" frequency. Deliberately vague. CASS 15 mandates daily reconciliations using a standardised methodology. There's no longer room for interpretation.
  • From annual to monthly reporting.
    Firms must now report to the FCA monthly via RegData, replacing the previous annual or ad-hoc approach. The regulator has real-time visibility into safeguarding positions.
  • Specialist CASS audits.
    The annual general audit is replaced by a specialist CASS audit. These are more focused, more technical, and conducted by auditors with specific CASS expertise.

What's actually changed

  • A named director with personal accountability.
    Every firm must appoint a single director or senior manager with clear, demonstrable responsibility for safeguarding compliance. This person has direct accountability to the FCA, not just internally.
  • Statutory trust structure.
    T    he legal basis for how client funds are held will move from simple segregation to a statutory trust, with an interim state in place while the FCA finalises the end-state transition timeline.
  • Third-party due diligence.
    Where safeguarded funds are held with third-party institutions, firms must conduct periodic reviews, not just initial due diligence at onboarding.

What CASS 15 requires

The four core pillars of the regime:

1-icon
Named director accountability

Every firm must appoint a single director or senior manager with clear, demonstrable responsibility for safeguarding compliance. This individual has personal accountability to the FCA - not just internal accountability. They must have sufficient authority, expertise, and seniority to oversee day-to-day compliance, accurate record-keeping, and effective reconciliation processes.
2-icon
Daily reconciliations

The previous requirement for reconciliations at an "adequate" frequency has been replaced by a mandatory daily reconciliation using a standardised methodology.

There is no longer room for interpretation on frequency or method.
icon-3-2
Monthly regulatory reporting

Firms must report to the FCA monthly via RegData, replacing the previous annual or ad-hoc approach.

The regulator has near real-time visibility into each firm's safeguarding position.
4-icon-3
Specialist CASS audits

The annual general audit has been replaced by a specialist CASS audit, conducted by auditors with specific CASS expertise.

These are more focused and more technically demanding than a standard compliance audit.

undefined-1On statutory trust status 

  • The end-state legal basis for how client funds are held will move from simple segregation to a statutory trust.
  • All firms are in the interim state while the FCA confirms the transition timeline.
  • Shieldpay is ready to move to trust status when that timeline is set.

What CASS 15 means for law firms using a TPMA

If your firm uses Shieldpay as your third-party managed account provider, CASS 15 directly affects the safeguarding arrangements around your client money.

Here's the practical implication: you are placing client funds with an FCA-regulated payment institution, CASS 15 means that institution is now held to the same safeguarding standard as an investment firm managing client assets. Daily reconciliations, specialist audits, named board-level accountability, monthly regulatory reporting.

For the law firms choosing a TPMA provider, this should prompt a question you may not have asked before: is your provider actually CASS 15 compliant?

The SRA permits law firms to use third-party managed accounts as an alternative to holding client money directly. But the SRA's permission does not automatically guarantee the provider is meeting its regulatory obligations. If a TPMA provider fails or mishandles client funds, the consequences for your clients are real. The FCA's enforcement record under the previous regime makes that clear.

 

In 2015, BNY Mellon was fined £126 million for safeguarding failures involving record-keeping and reconciliation for £1.3 trillion in assets. Aviva was fined £8.2 million in 2016 for failing to adequately protect client money and assets. More recently, One Call was fined £684,000 and its director personally fined £468,600 for mismanagement of client funds. The pattern is consistent: the FCA takes safeguarding failures seriously, and personal accountability is increasingly part of that.

For law firms, this matters. When you choose Shieldpay as your TPMA provider, your clients' funds are held within a safeguarding framework designed to return those funds quickly, accurately, and transparently - even in the unlikely event that something goes wrong with us. That's what CASS 15 is for. And that's why we're taking it seriously.

Why UK law firms do not need to hold client money

Running a client money account has always been a cost of doing business for law firms. The reconciliations, the annual accountant's report, the compliance overhead, the fraud exposure - firms have absorbed all of it because there was no serious alternative. It was just part of how legal practice worked. That's changing.

This article sets out what client account alternatives look like - and why the shift is less disruptive than most firms assume.

Read Blog

Questions about CASS 15 and Shieldpay

If you're a law firm with questions about our CASS 15 compliance position, or want to understand how our safeguarding arrangements work in practice, contact us at compliance@shieldpay.com.

You can also verify Shieldpay's FCA authorisation directly on the FCA Register: register.fca.org.uk (firm reference number 770210)..

Further reading

 

SRA-rule-2.5-image