Skip to content
Close
Sign in
Contact us
Sign in
Contact us

Solutions

Applications

Resources

Shieldpay is CASS 15 compliant

On 7 May 2026, the FCA's new CASS 15 regime came into force for payment institutions and e-money firms across the UK. Shieldpay is fully compliant.

This page sets out what CASS 15 requires, where Shieldpay stands, and what it means for law firms using Shieldpay as their third-party managed account provider.

CASS 15 Compliance - round corners

What CASS 15 requires

CASS 15 is the FCA's new Supplementary Safeguarding Regime, introduced through Policy Statement PS25/12.

It replaces the previous safeguarding framework that operated under the Payment Services Regulations and the Electronic Money Regulations, bringing payment institutions in line with the rigorous client asset protections that have long applied to investment firms.

CASS 15 Compliance 2 - round corners
CASS 15 core pillars

The four core pillars of the regime are:

1-icon
Named director accountability

Every firm must appoint a single director or senior manager with clear, demonstrable responsibility for safeguarding compliance. This individual has personal accountability to the FCA - not just internal accountability. They must have sufficient authority, expertise, and seniority to oversee day-to-day compliance, accurate record-keeping, and effective reconciliation processes.
2-icon
Daily reconciliations

The previous requirement for reconciliations at an "adequate" frequency has been replaced by a mandatory daily reconciliation using a standardised methodology.

There is no longer room for interpretation on frequency or method.
icon-3-2
Monthly regulatory reporting

Firms must report to the FCA monthly via RegData, replacing the previous annual or ad-hoc approach.

The regulator has near real-time visibility into each firm's safeguarding position.
4-icon-3
Specialist CASS audits

The annual general audit has been replaced by a specialist CASS audit, conducted by auditors with specific CASS expertise.

These are more focused and more technically demanding than a standard compliance audit.

undefined-1On statutory trust status 

  • The end-state legal basis for how client funds are held will move from simple segregation to a statutory trust.
  • All firms are in the interim state while the FCA confirms the transition timeline.
  • Shieldpay is ready to move to trust status when that timeline is set.

Shieldpay's CASS 15 position

 

Requirement Shieldpay's Position
CASS 15 compliance Fully compliant as of 7 May 2026
Named CASS director Michael Blackwell, CFO
Daily reconciliations In place
Monthly RegData reporting In place
Specialist CASS audit First audit due H1 2027
CASS Resolution Pack Maintained as a living document - retrievable within 48 hours
Third-party due diligence Periodic reviews in place for all safeguarding partners
Statutory trust status Interim state - ready to transition when FCA confirms timeline

 

 

 

What this means for law firms

If your firm uses Shieldpay as your third-party managed account provider, CASS 15 directly affects the safeguarding arrangements around your client money - and it should prompt some due diligence questions about any TPMA provider you work with.

The key question to ask any TPMA provider: are you CASS 15 compliant, and who is your named CASS director?

The SRA permits law firms to use third-party managed accounts as an alternative to holding client money directly. But SRA permission does not guarantee the provider is meeting its own regulatory obligations. If a TPMA provider fails or mishandles client funds, the consequences for your clients are real.

icon-charcoal-shield

The FCA's enforcement record under the previous regime is instructive:

  • BNY Mellon was fined £126 million in 2015 for record-keeping and reconciliation failures involving £1.3 trillion in assets.

  • Aviva was fined £8.2 million in 2016 for under-segregation of funds and inaccurate reporting.

  • One Call was fined £684,000 - and its director personally fined £468,600 - for mismanagement of client funds.

The pattern is consistent: safeguarding failures carry significant consequences, and personal accountability is increasingly part of that.

CASS 15 raises the floor for every payment institution. It also makes it easier to distinguish firms that are genuinely compliant from those that are not.

Beyond compliance:
what we're working towardsIndigo Business Woman - round corners

Compliance with CASS 15 is the minimum bar. Shieldpay clears it. But the FCA and our auditors are clear that the firms that stand out under the new regime are those that can show safeguarding is embedded as a genuine governance priority - not a box-ticking exercise.

That means:

  • Daily reconciliations run as a core operational function, not a compliance task
  • A CASS Resolution Pack maintained as a living document, not a static file updated at audit time
  • Board-level oversight with real authority, not just a named title
  • Periodic reviews of third-party safeguarding arrangements with Citi and ClearBank

The FCA's specialist CASS auditors know the difference. So do the law firms that take their client money obligations seriously.

Questions about CASS 15 and Shieldpay

If you're a law firm with questions about our CASS 15 compliance position, or want to understand how our safeguarding arrangements work in practice, contact us at compliance@shieldpay.com.

You can also verify Shieldpay's FCA authorisation directly on the FCA Register: register.fca.org.uk (firm reference number 770210).

For more on how Shieldpay works as a third-party managed account provider, visit our TPMA page.

Further reading

 

SRA-rule-2.5-image