I. The Architecture of the New Regime
PS25/12 was published by the FCA on 7 August 2025 following consultation paper CP24/20 (September 2024) and an earlier discussion paper on payments firm safeguarding.¹ The new framework fundamentally reconfigures the obligation from point-in-time attestation to continuous, documented, and supervisory-ready compliance.
The FCA's impetus is well-evidenced. Analysis of payment firm insolvencies between 2018 and 2023 found an average 65% shortfall between client funds owed and those held in safeguarding accounts — a structural failure that PS25/12 is explicitly designed to prevent.² The framework introduces four interconnected obligations.
Daily Reconciliation
Firms are required to perform three-way reconciliation — internal ledger, bank statement, and scheme settlement — on each reconciliation day, which excludes weekends, UK bank holidays, and days when relevant foreign markets are closed.³ For a firm processing 50,000 daily transactions across four currencies and three settlement schemes, achieving this reliably without automation is an operational risk, not merely an inconvenience.
Monthly Regulatory Returns
Monthly safeguarding returns submitted via FCA Gabriel and RegData must accurately reflect average safeguarding positions, methodology, and any shortfalls identified during the reporting period. The FCA has made clear that data quality in these returns will be a supervisory focus; inaccurate submissions trigger intervention.⁴
Annual Audit Pack
The annual safeguarding audit has been significantly upgraded in scope. Auditors are now expected to review reconciliation methodology, controls architecture, and the complete evidence trail. The audit pack is typically expected to contain twelve months of daily reconciliation outputs, exception logs, management information, and governance sign-off records — all assembled in a traceable, examiner-ready format.⁵
Breach Detection and Escalation
Firms are expected to maintain systems capable of identifying a safeguarding shortfall as it emerges and escalating it through a documented governance path in a timely manner. The regime implies real-time or near-real-time monitoring — not end-of-day batch review.
"The safeguarding of client money must be demonstrably effective at all times, not merely asserted. The FCA expects firms to have systems and controls that identify shortfalls as they arise, not retrospectively." — FCA, PS25/12, August 2025¹
II. Why the Manual Model Has Reached Its Limit
The compliance challenge under PS25/12 is not workload. It is accuracy at scale. The regulatory framework demands machine-readable, tamper-evident outputs that survive adversarial scrutiny. Spreadsheet-based reconciliation produces neither.
Consider the evidence chain required for a single day of compliance: the ledger extract must be reconciled against scheme settlement files from Visa, Mastercard, and Faster Payments; discrepancies must be investigated and resolved; unallocated funds must be classified; and the output must be timestamped, versioned, and linked to governance approval. Multiply this by 250 reconciliation days per year. The probability of an undetected material error in a manual process is not low — it is near-certain at scale.
This is precisely the failure mode the FCA is targeting. The 65% average shortfall at failed firms did not arise from malicious intent. It arose from control architectures that could not maintain accuracy under operational pressure.²
III. The AI-Enabled Compliance Architecture
The technical architecture required for continuous PS25/12 compliance is well-defined. It requires automated data ingestion from all settlement schemes, AI-driven reconciliation and discrepancy classification, predictive liquidity monitoring, and governed output generation. This architecture also happens to produce the ancillary capabilities — daily breach prediction, one-click audit pack generation — that transform compliance from a cost centre into a supervisory asset.
Automated Three-Way Reconciliation
360 Fintech AI's safeguarding module ingests scheme settlement files, bank statements, and internal ledger positions at end of each reconciliation day. AI classification handles unallocated funds, timing differences, and scheme billing discrepancies automatically. The reconciliation output is timestamped, signed, and immediately audit-ready — requiring no manual assembly.
Predictive Breach Detection
The platform's liquidity forecasting model analyses inbound transaction flows, pending settlement cycles, and FX exposures to identify potential safeguarding shortfalls typically 24 to 72 hours in advance, depending on the nature and velocity of the exposure. Compliance teams receive actionable advance warning, not a post-hoc notification of a shortfall that has already materialised.
Governance-Ready Audit Pack
The annual audit pack is assembled automatically from twelve months of daily reconciliation records, exception logs, and governance approvals. In client deployments, the time from audit request to pack delivery has reduced from several weeks to a matter of hours — a change that materially alters the dynamics of supervisory engagement.
IV. Enforcement Context
The FCA has signalled a clear intent to use its enforcement powers under the new safeguarding framework. Firms found to have material deficiencies face financial penalties, skilled persons reviews under Section 166 of FSMA, and in serious cases, variation of regulatory permissions. An enforcement action in this space carries reputational consequences that extend well beyond the regulatory fine — it affects investor confidence, client retention, and commercial partnerships.
The calculus for a UK-licensed payment firm in 2026 is straightforward: the cost of investing in automated safeguarding compliance infrastructure is a known quantity; the cost of a material safeguarding failure, including potential FCA enforcement, is open-ended and almost certainly larger.
The FCA has authority under FSMA 2000 to vary or cancel the permissions of payment firms that cannot demonstrate adequate safeguarding controls. In 2024 and 2025, the FCA exercised variation of permission powers against multiple payment firms with deficient safeguarding arrangements. Source: FCA Supervisory Data, 2024–2025⁴
V. Implementation Pathway
For firms currently managing safeguarding manually, the transition to continuous compliance is best approached in three stages. First, establishing automated data feeds from all settlement schemes and banking partners — this removes the manual ingestion bottleneck. Second, deploying AI reconciliation to handle the daily three-way matching and exception management. Third, activating governance workflows that route exceptions and approvals through a documented, timestamped chain.
360 Fintech AI's PS25/12 readiness assessment identifies gaps in current control architecture and provides a structured implementation roadmap. The assessment takes approximately 30 minutes and is available to all UK-licensed payment institutions.
Contact us at hello@360fintech.ai or book a live demonstration at www.360fintechai.com.