Demivolt logo
Prisijungti

How to Safeguard Client Funds: 2026 SME Guide

Published 16 July 2026

Discover how to safeguard client funds effectively in 2026. Learn essential legal frameworks and build trust in your SME with our comprehensive guide.

How to Safeguard Client Funds: 2026 SME Guide

TL;DR:

  • Safeguarding client funds involves strict segregation, daily reconciliation, and accountability to meet FCA regulations. Failure to comply risks fines, reputational damage, and client trust loss. Implementing documented controls and choosing stable banks ensures reliable protection for client assets.

Client fund safeguarding is defined as the legal obligation to keep client money separate from a firm’s own finances, protecting those assets from business risk, insolvency, or misuse. For SMEs and e-commerce businesses that handle payments on behalf of clients, this is not optional. Regulators including the Financial Conduct Authority (FCA) treat it as a baseline requirement, and the consequences of getting it wrong range from financial penalties to permanent reputational damage. Knowing how to safeguard client funds is the first step toward building a business clients can trust.

The FCA sets the primary rules for client money protection in the UK through its Client Assets Sourcebook, commonly called CASS. CASS 15 covers payment institutions and e-money firms, while CASS 10A governs resolution planning. Supervisory rules under SUP 16.14A require monthly reporting, and SUP 3A mandates annual third-party audits. These rules apply to any SME or e-commerce firm that receives, holds, or transmits client money.

From may 7, 2026, new FCA safeguarding rules require firms to hold client funds exclusively in designated segregated accounts. Insurance and guarantee methods are no longer permitted for new arrangements. Firms holding more than £100,000 in relevant funds must perform daily balance checks, submit monthly FCA reports, and complete annual third-party audits. That shift removes ambiguity and makes segregation the only compliant path forward.

Infographic illustrating key steps in client fund safeguarding

Professional service firms face an additional layer of obligation under SRA Rule 8.3. This rule requires three-way reconciliation of client funds at least every five weeks, comparing bank statements, internal cash books, and client ledgers. Failing to meet this standard is treated as a breach of fiduciary duty, not just an administrative oversight.

Non-compliance carries serious consequences:

  • Regulatory fines and license suspension from the FCA
  • Criminal liability for firm directors in cases of deliberate misuse
  • Civil claims from clients whose funds were lost or misappropriated
  • Reputational damage that can end client relationships permanently
  • Forced wind-down if an insolvency practitioner cannot distribute funds quickly

The lesson from cases like Lehman Brothers is clear. Failures in client asset protection damage systemic market confidence far beyond individual losses. Regulators now prioritize the speed of client fund recovery after a firm failure, which is why resolution planning and segregation are non-negotiable.

How can businesses implement effective safeguarding controls?

Effective protection of client finances requires more than opening a separate bank account. It demands a documented system of controls that runs daily, monthly, and annually. The steps below reflect current FCA expectations and best practices for SMEs.

  1. Open a designated client account. The account must be labeled as a client account, held with an approved institution, and kept entirely separate from the firm’s operating funds. Review the full process for setting up segregated accounts before selecting a provider.
  2. Perform daily reconciliation. Daily reconciliation records must show the investigation and resolution of any discrepancies between the bank balance and the firm’s internal records. Leaving differences unresolved overnight is a compliance failure.
  3. Conduct three-way reconciliation at least every five weeks. Compare the bank statement, the internal cash book, and each client’s individual ledger. Any gap between these three sources signals a problem that requires immediate investigation.
  4. Separate duties across team members. The person who identifies aged checks or uncleared funds must not have authority to void or reissue those checks. Separation of duties is the single most effective internal control against embezzlement.
  5. Maintain complete client ledgers. Every client account must have its own ledger showing all receipts, disbursements, and the current balance. These records must be available for audit at any time.
  6. Obtain bank acknowledgment letters. The bank holding client funds must confirm in writing that it recognizes the trust status of the account and waives its right of setoff.
  7. Submit monthly FCA returns and schedule annual audits. For firms above the £100,000 threshold, these are mandatory under the 2026 rules. Treat them as fixed operational deadlines, not optional reviews.

Pro Tip: Automate daily reconciliation using accounting software that connects directly to your bank feed. Automation catches discrepancies in real time and creates a timestamped audit trail, which satisfies FCA documentation requirements without manual effort.

The table below summarizes the core reconciliation requirements by frequency:

Frequency Requirement Regulatory basis
Daily Balance check and discrepancy resolution CASS / FCA 2026 rules
Every five weeks Three-way reconciliation (bank, cash book, ledger) SRA Rule 8.3
Monthly FCA return submission SUP 16.14A
Annually Third-party audit for firms over £100,000 FCA Approach Document 2026

Accountant performing daily reconciliation with calculator

What common mistakes put client funds at risk?

Most safeguarding failures are not the result of deliberate fraud. They come from process gaps that accumulate over time until a discrepancy becomes impossible to ignore or fix.

The most damaging mistake is commingling. Using client money for business cash flow violates fiduciary duty even when the firm intends to replace the funds immediately. Regulators treat temporary use as a breach, not a technicality. The moment client money touches a business account, the firm is exposed.

Other common errors include:

  • Delaying the deposit of client funds received in cash or by check
  • Reconciling monthly instead of daily, which allows discrepancies to compound
  • Failing to investigate and document the resolution of every difference found
  • Allowing one person to control both disbursements and record-keeping
  • Neglecting to update the resolution pack when client balances or account structures change

Wire fraud is a growing threat that many SMEs underestimate. Thousands of businesses lost billions in 2024 to wire fraud targeting trust accounts. Verification protocols, such as calling the client on a known number before processing any new wire instruction, are now a practical necessity.

“Client funds must never be disbursed against uncleared deposits. Early verification of wire transfer instructions is the most effective defense against fraud targeting trust accounts.” — Legal Clarity

Discrepancies found during reconciliation must be investigated and resolved the same day. Leaving an unresolved difference in the records, even a small one, is a compliance failure under CASS rules and a warning sign of deeper problems.

How do you evaluate banks for segregated client accounts?

The bank holding your client funds is not a passive participant. Its financial stability, its willingness to recognize the trust status of the account, and its operational practices all affect whether your safeguarding structure actually works.

Simply opening a separate account is insufficient without confirming the institution’s stability and the proper trust status of the account. A bank that fails while holding client funds can create recovery delays that harm your clients and expose your firm to liability.

When evaluating a banking partner, check for these criteria:

  • Regulatory standing. The bank must be authorized and supervised by a recognized regulator. Confirm this directly, not just through marketing materials.
  • Written acknowledgment letter. The bank must confirm in writing that the account holds client funds in trust and that it waives the right of setoff. Without this waiver, the bank can seize client money to cover firm debts.
  • Account labeling. The account title must clearly identify it as a client account, which establishes its trust status in any insolvency proceeding.
  • Reporting and access. The bank must provide daily balance data and transaction records compatible with your reconciliation process.
  • Financial stability. Review the bank’s credit rating and regulatory history. Fordham Capital’s analysis of evaluating funding partners highlights that institutional due diligence is as important as product features when selecting financial partners.

Pro Tip: Review your banking arrangements at least once a year. Regulatory changes, bank ownership changes, or shifts in your client fund volumes can all affect whether your current setup remains compliant.

What steps maintain safeguarding compliance as regulations evolve?

Compliance is not a one-time setup. The 2026 FCA rules introduced new ongoing obligations that require firms to build safeguarding into their regular governance cycle.

  1. Assign a designated senior individual. One named person at director or senior manager level must be accountable for safeguarding compliance. This person signs off on monthly returns and annual audit results.
  2. Maintain and update the resolution pack continuously. The resolution pack must enable an insolvency practitioner to identify and distribute client funds promptly if the firm fails. Outdated records in this pack are a regulatory breach.
  3. Submit monthly FCA returns on time. Late submissions trigger supervisory scrutiny. Build the submission deadline into your finance calendar as a fixed, non-negotiable task.
  4. Schedule annual third-party audits. For firms above the £100,000 threshold, the audit must be conducted by an independent party. Use the audit findings to update your controls, not just to confirm compliance.
  5. Train your team regularly. Every person who touches client funds must understand the rules, the firm’s procedures, and the consequences of errors. Training records should be kept as evidence of your compliance program.
  6. Monitor regulatory updates actively. The FCA publishes guidance updates throughout the year. Subscribe to FCA alerts and review your compliance onboarding practices against new requirements at least quarterly.

Incorporating safeguarding into board-level governance, rather than treating it as a finance team task, signals to regulators and clients alike that the firm takes its obligations seriously.

Key Takeaways

Safeguarding client funds requires daily reconciliation, strict segregation, written bank acknowledgments, and a named senior individual accountable for compliance under the 2026 FCA rules.

Point Details
Segregation is mandatory From may 2026, client funds must be held in designated accounts only. Insurance methods are no longer permitted.
Daily reconciliation is required Firms must resolve all discrepancies the same day they are identified, with full documentation.
Bank acknowledgment letters matter Without a written waiver of setoff rights, a bank can legally seize client funds to cover firm debts.
Separation of duties prevents fraud No single person should control both disbursements and record-keeping for client accounts.
Compliance needs a named owner A designated senior individual must be accountable for monthly returns, audits, and resolution pack updates.

Why safeguarding is a business decision, not just a compliance task

The firms I see struggle most with client fund protection are not the ones that ignore the rules. They are the ones that treat safeguarding as a back-office checklist rather than a core business practice. That distinction matters more than most owners realize.

When a reconciliation discrepancy surfaces at month-end instead of the same day it occurred, the firm has already lost control of the situation. By the time an auditor or regulator asks questions, the paper trail is incomplete and the explanation is unconvincing. The damage is not just regulatory. It is the kind of thing clients find out about, and clients do not forget.

The 2026 FCA rules are not a burden. They are a forcing function that pushes firms toward the operational discipline that protects them as much as it protects clients. Daily reconciliation, documented controls, and a named accountable individual are exactly what a well-run business should have anyway. The regulation just removes the option to skip it.

Technology changes the economics of compliance significantly. Automated reconciliation tools eliminate the manual effort that used to make daily checks impractical for small teams. Firms that invest in the right infrastructure find that safeguarding costs less time than they expected and creates a level of financial visibility that improves decision-making across the business.

The ethical obligation is real, and it outweighs the administrative inconvenience. Client money is not the firm’s money. Treating it as anything else, even briefly, is a breach of the trust that makes the business relationship possible in the first place.

— dd

Demivolt’s tools for protecting client finances

Businesses that need to keep client payments secure and compliant have a practical starting point with Demivolt’s payment infrastructure. Demivolt is a regulated European fintech platform built for SMEs and e-commerce firms that handle cross-border transactions and need dedicated account structures to meet safeguarding obligations.

https://demivolt.com

Demivolt’s free IBAN validation tool checks account details against ISO 13616 standards before any payment is processed, reducing the risk of misdirected funds. The broader suite of free SEPA payment tools supports secure, compliant payment processing for firms operating across European markets. For businesses ready to build a full segregated account structure, Demivolt’s business banking platform provides dedicated IBAN accounts, role-based user management, and multi-account support designed around compliance-first operations.

FAQ

What is client fund safeguarding?

Client fund safeguarding is the legal requirement to hold client money in accounts that are separate from a firm’s own funds, protecting those assets from business insolvency or misuse. It applies to payment institutions, e-money firms, and professional service providers handling client money.

Why do SMEs need to safeguard client funds?

SMEs that receive, hold, or transmit client money are subject to FCA rules including CASS 15 and the 2026 safeguarding update, which mandate segregation, daily reconciliation, and monthly reporting. Non-compliance can result in fines, license suspension, and civil liability.

How often must client funds be reconciled?

FCA rules require daily balance checks and same-day resolution of discrepancies. Professional service firms under SRA Rule 8.3 must also perform a full three-way reconciliation at least every five weeks.

What is a bank acknowledgment letter and why does it matter?

A bank acknowledgment letter is a written confirmation from the bank that the account holds client funds in trust and that the bank waives its right of setoff. Without this letter, the bank can legally seize client funds to cover the firm’s debts.

What happens if client funds are mixed with business money?

Commingling client funds with business money, even temporarily, breaches fiduciary duty and FCA rules. It can result in regulatory penalties, criminal liability for directors, and permanent damage to client relationships.