The FCA compliance shift causing AML to break in the back office
FCA compliance has often been at the odds of facilitating swift payments and e-payment innovation, and that’s showing no signs of stopping. Beyond customers’ expectations to see their payments settled in milliseconds, regulators are making that process mandatory, and now, operational hazards face even further scrutiny following updated FCA guidelines around safeguarding customer monies.
As of 7 May 2026, UK payments companies will face aspects of the FCA’s CASS (Client Assets Sourcebook) regime – a set of rules dictating the need for firms to segregate, protect, report and release full assets back to customers as quickly as possible should a firm fail (a key enforcement in the investments sector).
This of course brings AML infrastructure into question: if legacy back office AML infrastructure at FCA regulated firms is unable to safely run real-time payments, or track and report transactional activity, they could incur insurmountable commercial and criminal consequences, pulling the rug from underneath unprepared payments businesses set up to put customers’ financial capabilities first.
When AML is more than a monitoring problem
FCA compliance requirements clearly stress the importance of continuous transaction monitoring, and transparency around client money movements granted by this regulatory technology is becoming a baseline requirement for modern AML. As well as housing an audit log, this process can more accurately contextualise payments, alert anomalous activity and focus investigations on entities that may need to be reported to law enforcement. When there are delays to such investigations, Suspicious Activity Reports (SARs) lag or miss irregularities, and contribute to AML weaknesses.
Similarly, e-payment companies face the looming spectre of near-instant payments – the UK’s Fast Payments services connects financial companies to settle transactions in seconds, similarly for the EU’s SEPA Instant Credit Transfer scheme. When back office architecture conducts reconciliation cycles in batches every day (or, in some cases, weekly) and houses potentially outdated customer data in fragmented systems, that poor accounting leads to blindspots which laundering behaviour can simply bypass – with criminals now exploiting the availability of digital assets and complex payment rails.
A sound AML system relies on data hygiene, something that will become more obvious given new safeguarding protocols outlined by FCA guidelines.
The need to segregate client funds
Within this is the need for payment firms to clearly segregate client funds, with audit-ready reports of funds being reconciled to customers. Already, CASS covers multiple FCA regulated firms from banks to asset managers and crowdfunding platforms – and it’s a growing requirement with corporate insolvency growing to a level since the UK’s 2008 recession the past few years. Over 23,000 companies folded in 2024 in England and Wales alone.
Now that payment firms will be included in the legislation, their growing consumer bases provide more risk of exposing people to harm if a business cannot repay their funds instantly. Already, the volume of safeguarded funds by e-money institutions rose to £26 billion in 2024, double the figure from three years prior. And without proper risk assessments, client funds and operational funds can also become mixed in what’s known as aggregation risk; the ownership and transactional movements of these assets becomes very unclear, and plays brilliantly into launderers’ hands who can continue layering and integrating their dirty cash.
Weak data controls can correlate legitimate client money with suspicious flows, and that’s dangerous for AML – a complete lack of transparency ignoring best practice making any UK firm FCA compliant.
How the UK regulator is reacting
Because of this, investment firms scrutinised by the CASS FCA compliance manual are targets for FCA penalties, and the reputational damage that comes with it. Likewise, institutions facilitating e-payments will face the very same challenges, namely auditing granular customer data, increasing recordkeeping, conducting real-time reconciliation and ensuring continuous entity resolution for consistent audit readiness and SAR submission.
Not only do 10% of UK-based holders of e-money accounts transact primarily using digital money, but the FCA has noted in its Financial Lives Survey 2022 that 40% of e-money account holders showcased at least one characteristic of vulnerability, with the reliance on e-money only expected to grow in the coming years.
It’s become completely imperative for payment firms to enhance their compliance requirements to maintain the integrity of the sector, and to make sure they make customers’ experiences smooth and swift – for daily cross-border payments, or for reconciliation if the worst happens.
How payments firms can mitigate back-office AML risk
Ad hoc, manual AML processes that multiple firms rely on for monitoring and reporting are outdated, and not a framework to help accommodate the rules arriving as early as May this year. Reconciliations at some firms are still based on Excel, with legacy processing systems remaining on-premises, inflexible and sharing data over siloed reporting stacks.
This grants no way to account for higher volumes of customer payments which need to be validated instantly – and is unsustainable in a financial market that expects a high level of regulatory oversight. Instead, firms should seek to better embed safeguarding into their AML systems using strategic RegTech partnerships, deploying an elastic architecture to automate monitoring and reporting capabilities and facilitate real-time payments for growing FCA-mandated rules:
Automate reconciliation against frequency
FCA compliance requirements will require payment and e-money institutions to provide daily reconciliation of relevant funds, as well as monthly reports of safeguarded funds to the FCA and an annual audit. With this, a modern engine to facilitate payments is required; enabling real-time or event-triggered reconciliation that is missing from batch checks or relying on spreadsheets.
Make safeguarding a key AML control
All AML platforms at payment institutions must reduce aggregation risk with underlying internal policies and procedures that can adapt to regulatory change. Firms must also carry out annual due diligence on their third parties that hold relevant funds – achieved through know your vendor (KYV) capabilities that are updated automatically for entity information to be resolved in risk profiles.
Implement RegTech that supports continuous AML
In order to track transaction data around the clock, and match it with client balances, an embedded AML platform can integrate siloed systems into a single source of truth. This boosts auditability across payments for every reconciliation cycle, and continuously monitors changes in extraneous activity to alert genuine risk in real-time.
Prepare for FCA scrutiny
All firms are expected to maintain a CASS Resolution Pack: a plan to ensure relevant funds get distributed swiftly, and contingencies for the reconciliation process to be followed in case of insolvency. A RegTech platform can provide full evidence of how AML controls operate, their effectiveness in validating entities, as well as tracked activity logs for reporting and supervisory audits.
Bringing back-office tasks to the AML frontline
FCA compliance for AML is becoming more of a vice-grip, and it’s unignorable for payment firms that are having to react to their world becoming enhanced (and more criminally threatened) by digital rails, typologies, and regulatory backlash. No longer is maintaining sound monitoring and SAR reporting a dream scenario, as this year’s FCA safeguarding controls will force business’ AML operations to branch out further into robust reconciliation and client asset segregation.
This takes a mindset shift rather than a few tweaks to AML controls. If firms ignore the need for immediate payment verification and continuous monitoring, they will face the CASS enforcement of the investment sector, and struggle to be AML-ready institutions that customers (and the FCA) expect. Trust is a major differentiator in the e-payments world, and it’s very much linked to operational effectiveness.
With reconciliation brought under the AML banner, compliance again becomes a competitive advantage to the firms that obey – who do not have long to take the vital next steps.
