Why safeguarding visibility starts with a unified ledger.

Most payments and e-money firms do not have a safeguarding data problem. They have a safeguarding data assembly problem. CASS 15 has made that distinction expensive.

Ask a payments or e-money firm whether it knows what it owes its customers, and the answer is almost always yes. Ask whether it knows what it holds in safeguarding accounts to protect them, and the answer is yes again. Ask whether it can show, right now, the two numbers side by side, drawn from current data, on the same screen, with a complete record of what has moved between them since this morning, and the answer becomes more interesting. In most firms, that is not a question the systems can answer without help.

This is the visibility problem the new safeguarding regime has put a spotlight on.

It is not, in the usual sense, a data shortage. Most firms have everything they need, somewhere. The customer ledger knows what is owed. The bank portals know what is held. The payment processor exports show what is in flight. Internal cashbooks, claims systems, refund logs, FX conversion tables and a string of spreadsheets each carry part of the picture. The trouble is that no single place in the business carries all of it at once, in a current and reviewable form. Pulling it together once a month, for the return or for the auditor, is demanding enough. Doing it every business day, to a standard that survives scrutiny, is a different task altogether.

What CASS 15 actually expects firms to see

Under the chapter introduced by Policy Statement PS25/12 and in force since 7 May 2026, the safeguarding rules set a books and records expectation that does not bend. A firm must be able to identify the funds it holds as relevant funds, distinguish them from its own, and do so at any time, without delay.

That phrasing matters. It describes a state of continuous visibility, not a monthly assembly job.

Sitting on top of that, the chapter requires reconciliation of what is owed against what is held, both internally between the customer ledger and the firm’s records of safeguarded amounts, and externally against bank and third-party data, on each reconciliation day. Any discrepancy is to be corrected promptly. The resolution pack expectation in CASS 10A then assumes that, if the worst happens, the firm can produce a clear, current picture of relevant funds and the customers they belong to, so that money can be returned without delay.

Read those three obligations together and a single operational requirement falls out of them.

The firm needs to see, in one place, what it owes and what it holds, with the underlying detail intact, every business day. Fragmented data cannot deliver that. It can deliver the appearance of it once a month, with enough effort, but the appearance is the part the regime is moving away from.

What goes wrong when the picture is fragmented

Three things, predictably, in the firms we have looked at.

The first is timing. If the picture lives across five sources, the firm can only see it when someone takes the time to assemble it, and that time tends to fall at month end. By then, the small discrepancy from two weeks ago has either resolved itself, quietly, or grown into something larger. Breaks that should have been corrected the same day get caught in the next cycle instead, or the cycle after that. The cost of late detection is not always financial. Often, it is the loss of the trail that would have explained how the break happened in the first place.
The second is evidence. When an auditor or the regulator asks how a particular break was handled, a stitched-together story drawn from four spreadsheets and an email thread does not carry the weight. The firm did the work, very often. It just cannot prove it cleanly. In a regime that is increasingly built around demonstrable control rather than periodic disclosure, work that cannot be proved is, for practical purposes, work that did not happen.
The third is speed in resolution. The CASS 10A resolution pack is not really about a document. It is about the firm’s ability to move quickly under stress, with a clear picture of relevant funds and the customers they belong to. Fragmented data makes that act of assembly slow exactly when speed matters most. The firms that have thought hardest about this are the ones that have realised the resolution pack is, in effect, a daily readiness exercise, not an annual paperwork one.

What a unified ledger actually is

The term unified ledger does not appear in the rules.

It is not a regulatory artefact.

It is the operational answer to what the rules now require.

In plain language, a unified ledger is a single view of what is owed to customers, set against what is held to protect them, drawn from all the underlying sources, kept current, and reviewable. Customer ledger data, safeguarding account balances, bank and third-party records and exception activity sit together, and when one of them moves, the picture moves with it.

Two things are worth being clear about. A unified ledger is not a dashboard in the cosmetic sense. It is the connecting tissue underneath one. And it does not replace the firm’s existing systems. The customer ledger, the cashbook, the bank feeds and the payment processor records all still matter. The unified ledger is the layer that brings them into a single operational view and reconciles the result. Done well, it makes the question “what is happening with safeguarding right now” answerable without phoning anyone.

What changes when a firm has a unified ledger?

The change is easier to describe than to engineer.

Breaks surface the day they happen rather than three weeks later, because the comparison runs every business day. The trail behind every action is captured automatically, because the actions take place inside the system that holds the picture, rather than in messages and workbooks outside it. Senior

managers get a current view of safeguarding exposure rather than a monthly snapshot, which changes the questions they can ask and the speed at which they can ask them. And when a regulator, auditor or board member wants the firm’s safeguarding position, the firm produces it rather than reconstructs it.

This is the work Imperium(L) Prism is built for. Prism brings the owed side and the held side together, runs internal and external reconciliation daily, surfaces breaks the same day, captures a timestamped audit trail of every action and turns controlled reconciliation into the data behind the monthly safeguarding return. The technology has supported businesses in live, high-volume environments for over 12 years, so the operational logic behind it has already been tested against real money, real reconciliations and real audits.

Safeguarding under CASS 15 starts with a question that sounds simple. What does the firm owe its customers, and what is it holding to protect them, right now? The firms that can answer cleanly will find the rest of the regime manageable. The ones that cannot will spend the next audit cycle trying to assemble an answer they should have been able to see all along.

Frequently Asked Questions

What is a unified ledger?

A unified ledger is a single, current view of what a firm owes its customers set against what it holds to protect them, drawn from the firm’s customer ledger, safeguarding account balances, bank and third-party records and exception activity. It is the connecting layer beneath any safeguarding dashboard, not a replacement for the underlying systems.

Does the FCA require a unified ledger?

No. The CASS 15 rules do not mandate a unified ledger by name. They require firms to maintain accurate books and records that identify relevant funds at any time without delay, to reconcile what is owed against what is held both internally and externally on each reconciliation day, and to maintain a resolution pack. Meeting those obligations daily, on fragmented data, is the operational difficulty a unified ledger is built to remove.

How often must a payments or e-money firm reconcile under CASS 15?

CASS 15 requires reconciliation of what is owed against what is held on each reconciliation day, both internally between the customer ledger and the firm’s safeguarding records, and externally against bank and third-party data. Discrepancies are to be corrected promptly.

Does a unified ledger replace existing finance systems?

No. A unified ledger sits across the firm’s existing customer ledger, cashbook, bank feeds and payment processor records and brings them into a single operational view. The underlying systems remain, and the firm continues to rely on them.