Webinar Key Takeaways: How EMIs and PIs can use CASS 15 to lead.
As the CASS 15 deadline approaches, firms are focused on how to make the more demanding safeguarding regime work in practice.
To explore this, Aurum Solutions brought together Clément Bourcart (Head of Solutions at Aurum Solutions), Dmitriy Disskiy (Chief Information Officer at Unlimit), Nicholas Webb (Managing Director and Head of Digital Services at Cosegic, and former FCA manager) and Vessy Reid (CASS Oversight Officer and Safeguarding Accountable Owner at Wise).
The most useful takeaway was not a single rule or requirement; it was a shift in mindset. The firms that approach CASS 15 as a core part of their operations, not a compliance layer on top, will be in a stronger position.
TL;DR Key recommendations:
- Start with the purpose: Understand what the regulation is trying to achieve, then translate it into operational tasks that reflect your processes
- Embed safeguarding into company culture: Expand ownership and awareness beyond compliance across treasury, finance, operations, and product to ensure true engagement in implementing changes
- Define and centralise your data architecture: Align data across systems to improve visibility, track, escalate and report from one platform
- Automate early, with control: Support scale while maintaining oversight and guaranteeing an immutable audit trail
- Strengthen third-party oversight: Apply consistent criteria to assess providers and jurisdictions as responsibility always sits with your firm
- Prepare for audit from day one: Build evidence across processes and decisions, educating auditors on your unique operations
What firms should take from the conversation:
- Growth does not sit on one side and regulation on the other.
A common concern across the industry is that the new requirements under CASS 15 will slow growth through operational pressure. The panel challenged this view.
It’s not either or. It’s not either you have regulation or you have growth. They go together.
Vessy Reid, CASS Oversight Officer and Safeguarding Accountable Owner, Wise
This is more than a philosophical point. In practice, safeguarding failures do not remain confined to compliance. They affect onboarding, operations, investor confidence, and in serious cases, a firm’s ability to continue business. Strong safeguarding builds trust with customers and partners, while reducing the risk of disruption. Nicholas added a commercial lens.
Compliance is now a multiplier of value.
Nicholas Webb, Managing Director and Head of Digital Services, Cosegic
Buyers and investors are paying attention to operational resilience now, more than ever. Firms that can show clear, well-evidenced safeguarding processes are better positioned during due diligence and more trusted by customers.
For finance leaders, CASS 15 should be the start of building a more robust, investable business.
- Start with the reason for safeguarding, then turn it into simple tasks.
One of the most practical insights from the discussion was how to approach implementation.
The speakers agreed that the starting point for successful compliance should not be the rulebook. Instead, firms should focus on the regulation's purpose. Ultimately, safeguarding exists to protect customer funds. Once this is understood, the next step is to translate this objective into simple, deliverable tasks across the business.
Vessy described this as breaking down the “why” into something that each team can act on. That means looking at current processes, identifying gaps, and deciding what needs to change. She emphasises the importance of explaining CASS 15 changes in language that teams across operations, treasury, finance, and product can understand.
This is where many firms struggle. Safeguarding sits across multiple functions, and so cannot be delivered by one team in isolation. Nicholas made this point clearly. CASS 15 is not a compliance-only exercise; it requires input across the business, from the board to day-to-day operations.
Clément added a practical layer. Firms need structure to ensure teams are working from the same, consistent data. To do so, they must track data across systems and “bring everything into one process”.
Vessy, with her experience overseeing safeguarding at Wise, reinforced the importance of clarity here, explaining that she acts as a “lobbyist for safeguarding” to ensure it remains visible across the organisation. This builds consistency over time and reduces the risk that safeguarding becomes a box-ticking exercise.
Actionable steps for firms preparing for CASS 15:
1. Start with the core principles
2. Map them to your actual processes
3. Turn them into clear actions that each team understands and owns
- Regulatory intent must meet your operational practical reality.
Unfortunately, understanding the end goal does not remove the complexity of achieving it.
With unique systems, funding flows, and operational structures varying, applying the rules across different environments requires judgement.
Each company is unique… [they have] a million different smaller processes and requirements.
Dmitriy Disskiy, Chief Information Officer, Unlimit
For many, the first CASS audits will surface issues. This is not because firms are ignoring requirements. It is because translating them into a working model and then evidencing that model is difficult.
Whilst on the front-end things look very similar, when you dig beneath the hood, every business is structured differently.
Nicholas Webb, Managing Director and Head of Digital Services, Cosegic
Vessy highlighted the importance of documenting these decisions. Where there is room for interpretation, firms need to be clear about how they arrived at their approach, starting by ensuring the direction is fully understood internally.
In addition, auditors may not fully understand the dynamics of payment firms, especially where they are more familiar with investment firms. She explains that taking them through the nuances of how your product works, how funds move, and how records are created is essential to a positive outcome.
For finance teams, this means planning for scrutiny of both outcomes and reasoning. The question is not only "are you compliant”, but “how did you get there.
- Immutable audit trails are a must-have.
CASS 15 raises the bar on evidence.
Having a robust process whereby you… can demonstrate confidently that you know on any given day what your client position is is now fundamental
Clément Bourcart, Head of Solutions, Aurum Solutions
Nicholas pointed to a common gap: “Whilst a firm might be doing the right thing in practice, all too often they don’t have documentary evidence to prove they did do the thing.” Firms need consistent, traceable records. “Being able to categorically show who, what, why, when for all decisions that were taken…that's a fundamental shift,”
Dmitriy brought this down to a practical level.
Excel won’t work anymore, that’s for sure.
Dmitriy Disskiy, Chief Information Officer, Unlimit
While spreadsheets are not banned under CASS 15 rules, and may still play a role in smaller firms, they often fall short. The challenge lies in proving immutability, obtaining sign-off, and maintaining a clear audit trail. Dmitriy explains that “Any serious company that is planning to be CASS 15 compliant must implement appropriate systems where the audit evidence… is impossible to alter.”
Automation becomes essential here. As Clément explains, high transaction volumes and daily checks make manual processes difficult to sustain.
Having a tool… that automates that process effectively, gives you a clear view of breaches… and allows you to act on these balances rapidly.
Clément Bourcart, Head of Solutions, Aurum Solutions
However, automation does not remove responsibility.
The panel agreed that automation must be designed carefully. Firms need to understand what is being automated, how it fits their processes, and maintain the right controls around escalation, validation, and oversight. The underlying message is simple: even when using third-party tools, accountability stays with the firm.
What’s next?
The first year of CASS 15 will not be perfect for many firms. There will naturally be areas to improve, both internally and across the industry. However, the way that firms approach the deadline now will certainly affect the extent of adjustments they need to make later.
Ultimately, some will treat safeguarding as a one-off project, tied to the May deadline. Others will treat it as an ongoing discipline, built into how they operate, collaborate, review, and improve over time. The second group will be in a stronger position, better prepared for audits, able to resolve issues faster, and, most importantly, build trust with customers and partners.
Safeguarding is a culture… it needs to be lived and breathed every single day.
Vessy Reid, CASS Oversight Officer and Safeguarding Accountable Owner, Wise
Our conclusion:
CASS 15 offers an opportunity to improve resilience and competitiveness. With clear, purpose-driven processes and the right systems to support them, EMIs and PIs can turn the new regulatory change into a catalyst for growth.
Aurum Solutions’ Safeguarding Control Centre gives you the control needed to manage safeguarding with confidence.
The platform brings safeguarding reconciliation, client money oversight, reporting, sign-off workflows, and audit trails into one place, helping your team identify issues early and investigate them with full visibility.
See the product today:
As Aurum Solution’s CMO, Vasco Vaz Rodrigues heads up the marketing department and oversees the generation of original insights for financial professionals. Paired with Aurum’s ability to optimise their time, marketing output therefore ensures that the Aurum Solutions brand provides more than just software but holistically empowers entire finance teams.
