If you are building or acquiring an electronic money institution, safeguarding is one of the first areas regulators, banking partners, auditors, and serious counterparties will examine. It is not a side topic. It is one of the core prudential disciplines that separates a credible EMI from a weakly structured payments business.
In simple terms, safeguarding means protecting customer funds so they remain ring-fenced from the EMI’s own money and, critically, are better protected if the firm gets into financial trouble. Under the EU e-money framework, an EMI must safeguard funds received in exchange for issued electronic money, and where funds come in through a payment instrument, they must be safeguarded once available to the EMI and in any event no later than five business days after issuance.
That legal point matters because many founders still confuse safeguarding with general treasury management. It is not the same thing. Safeguarding is not simply “keeping enough liquidity in the company.” It is a legal and operational structure designed to protect client money from the EMI’s business risks. E-money funds are also not the same as bank deposits, and the EU framework treats them differently. The E-Money Directive says funds received in exchange for e-money are not deposits, and the EBA has clarified that such funds do not fall within deposit guarantee scheme protection.
For that reason, safeguarding requirements for EMI companies should be treated as a board-level design issue, not an afterthought delegated to finance or compliance at the very end of licensing.
What safeguarding means for an EMI in practice
An EMI receives funds from customers and issues electronic money in return. The regulator expects those customer funds to be protected in a way that keeps them distinct from the institution’s own operating money. In practice, that means the firm must build a safeguarding model, document it, test it, and operate it every day with discipline.
For most firms, the real question is not whether safeguarding exists, but whether the chosen setup is actually workable under live operating conditions. Can the institution identify safeguarded balances at any given moment? Can it reconcile customer liabilities against safeguarded funds quickly and accurately? Can it prove that access rights, account structure, escalation rules, and insolvency protections are properly designed? Those are the questions that matter during licensing and supervision.
The EBA’s authorisation guidelines show how detailed the regulator’s expectations are. For EMIs, the safeguarding section of the application must describe the investment policy where low-risk assets are used, who has access to the safeguarding account, how administration and reconciliation work, how funds are protected against the claims of other creditors in insolvency, and even include the draft contract with the credit institution. Where insurance or a comparable guarantee is used, the applicant must describe coverage sufficiency, renewal, reconciliation, and provide the draft agreement.
That is why electronic money institution safeguarding is never just a legal sentence in a policy. It is an operating model.
The two core safeguarding routes
At a high level, the EU payments framework works with two familiar protection routes: segregation of relevant funds in a separate account or equivalent low-risk asset structure, and insurance or a comparable guarantee. The EBA’s EMI authorisation guidance explicitly addresses both approaches for electronic money users’ funds and, where relevant, payment service users’ funds.
1. Segregated safeguarding account
This is the route many market participants first think about. The EMI places relevant customer funds into a separate safeguarding account with a credit institution, or in some cases into secure, liquid, low-risk assets where the legal framework and supervisory expectations permit that structure. The point is simple: safeguarded money should be clearly separated from the firm’s own operating cash.
However, a safeguarding account for EMI business is only the visible top layer. The real work sits underneath:
- clear identification of relevant funds,
- precise daily reconciliation,
- restricted access rights,
- strong internal approvals,
- documentation for shortfalls or timing gaps,
- escalation and remediation procedures.
A sloppy segregated account setup creates false comfort. Regulators do not just want to see a bank account with the word “safeguarding” in its name. They want to see a credible control framework around it. The EBA guidance expressly asks for the number of persons with access, their functions, and the reconciliation and administration process, especially in an insolvency scenario.
2. Insurance or comparable guarantee
Some EMIs consider an insurance-backed safeguarding model or a comparable guarantee from an eligible third party. This may be relevant where account-based safeguarding is difficult, commercially inefficient, or structurally unsuitable for the firm’s model.
But this route is not a shortcut. The EBA expects the applicant to show that the policy or guarantee comes from an entity outside the applicant’s group, that coverage is sufficient at all times, that renewal and duration are addressed, and that reconciliation supports the adequacy of the protection.
In other words, the regulator still wants proof that the protection works dynamically, not just on paper.
What regulators really test
When founders hear “safeguarding,” they often think only about the legal basis. Supervisors look wider. They usually test five things at once.
Legal ring-fencing
The first question is whether the structure genuinely separates client funds from the EMI’s own estate. If the institution became insolvent tomorrow, would safeguarded money be identifiable and better protected from the claims of general creditors? The EBA guidelines put special emphasis on the administration and reconciliation process “against the claims of other creditors,” particularly in insolvency.
Reconciliation discipline
A firm may have a formally correct safeguarding model and still fail operationally if its reconciliations are weak. Regulators expect the EMI to know, without guesswork, how much customer money should be safeguarded, how much is actually safeguarded, and whether any gap exists.
This is where many EMI safeguarding requirements become operationally demanding. Delays in ledger updates, weak segregation logic, manual spreadsheets, poor exception handling, and unclear cut-off times can quickly turn a compliant-looking model into a supervisory problem.
Governance and access control
Who can move safeguarded money? Who approves transfers? Who checks reconciliations? Who escalates discrepancies? Who reviews the bank relationship? These are not minor process questions. They go directly to governance credibility.
The EBA guidance specifically asks applicants to identify who has access to the safeguarding account and to describe the internal governance and control mechanisms around the business.
Bankability of the model
A safeguarding structure depends on a real banking relationship. That means the EMI must be able to open and maintain suitable accounts, negotiate acceptable legal wording, and keep the bank comfortable with the institution’s AML, governance, and operational profile.
This is one reason safeguarding should be designed together with licensing, banking access, AML, finance, and operations. If those workstreams are separated too rigidly, the EMI often ends up with mismatched documents and a fragile execution model.
Ongoing supervisory readiness
Safeguarding is not solved once the licence is issued. The EMI must continue to operate the model, evidence it, and explain it to supervisors, auditors, counterparties, and sometimes investors. In the Czech Republic, the CNB handles licensing and supervision for these institutions, and applications for payment institutions and electronic money issuers are submitted electronically with supporting forms and methodological materials under the Payment System Act framework.
Common mistakes EMI founders make
A lot of safeguarding failures are not dramatic legal failures. They are design failures.
The first mistake is treating safeguarding as a document pack instead of a daily control system. A policy may look polished, but if treasury, ledger logic, reconciliation, and access controls are weak, the model will not survive real supervision.
The second mistake is confusing omnibus cash management with EMI client funds segregation. The fact that money is sitting in a bank account does not automatically mean it is safeguarded correctly.
The third mistake is ignoring insolvency logic. If the firm cannot clearly explain how safeguarded balances are identified and defended against third-party claims, the setup is not mature enough.
The fourth mistake is delaying bank engagement. A draft safeguarding model may look fine internally, but if the banking partner rejects the account structure, acknowledgement wording, or operational flows, the whole design may need rework.
The fifth mistake is separating compliance from finance and operations. Good safeguarding sits across legal, compliance, accounting, treasury, payments operations, and IT. It is cross-functional by nature.
Why safeguarding matters commercially, not just legally
Strong safeguarding supports more than compliance. It supports trust.
Serious partners want to know that the EMI is not improvising with customer funds. Banking partners want clean controls. Merchants and programme partners want resilience. Investors want fewer hidden operational risks. Supervisors want a model they can believe in. Safeguarding is one of the clearest places where legal quality, financial discipline, and operational maturity meet.
That is why well-designed safeguarding requirements for EMI companies can strengthen the whole licensing case. They show that the applicant understands what it means to hold customer value responsibly.
Czech Republic angle: what EMI applicants should keep in mind
For firms targeting the Czech Republic, safeguarding should be designed with CNB expectations in mind from the start. The CNB’s licensing pages make clear that EMI and payment institution activity sits within the payment-system legal framework, and applications are handled through formal electronic submission channels with supporting forms and guidance.
That means your safeguarding model should not be drafted as a generic EU memo. It should fit the actual application pack, governance structure, outsourcing logic, banking arrangement, and live operating flows of the applicant.
A Czech EMI application should usually show, at minimum:
- a clear safeguarding method,
- coherent contracts and bank-side structure,
- reconciliation logic tied to accounting and wallet or ledger flows,
- access and approval controls,
- documented insolvency logic,
- internal ownership between compliance, finance, and operations.
How AMS helps EMI clients with safeguarding
At AMS Europe, we do not treat safeguarding as a template exercise. We help founders and EMI owners build a structure that can survive licensing review, banking scrutiny, and post-authorisation supervision.
That usually means working across several layers at once: business model mapping, fund-flow analysis, safeguarding architecture, governance allocation, documentation, bank-facing support, AML alignment, and operational implementation. The goal is not to create a nice-looking policy. The goal is to create a safeguarding model that fits the licence perimeter and can be operated in real life.
For clients entering the Czech market, that also means aligning the work with the CNB process, the broader Payment System Act framework, and the practical demands of local and cross-border financial infrastructure.
Need a safeguarding review for your EMI project?
Final thoughts
The best way to understand safeguarding requirements for EMI companies is to stop thinking about them as a narrow legal obligation. They are really a test of whether the institution is built like a supervised payments business or just dressed like one.
A strong EMI can explain exactly what funds must be safeguarded, when safeguarding starts, where the money sits, who controls it, how reconciliations work, how insolvency risk is addressed, and how the model is evidenced to the regulator. That is the standard that matters.
If your EMI structure is still being designed, or if you are buying an existing entity and want to stress-test its controls, safeguarding should be reviewed early, not after filing.
FAQ
What funds must an EMI safeguard?
An EMI must safeguard all funds received from customers in exchange for issued electronic money. Where funds are received via a payment instrument, they must be safeguarded once credited or no later than five business days. This applies only to funds linked to customer obligations.
Are safeguarded EMI funds the same as bank deposits?
No, these funds are not considered bank deposits. They are not covered by deposit guarantee schemes. That is why a separate safeguarding mechanism is required.
Can insurance be used instead of a segregated account?
Yes, EU rules allow insurance or a comparable guarantee as an alternative. However, firms must prove sufficient coverage and reliability of the structure. In practice, this is not simpler than using a safeguarding account.
What do regulators review in a safeguarding setup?
Regulators assess more than just the existence of an account. They look at legal ring-fencing, reconciliation processes, and access controls. The model must also match the firm’s actual operations.
How often must reconciliation be performed?
Reconciliation is generally expected to be done daily. The EMI must always know how much should be safeguarded and how much actually is. Errors or delays are considered serious risks.
What happens to safeguarded funds if an EMI becomes insolvent?
Customer funds must be separated from the firm’s assets. This helps protect them from creditor claims. Ideally, they are returned to customers rather than included in insolvency proceedings.
Is it enough to keep customer funds in one bank account?
No, that alone is not sufficient. Funds must be legally and operationally segregated. Proper controls, reconciliation, and procedures are also required.
When should safeguarding be designed?
It should be designed early, before filing for a licence. The model must be integrated into business processes and banking setup. Late design often leads to rework.
