PSM&A: applying CASS best practice to SIPP operators

Article

By: Shermeen Kazmi, Paul Staples

QUICK SUMMARY

The FCA's proposed Pension Scheme Money and Assets (PSM&A) regime aims to improve protection through a bespoke regime that’s comparable to CASS. It applies to SIPP operators using unauthorised trustee companies and includes minimum standards for holding, recording and reconciling pension scheme money and assets. It’s supported by standardised due diligence requirements for all SIPP operators. 

The FCA has proposed a new Pension Scheme Money and Assets regime (PSM&A) for Self-Invested Personal Pensions (SIPPs) that use an unauthorised trustee structure. Shermeen Kazmi and Paul Staples explore the key features of the regime and how it differs from the Client Assets Regime (CASS).
Contents

The SIPPs market has seen significant growth over recent years, holding nearly a third of all assets across FCA-regulated defined contribution pension schemes in 2024. With further growth expected, in CP26/20 the FCA has proposed two key measures to improve consumer protection. The first, and most significant, is the Pension Scheme Money and Assets (PSM&A) regime for operators that use an unauthorised trust company to hold pension scheme money and assets. The second is the introduction of explicit due diligence requirements for SIPP operators, to improve standardisation and consistent interpretation of the rules. Combined, these measures aim to improve customer outcomes and support effective supervision. 

Many SIPP operators fall outside the remit of CASS

SIPP operators don’t hold pension scheme money or assets directly. They’re held by a trustee company on behalf of scheme members, and that company doesn’t have to be authorised by the FCA. Authorised trustees are subject to CASS rules, but this would typically only be firms that are also carrying out MiFID regulated activities. If the trustee scheme is unauthorised, then CASS rules don’t apply – and crucially, CASS doesn’t apply to the SIPP operator either. Instead, they follow broad requirements under SYSC 9.1.1 and principles 3 and 10 (covering orderly records and adequate systems and controls), and consumer duty obligations to prevent foreseeable harm and promote good outcomes.  

These are common and legitimate business structures, but they’ve led to inconsistent standards across the sector. Key concerns include poor record keeping, weak reconciliations and overreliance on manual controls, increasing the risk of human error. These factors present challenges for effective pension scheme administration and would make it difficult for a SIPP operator to exit the market safely. 

Article
CASS widens its net and raises the bar for everyone in scope
Read more
CASS widens its net and raises the bar for everyone in scope

What does PSM&A look like? 

Limited regulatory reach makes it tricky for the FCA to improve these practices or take enforcement action. As such, it has proposed PSM&A, which applies to any SIPP operator using an unauthorised trustee to hold or receive pension scheme money or assets. The operator remains responsible for protecting pension scheme money and assets, regardless of any trustee or third-party arrangements, and a named senior manager must hold operational oversight of the full regime and report to the board. Where CASS already applies, PSM&A doesn't duplicate it, though firms operating across both regimes will need to reflect specific differences in their systems and policies. 

Internal records 

Firms must keep their own internal records of pension scheme money and assets. As best practice, these records shouldn’t rely on external data sources, but the FCA will allow it if that’s the only data available. For pension scheme money, that’s predominantly to prevent SIPP operators from relying on transaction feeds from banks, and firms should keep their own cashbook. 

For pension assets records must be updated monthly (at least), and they need to track all holdings and the full list of transactions, including those carried out by third parties. 

Reconciliations 

The FCA expects SIPP operators to carry out reconciliations to ensure internal records are accurate and complete. Pension scheme money must be reconciled daily, using a standardised approach to calculate the total available to each member.  Under PSM&A, firms can’t apply CASS’s net negative add-back method as it doesn’t align to a typical SIPP’s operating model.  

For pension scheme assets, firms that keep both an aggregate asset record and individual member records must carry out monthly reconciliations (as a minimum) between the two. 

Discrepancies must be promptly investigated and addressed. Firms must notify the FCA if there are material shortfalls that will not be resolved within a reasonable timeframe, if records are materially out of date, or if a reconciliation cannot be performed. For pension scheme assets, firms must notify the FCA if internal records are materially out of date, inaccurate, or invalid, or if the firm has materially failed to conduct an external asset check. 

Third-party arrangements 

When working with third parties, SIPP operators must ensure they have appropriate arrangements to specify the information flows needed, including the frequency and format. The FCA isn’t putting direct obligations on third parties to provide the necessary data, but firms must take action to address any data shortfalls, including ending the contract if needed. 

Valuations 

To support reconciliations, firms don’t have to regularly value the pension scheme assets they hold. However, they must include a recent valuation in the record and update it if the value of the asset materially changes.  

Audit and reporting 

SIPP operators must commission an annual external audit, to be delivered to the governing body within four months of the year end. The report will confirm whether the firm maintained adequate systems and controls, and if they complied with PSM&A rules. Firms must notify the FCA of any materially adverse findings. 

The FCA is working with the Financial Reporting Council to establish whether a new reporting standard is needed or if an existing standard can apply.  

Similarly, the FCA is considering the best approach for regulatory reporting under PSM&A, to establish if a new return is needed and proportionate. 

Implementation 

Recognising the scale of the work ahead, the FCA has proposed a two-year implementation period. In that time, firms must establish the necessary systems, processes and procedures to support PSM&A and review third-party contracts, terminating any that prevent compliance. Firms must also stop onboarding new third parties that can’t support PSM&A requirements. 

Firms with significant existing third-party dependencies may qualify for an additional year to implement the changes. To qualify, firms must identify those dependencies and develop a remediation plan within the first two years, and use the third year to carry out their plans. 

Due diligence requirements 

The FCA also plans to introduce new due diligence rules, which cover two areas and are subject to a 12-month implementation period. 

Third-party due diligence 

When onboarding third parties, SIPP operators must verify identities, confirm legal and regulatory permissions, and check any criminal or disciplinary history. Firms also need to establish clear terms of business, with specific contractual requirements for third parties managing consumer investments within the scheme. 

Unregulated introducers and overseas third parties face additional checks, such as reviewing public information on the firm and its key individuals. 

Due diligence on SIPP investments 

To reduce the risk of scams or fraud while keeping the approach proportionate, SIPP operators must carry out core checks confirming an investment is not taxable property, that custody and title are sound, and that it can be reliably valued. 

Non-standard, speculative, or higher-risk assets require greater scrutiny, in line with the additional risks. These enhanced due diligence checks are non-prescriptive, but may include reviewing the protections available under the Financial Services Compensation Scheme or overseas equivalent, assessing whether the potential investment performance is realistic, or reviewing fee structures for any abnormalities. 

Article
Safeguarding 2.0: the FCA’s proposals for payment firms
Read more
Safeguarding 2.0: the FCA’s proposals for payment firms

Drawing on CASS to inform good practice 

The new due diligence rules and the PSM&A regime work together to create consistent standards across the SIPP market and boost consumer protection. While both regimes bring significant challenges, the PSM&A regime is likely to be the more operationally demanding of the two. It requires firms to build new systems, renegotiate third-party contracts, and establish independent record-keeping infrastructure that many currently lack. 

Firms that have already implemented CASS may find the task easier than those adopting PSM&A from scratch. While they’re two distinct regimes, the underlying thought process is much the same. Drawing on lessons learned from CASS, firms that treated it as a compliance exercise tended to struggle with implementation. Those that focused on the spirit of the regulation found the individual requirements to be more intuitive. 

To get started firms should consider: 

  • Map current record-keeping, reconciliation processes, and data sources against the PSM&A requirements to identify any gaps  
  • Review existing third-party contracts to identify whether they meet the proposed requirements and whether and contract changes will be needed  
  • Appoint a senior manager with oversight of the PSM&A regime and define responsibilities 
  • Assess existing due diligence processes and frameworks against the proposed Handbook rules 

The consultation closes on 24 August 2026, with final rules expected in H1 2027. For further information, contact Shermeen Kazmi or Paul Staples.

Frequently asked questions

PSM&A is a new set of rules proposed in the FCA's consultation paper CP26/20, published on 22 June 2026. Based on Principle 10 (Clients' assets) and set to sit in a new COBS 19B, it requires SIPP operators that use unauthorised trustees to securely hold, accurately record and regularly reconcile pension scheme money and assets. It aims to set a consistent minimum standard for a market holding around £567bn across 5.3 million consumers.

PSM&A isn’t an extension of CASS, it’s a proportionate regime that applies the same principles to bespoke SIPP structures. While some firms may be subject to both CASS and PSM&A they will not face duplicate requirements for the same money or assets.

The consultation closes on 24 August 2026, with final rules expected in H1 2027. The due diligence rules carry a 12-month implementation period, while PSM&A allows two years – with an additional year for firms that have significant existing third-party dependencies and a remediation plan in place.