Automating regulatory reporting to support Basel 3.1
ArticleDiscover how UK banks can use straight through processing to lift Basel 3.1 regulatory reporting quality, strengthen internal controls and reduce resubmission risk.
By: Shermeen Kazmi, Paul Staples
14 Jul 2026 9 min read

The FCA's proposed Pension Scheme Money and Assets (PSM&A) regime aims to improve protection through a bespoke regime that’s comparable to CASS. It applies to SIPP operators using unauthorised trustee companies and includes minimum standards for holding, recording and reconciling pension scheme money and assets. It’s supported by standardised due diligence requirements for all SIPP operators.
The SIPPs market has seen significant growth over recent years, holding nearly a third of all assets across FCA-regulated defined contribution pension schemes in 2024. With further growth expected, in CP26/20 the FCA has proposed two key measures to improve consumer protection. The first, and most significant, is the Pension Scheme Money and Assets (PSM&A) regime for operators that use an unauthorised trust company to hold pension scheme money and assets. The second is the introduction of explicit due diligence requirements for SIPP operators, to improve standardisation and consistent interpretation of the rules. Combined, these measures aim to improve customer outcomes and support effective supervision.
SIPP operators don’t hold pension scheme money or assets directly. They’re held by a trustee company on behalf of scheme members, and that company doesn’t have to be authorised by the FCA. Authorised trustees are subject to CASS rules, but this would typically only be firms that are also carrying out MiFID regulated activities. If the trustee scheme is unauthorised, then CASS rules don’t apply – and crucially, CASS doesn’t apply to the SIPP operator either. Instead, they follow broad requirements under SYSC 9.1.1 and principles 3 and 10 (covering orderly records and adequate systems and controls), and consumer duty obligations to prevent foreseeable harm and promote good outcomes.
These are common and legitimate business structures, but they’ve led to inconsistent standards across the sector. Key concerns include poor record keeping, weak reconciliations and overreliance on manual controls, increasing the risk of human error. These factors present challenges for effective pension scheme administration and would make it difficult for a SIPP operator to exit the market safely.
Limited regulatory reach makes it tricky for the FCA to improve these practices or take enforcement action. As such, it has proposed PSM&A, which applies to any SIPP operator using an unauthorised trustee to hold or receive pension scheme money or assets. The operator remains responsible for protecting pension scheme money and assets, regardless of any trustee or third-party arrangements, and a named senior manager must hold operational oversight of the full regime and report to the board. Where CASS already applies, PSM&A doesn't duplicate it, though firms operating across both regimes will need to reflect specific differences in their systems and policies.
Firms must keep their own internal records of pension scheme money and assets. As best practice, these records shouldn’t rely on external data sources, but the FCA will allow it if that’s the only data available. For pension scheme money, that’s predominantly to prevent SIPP operators from relying on transaction feeds from banks, and firms should keep their own cashbook.
For pension assets records must be updated monthly (at least), and they need to track all holdings and the full list of transactions, including those carried out by third parties.
The FCA expects SIPP operators to carry out reconciliations to ensure internal records are accurate and complete. Pension scheme money must be reconciled daily, using a standardised approach to calculate the total available to each member. Under PSM&A, firms can’t apply CASS’s net negative add-back method as it doesn’t align to a typical SIPP’s operating model.
For pension scheme assets, firms that keep both an aggregate asset record and individual member records must carry out monthly reconciliations (as a minimum) between the two.
Discrepancies must be promptly investigated and addressed. Firms must notify the FCA if there are material shortfalls that will not be resolved within a reasonable timeframe, if records are materially out of date, or if a reconciliation cannot be performed. For pension scheme assets, firms must notify the FCA if internal records are materially out of date, inaccurate, or invalid, or if the firm has materially failed to conduct an external asset check.
When working with third parties, SIPP operators must ensure they have appropriate arrangements to specify the information flows needed, including the frequency and format. The FCA isn’t putting direct obligations on third parties to provide the necessary data, but firms must take action to address any data shortfalls, including ending the contract if needed.
To support reconciliations, firms don’t have to regularly value the pension scheme assets they hold. However, they must include a recent valuation in the record and update it if the value of the asset materially changes.
SIPP operators must commission an annual external audit, to be delivered to the governing body within four months of the year end. The report will confirm whether the firm maintained adequate systems and controls, and if they complied with PSM&A rules. Firms must notify the FCA of any materially adverse findings.
The FCA is working with the Financial Reporting Council to establish whether a new reporting standard is needed or if an existing standard can apply.
Similarly, the FCA is considering the best approach for regulatory reporting under PSM&A, to establish if a new return is needed and proportionate.
Recognising the scale of the work ahead, the FCA has proposed a two-year implementation period. In that time, firms must establish the necessary systems, processes and procedures to support PSM&A and review third-party contracts, terminating any that prevent compliance. Firms must also stop onboarding new third parties that can’t support PSM&A requirements.
Firms with significant existing third-party dependencies may qualify for an additional year to implement the changes. To qualify, firms must identify those dependencies and develop a remediation plan within the first two years, and use the third year to carry out their plans.
The FCA also plans to introduce new due diligence rules, which cover two areas and are subject to a 12-month implementation period.
When onboarding third parties, SIPP operators must verify identities, confirm legal and regulatory permissions, and check any criminal or disciplinary history. Firms also need to establish clear terms of business, with specific contractual requirements for third parties managing consumer investments within the scheme.
Unregulated introducers and overseas third parties face additional checks, such as reviewing public information on the firm and its key individuals.
To reduce the risk of scams or fraud while keeping the approach proportionate, SIPP operators must carry out core checks confirming an investment is not taxable property, that custody and title are sound, and that it can be reliably valued.
Non-standard, speculative, or higher-risk assets require greater scrutiny, in line with the additional risks. These enhanced due diligence checks are non-prescriptive, but may include reviewing the protections available under the Financial Services Compensation Scheme or overseas equivalent, assessing whether the potential investment performance is realistic, or reviewing fee structures for any abnormalities.
The new due diligence rules and the PSM&A regime work together to create consistent standards across the SIPP market and boost consumer protection. While both regimes bring significant challenges, the PSM&A regime is likely to be the more operationally demanding of the two. It requires firms to build new systems, renegotiate third-party contracts, and establish independent record-keeping infrastructure that many currently lack.
Firms that have already implemented CASS may find the task easier than those adopting PSM&A from scratch. While they’re two distinct regimes, the underlying thought process is much the same. Drawing on lessons learned from CASS, firms that treated it as a compliance exercise tended to struggle with implementation. Those that focused on the spirit of the regulation found the individual requirements to be more intuitive.
To get started firms should consider:
The consultation closes on 24 August 2026, with final rules expected in H1 2027. For further information, contact Shermeen Kazmi or Paul Staples.
PSM&A is a new set of rules proposed in the FCA's consultation paper CP26/20, published on 22 June 2026. Based on Principle 10 (Clients' assets) and set to sit in a new COBS 19B, it requires SIPP operators that use unauthorised trustees to securely hold, accurately record and regularly reconcile pension scheme money and assets. It aims to set a consistent minimum standard for a market holding around £567bn across 5.3 million consumers.
PSM&A isn’t an extension of CASS, it’s a proportionate regime that applies the same principles to bespoke SIPP structures. While some firms may be subject to both CASS and PSM&A they will not face duplicate requirements for the same money or assets.
The consultation closes on 24 August 2026, with final rules expected in H1 2027. The due diligence rules carry a 12-month implementation period, while PSM&A allows two years – with an additional year for firms that have significant existing third-party dependencies and a remediation plan in place.
Discover how UK banks can use straight through processing to lift Basel 3.1 regulatory reporting quality, strengthen internal controls and reduce resubmission risk.
Stay informed on the latest developments across the UK consumer credit market with our fourth annual report.
Stay up to date with our latest round up of financial regulation.