Safeguarding Bank for a PSD2 Payment Institution: Four Criteria That Differ from EMI Safeguarding (2026)

The literature on safeguarding bank selection is overwhelmingly written for EMIs. The five-criteria framework, the three-bank resilience standard, the diligence packs that founders circulate — almost all of it grew up around EMD2 Article 7 safeguarding economics, where customer e-money balances are persistent, the float is large, and the safeguarding bank's primary job is balance protection over months and years. PSD2 Payment Institutions — the firms holding PI authorisations rather than EMI licences — sit in a structurally different place. They typically settle faster, hold smaller average balances per customer, and live under a narrower segregation methodology under PSD2 Article 10(1)(a). The safeguarding bank that works for an EMI may not be the right bank for a PI.

This article is the PI-specific companion to the five-criteria safeguarding-bank framework already published on this site. We focus on the PI safeguarding gap — four criteria that PI Heads of Compliance and treasury teams should evaluate, on top of the universal five, when selecting or auditing a safeguarding bank. The four criteria are derived from how PIs actually consume safeguarding services in 2026: intra-day rather than end-of-day matters more, segregation methodology is methodologically narrower, supervisory weight on counterparty risk has tightened post-CSSF Circular 26/906, and capital allocation needs to be velocity-aware on the bank side.

The audience is PI founders, Heads of Compliance, and treasury leads who are either selecting their first safeguarding bank or auditing an inherited relationship. The structural differences from EMI safeguarding are not academic — they show up in the first inspection cycle, in pricing, and in how the safeguarding bank rates the PI's counterparty file. Build the PI-specific criteria into the diligence pack from day one and the relationship is durable; bolt them on after the fact and the safeguarding bank tends to re-price or exit.

A PSD2 PI provides one or more of the regulated payment services listed in Annex I to PSD2¹^[1] — money remittance, payment initiation, account information, execution of credit transfers, and so on. The defining economic feature is that the PI is executing payments, not issuing electronic money. The float exists, but it is transient: funds arrive, sit briefly, and leave. The settlement window between receipt and onward execution is narrow.

An EMI under EMD2²^[2] issues e-money against fiat received from customers. The customer balance can persist indefinitely. Average customer e-money balances at scale-up EMIs commonly sit in the €500–€5,000 range and the aggregate float across millions of accounts becomes the dominant prudential exposure. The safeguarding bank's job is to protect that float over time.

For a PI executing money-remittance and payment-initiation flows, the same notional volume passes through but the average dwell time of any individual euro inside the safeguarding account may be measured in hours, not months. The risk profile is dominated by intra-day exposure, reconciliation accuracy, settlement-window timing, and the safeguarding bank's ability to reflect inflows and outflows in real time. The bank that excels at protecting a persistent EMI float may be poorly equipped to handle a fast-velocity PI flow — and vice versa.

This is the PI safeguarding gap. The five universal safeguarding-bank criteria still apply — credit quality, segregation methodology, operational resilience, regulatory standing, and bankability of the relationship. Layered on top, four PI-specific criteria address what the universal five do not capture.

PSD2 Article 10 gives PIs two safeguarding options. Article 10(1)(a) — the dominant option in practice — requires the PI to segregate customer funds by depositing them in a separate account at a credit institution, or by investing them in low-risk, liquid assets. Article 10(1)(b) is the insurance/guarantee alternative, used by a minority. The Article 10(1)(a) safeguarding-bank route is what this article is about.

Crucially, Article 10(1)(a) is methodologically narrower than EMD2 Article 7. The PSD2 text speaks specifically to funds received from payment-service users for the execution of payment transactions — i.e. funds that exist because a payment is in flight. EMD2 Article 7, by contrast, covers funds received in exchange for electronic money and applies to the entire e-money issuance balance. The PSD2 perimeter is event-driven; the EMD2 perimeter is balance-driven.

Two practical consequences flow from this:

• The PI must demonstrate event-level traceability — every euro in the safeguarding account is tied to an identifiable in-flight payment transaction. Reconciliation must be frequent and granular; end-of-day accounting is rarely sufficient at scale.

• The boundary between safeguarded funds and working capital is sharper. A PI cannot "park" customer funds in the safeguarding account beyond what Article 10(1)(a) actually covers; comingling exposure is a structural risk if internal allocation logic is wrong.

The safeguarding bank, in turn, has to support that traceability — through its account architecture, reporting cadence, and the granularity at which it reflects the PI's segregation logic on its core ledger.

The four criteria below are evaluated in addition to the universal five (credit quality, segregation methodology, operational resilience, regulatory standing, bankability of the relationship). They are PI-specific because they address aspects of safeguarding that EMI architecture, by virtue of its persistent-float profile, largely does not surface.

The PI safeguarding account turns over its balance several times per business day. Each in-flight payment touches the account: customer funds in, onward settlement out, sometimes through a different rail than they came in on. End-of-day reconciliation — the EMI default — leaves multi-hour blind spots during which the PI cannot prove its safeguarded balance equals the in-flight transaction set.

The right safeguarding bank for a PI offers, at minimum, hourly intra-day position reporting, an API or message bus the PI can consume in real time, and explicit support for timestamped credit/debit reflection that lines up with the PI's own settlement engine. A bank whose core can only push end-of-day MT940 statements is structurally poor for PI safeguarding, however otherwise well-rated. This is a discriminator most EMI safeguarding RFPs never ask about.

PIs frequently operate across multiple settlement windows: SEPA Instant (10 seconds, 24/7), SEPA SCT (next business day), TARGET2 (intraday, business-hours), SWIFT (T+1/T+2), card scheme settlement (T+1 typical). Each rail produces its own settlement-window mismatch with the customer-facing payment promise.

A safeguarding bank that supports the PI properly offers sub-account or virtual-IBAN architecture that lets the PI segregate funds by settlement-window cohort, not just by aggregate balance. The bank-side architecture should let the PI prove, at any given moment, that funds awaiting SEPA Instant settlement are distinct from funds awaiting T+1 SEPA SCT settlement, and that neither is comingled with the operating account. EMI safeguarding architectures rarely need this granularity; PI safeguarding architectures depend on it.

Supervisory weight on safeguarding-bank counterparty risk has tightened materially in 2026. CSSF³^[3] Circular 26/906 (January 2026) raised the bar — covered in detail in our companion article on the Circular's full PI/EMI governance impact. The headline change for safeguarding-bank selection is that PIs are now expected to evidence an explicit counterparty-risk methodology for each safeguarding-bank relationship, with periodic refresh, and to demonstrate diversification or articulate why diversification is not yet operationally feasible.

Other EU NCAs — including the Bank of Lithuania, Central Bank of Ireland, BaFin, De Nederlandsche Bank, and MFSA — have signalled in 2025–2026 inspection priorities that the CSSF posture is broadly representative of the supervisory direction of travel. The PI safeguarding-bank file should anticipate this. Practically, that means the PI documents:

• Standalone credit assessment of the safeguarding bank, not just reliance on its public rating

• Concentration metrics — % of safeguarded funds at any single counterparty, with a trigger threshold beyond which a second safeguarding bank is mobilised

• Wind-down playbook — what happens to in-flight payments if the safeguarding bank fails or exits

• Periodic refresh cadence — typically annual, with event triggers (rating action, news event, supervisory communication)

The Three-Bank Resilience Standard already published on this site is the operational answer to the diversification expectation; the PI-specific point is that the documentation bar around why a particular safeguarding bank was chosen has risen sharply for PIs in the post-Circular 26/906 environment.

Banks model their wholesale relationships in part on liquidity profile. A PI safeguarding account that turns over many times per day is liquidity-intensive on the bank's side: the bank cannot easily count the PI's deposits as stable funding. This affects the bank's internal capital allocation, transfer-pricing of the relationship, and ultimately the price the PI pays.

A safeguarding bank that is velocity-aware — that has thought through how PI flows fit its balance sheet — prices and provisions the relationship sensibly. A safeguarding bank that treats the PI relationship like a corporate deposit relationship typically over-prices the volatility, periodically re-prices upward when liquidity ratios bite, and is structurally more likely to exit the relationship in a stress event. The diligence question — "how does your bank model the LCR/NSFR treatment of safeguarded PI deposits?" — separates banks that have built a PI franchise from banks that are accepting a PI account opportunistically.

Banks underwriting a PI safeguarding relationship apply a different counterparty-risk template than they apply to an EMI. Drawing on the EBA⁴^[4] outsourcing guidelines and 2025–2026 supervisory communications, the typical bank-side scorecard for a PI weights:

• Settlement engine reliability — failure rate, retry logic, exception handling — far more heavily than for an EMI

• AML/sanctions screening at the per-transaction level rather than per-account level

• Float volatility — how variable the safeguarded balance is across the day and across the month

• Concentration of the PI's customer base — corridor concentration, country concentration, and any dependence on a single corridor for the bulk of payment volume

For an EMI, the equivalent scorecard weights persistent-float prudence: who holds the e-money, what the customer-base composition is, how the float drifts through quarters. The PI is scored on flow integrity; the EMI is scored on balance integrity. Two different exam questions, two different relationships, often two different sets of suitable banks.

PSD3 and the accompanying PSR (Payment Services Regulation) are expected to harden several of the PI safeguarding requirements. The two changes most relevant to safeguarding-bank selection are:

1. 1

   Mandatory diversification — customer funds spread across at least two credit institutions above a threshold. The Three-Bank Resilience Standard becomes structurally mandatory rather than best-practice

2. 2

   Stricter reconciliation cadence — daily reconciliation with explicit intra-day refresh expectations is expected to be codified, formalising what supervisors are already inspecting against

PIs selecting a safeguarding bank in 2026 should anticipate both. A bank that cannot offer multi-bank coordination workflows or sub-daily reconciliation is a bank that will not survive the PSD3 transition as a PI safeguarding partner. Build the criteria into the 2026 RFP and the 2027–2028 transition is mechanical rather than disruptive.

Additional. The universal five — credit quality, segregation methodology, operational resilience, regulatory standing, bankability — apply to any safeguarding-bank relationship, EMI or PI. The four PI-specific criteria address aspects of the PI flow profile that the universal five do not surface. A PI applies all nine; an EMI applies the universal five.

Formally yes — the Circular is a CSSF instrument addressed to Luxembourg-supervised PIs and EMIs. Practically, however, supervisory communications from the Bank of Lithuania, the Central Bank of Ireland, BaFin, DNB, and MFSA in 2025–2026 reflect the same direction of travel on counterparty risk and concentration. PIs in any EEA jurisdiction should treat 26/906 as a reasonable proxy for what their own NCA will inspect against in 2026 and 2027.

In principle yes; in practice rarely. The insurance/guarantee market for PSD2 safeguarding is thin, the premium is volatile, and most NCAs prefer the segregation-account route on supervisory grounds. The Article 10(1)(b) route is occasionally used as a transitional measure or for tightly-bounded niche use cases; for a scaling PI the 10(1)(a) safeguarding-bank route is typically the only durable answer.

Annually as a baseline, with event triggers in between. Event triggers include: rating action on the safeguarding bank, supervisory communications affecting the bank's standing, material change in the PI's flow profile (new corridor, new product line, change in customer-base composition), and any communication from the safeguarding bank suggesting capacity or pricing change. The annual re-test should produce a refreshed counterparty memo for the file.

PSD2 Article 10(1)(a) requires the safeguarded funds to be held in a separate account at a credit institution; it does not preclude the same bank from holding the operating account. In practice, splitting the operating bank from the safeguarding bank is preferable: it limits concentration, gives the PI a fallback, and aligns with the Three-Bank Resilience Standard. The CSSF and other NCAs increasingly expect to see the split documented.

• Safeguarding Bank — Five Criteria — the universal framework that this PI-specific article extends.

• EMI Safeguarding Architecture — the EMD2 Article 7 counterpart for EMI safeguarding selection.

• Payment Institution Licence in the EU — the licensing context within which PI safeguarding sits.

• The Three-Bank Resilience Standard — the diversification pattern that PSD3 is expected to formalise.

• Banking Access for Regulated Fintechs — our service: PI safeguarding-bank introductions, diligence file build, supervisor-readiness.

PI safeguarding is not a smaller version of EMI safeguarding. It is a structurally different counterparty problem with intra-day rather than persistent exposure, narrower segregation methodology under Article 10(1)(a), tighter post-CSSF Circular 26/906 supervisory expectations on counterparty risk, and a velocity profile that demands a velocity-aware safeguarding bank. PIs that select on the universal five only are inheriting blind spots that the first inspection cycle — or the first PSD3 transition step — will surface. Build the four PI-specific criteria into the safeguarding-bank file from day one, and the relationship is durable through both inspection and the PSD3 transition.