Payment services and payment systems in 2026: trends, risks, and priorities

UK

National Payments Vision

HM Treasury published its National Payments Vision (NPV), outlining the government’s plans for bolstering the UK payments sector, at the end of 2024. The NPV responds to the findings of the independent Future of Payments Review 2023, chaired by Joe Garner (the Garner Review), and addresses key issues across the landscape. In the NPV, the government outlined its priorities for UK payments through a joint remit letter to the Financial Conduct Authority (FCA) and Payment Systems Regulator (PSR) and welcomed the regulators’ commitment to revise their existing memorandum of understanding on cooperation in relation to payments regulation. Another key objective is ensuring payments infrastructure is resilient.

In light of industry feedback during the Garner Review, the government also concluded that the New Payments Architecture programme (the project to upgrade the UK’s retail payments infrastructure) is not sufficiently agile. It has therefore established a Payments Vision Delivery Committee which, through work led by the Bank of England, the FCA and the PSR, is clarifying the upgrades required to the existing Faster Payments System and assessing longer-term requirements and the appropriate funding and governance arrangements needed to deliver this.

The government also provided direction on two priority areas: Open Banking and tackling fraud. The NPV seeks to clarify regulatory responsibilities for Open Banking, transitioning away from current arrangements to the FCA acting as the UK’s regulator in the future (see the item below on Open Banking and Open Finance for further information).

The NPV also reaffirms the government’s commitment to continue exploring a potential retail central bank digital currency, the “digital pound” (see the Fintech/Digital assets section for more information on the Digital pound). To further build the effectiveness of payments fraud regulation, the FCA will lead work to manage existing overlaps between itself and the PSR, and the PSR has committed to an independent post implementation review of the authorised push payment fraud reimbursement rules, after 12 months (see the item below on APP fraud).

Alongside the NPV, HM Treasury also published a letter it sent to the FCA and PSR setting out recommendations for the regulators in relation to payments regulation. HM Treasury’s priorities for the regulators included:

• enhancing coordination to address congestion in the regulatory landscape, including through the FCA’s commitment to lead work on enhancing the management of overlaps between the FCA and PSR’s exercise of their functions, including on fraud and Open Banking policy
• supporting the development of Open Banking (In this regard, the government welcomes the FCA’s commitment to fulfil the function of the UK’s regulator for Open Banking, while ensuring mechanisms to support cooperation with the PSR on matters related to designated payments systems.)
• ensuring high standards of consumer protection and that people and businesses can make payments efficiently and safely
• driving an agile approach to delivering the UK’s retail payments infrastructure needs, including through work of the Payments Vision Delivery Committee to examine and refresh the requirements for the UK’s retail payments infrastructure and the governance and funding arrangements required to deliver this.

Building on the government’s NPV, the Payments Vision Delivery Committee (PVDC) published its long-term strategy for the future UK retail payments infrastructure in November 2025. The PVDC, comprising HM Treasury, the Bank of England, the FCA and PSR, developed the strategy following the Mansion House 2025 announcement of a new model of public and private sector collaboration. With user needs at its core, the strategy focuses on five high-level strategic outcomes:

1. greater choice of innovative, cost-effective payment options that meet consumer and business needs
2. interoperability across a multi-money ecosystem, including new and existing forms of digital money
3. strong protections against fraud and financial crime
4. fair, transparent and non-discriminatory access for participants to drive competition and innovation
5. operational and financial resilience of the payments ecosystem.

Governance and delivery oversight will be led by the newly established Retail Payments Infrastructure Board (RPIB), alongside an industry-led Delivery Company responsible for implementing the design of the future retail payments infrastructure. Implementation is expected to span several years. The RPIB will consult on and develop a workplan to deliver on the strategy. A consultation on the set up and design of the new infrastructure is expected in Q1 2026.

The FCA also confirmed that the strategy will be followed by a “Payments Forward Plan”, which will be a sequenced plan of future payments initiatives across retail, wholesale and digital assets. The Payments Forward Plan was due to be published by the end of 2025, but this is also now likely to be in Q1 2026. Throughout 2026, work will continue on the high-level design of the future retail payments infrastructure.

Consolidation of PSR functions into FCA

In September 2025, HM Treasury published a consultation paper on its proposals to consolidate the functions of the PSR into the FCA. The move, announced in March 2025 as part of the government's broader Regulatory Action Plan and in line with the NPV priority to tackle regulatory congestion, aims to simplify the regulatory framework to help support growth, better manage burdens on businesses and minimise overlaps between regulators’ responsibilities.

Under the proposal, the FCA will assume the PSR’s responsibilities, including on promoting competition and innovation, and supporting consumer protection in payment systems. Transitional work is already underway, and the consultation set out the government’s proposed policy approach.

Key things to note include:

• HM Treasury intends to integrate the PSR’s functions into the FCA’s existing framework under the Financial Services and Markets Act 2000 (FSMA 2000), to the extent this is practicable. Where full integration is not feasible, the relevant functions are expected to be set out in a new part of FSMA 2000.
• Transferring the PSR’s functions to the FCA will not result in new categories of persons being brought in scope of payment systems regulation. Instead, the FCA’s payment systems regulatory regime would apply to the same categories of persons as the PSR’s regime in the Financial Services (Banking Reform) Act 2013 does today, namely payment system operators, infrastructure providers and payment service providers.
• The FCA will retain its current conduct and prudential regulatory roles, including its existing oversight of payment services and e-money legislation it has today. The government is not seeking to expand the FCA’s remit in relation to these functions, as a consequence of integrating the PSR into the FCA. This means that conduct and prudential regulations that currently exist under FSMA 2000, the Payment Services Regulations 2017 and the Electronic Money Regulations 2011 will not apply to any new category of person as a result of integrating the PSR into the FCA. However, it is possible that the FCA’s rulemaking powers for payment service providers would expand to address their participation in payment systems.
• HM Treasury does not intend to introduce new regulated activities in connection with payment systems regulation following the transfer of PSR functions to the FCA. Regulation will continue to be based on which payment systems HM Treasury designates.

The consultation specifically focused on core design decisions for this new regulatory setup, including: (i) the FCA’s role in relation to other public authorities; (ii) its future objectives and powers concerning payment systems; and (iii) other key structural features of the framework. Notably, the government has sought feedback only on these core design aspects, not on all issues related to the consolidation. Legislation is expected to follow when Parliamentary time allows.

The FCA and PSR welcomed the proposals, agreeing with the overarching approach to the consolidation. They provided a further update on their consolidation as part of a letter to HM Treasury in November 2025, which provided a progress update on their implementation of HM Treasury's November 2024 recommendations on payments regulation. The FCA and the PSR will continue working with HM Treasury to support the transition.

Safeguarding

The FCA adopted certain changes to the safeguarding regime for payment institutions and electronic money institutions. The FCA previously consulted in September 2024 on proposals to bring the safeguarding regime more closely in line with the FCA’s Client Assets Sourcebook (CASS), which many other financial institutions, such as brokers and custodians, must comply with when they hold client money and assets.

In its consultation, the FCA proposed to make changes to the safeguarding regime in two stages, the interim and end-state and consulted on rules and guidance for both stages of the proposed regime. The interim rules aimed to: (i) support a greater level of compliance with existing safeguarding requirements in the Electronic Money Regulations 2011 (EMRs) and Payment Services Regulations 2017 (PSRs), (ii) support more consistent record keeping, and (iii) enhance reporting and monitoring requirements to identify shortfalls in relevant funds and improve supervisory oversight.

The proposed end-state rules had aimed to replace the safeguarding requirements of the EMRs and PSRs with a regime where relevant funds and assets are held on trust for consumers.

In its subsequent final rules, the FCA uses the terms “Supplementary Regime” and “Post-Repeal Regime” to describe the two-stage approach to the changes (previously referred to as interim rules and end-state rules in its consultation). The FCA’s final rules relate to the Supplementary Regime and introduce three categories of changes, (i) improved books and records, (ii) enhanced monitoring and reporting, and (iii) strengthening elements of safeguarding practices.

Taking into account the feedback from its consultation, the FCA has also made the rules more proportionate and improved some implementation points. These changes include:

• amending the rules so that reconciliations are not required on weekends and bank holidays
• introducing a threshold of GBP100,000 for relevant funds under which payments firms will not be required to arrange a safeguarding audit
• removing the requirement for a limited assurance audit for payments firms holding no relevant funds.

The FCA has stated that it is not now proposing to implement the Post-Repeal Regime without further consideration and consultation. The FCA will review the implementation of the Post-Repeal Regime once a full audit period has been completed after the Supplementary Regime has come into force.

The changes to the rules can be found in the Payments and Electronic Money (Safeguarding) Instrument 2025, which will come into force on May 7, 2026. Payment and e-money institutions will need to be ready to comply with these new rules.

The Financial Reporting Council (FRC) is also developing a safeguarding assurance standard. The FRC started monthly working group meetings in September 2025, which will run until April 2026, with a view to developing proposals for consultation in H2 2026, and publication of the final assurance standard in H1 2027.

For further discussion on the safeguarding changes, please listen to our webinar “Ahead of the Curve: New UK safeguarding rules for payments and e-money firms”.

Risk-management and wind-down plans

In June 2025, the FCA published the findings of its multi-firm review into risk management and wind-down planning across firms with e-money and payments permissions. While the FCA observed examples of good practice in the structure of firms’ wind-down plans and risk management frameworks, it concluded that no firm fully met its expectations and in particular were not adhering to the FCA’s finalised guidance. Key areas identified as needing improvement were:

• Enterprise-wide risk management. Although operational staff were found to generally manage tasks appropriately, oversight was often limited. Risk appetites were unclear and misaligned with business activities. Several firms failed to identify all material risks, define risk appetite, or maintain adequate resources to support risk management.
• Liquidity risk management. The FCA found that firms demonstrated weaknesses in identifying and assessing the impact of stress events. Many relied on cash balances to mitigate liquidity risk without conducting appropriate analysis. The FCA encourages firms to quantify their liquid resources in line with their risk appetite and set appropriate liquidity triggers for wind-down.
• The consideration of group risk. The FCA emphasises the need for firms to identify all material sources of group risk and to tailor their risk management policies accordingly.

Looking ahead, the FCA expects all e-money and payments firms to assess their current practices against the review’s findings and the FCA’s guidance to identify where they need to invest in risk management and wind-down planning.

APP fraud

The UK’s authorised push payment (APP) fraud reimbursement scheme came into force on October 7, 2024. It requires in-scope payment service providers (PSPs) sending payments between UK accounts through either the Faster Payment System (FPS) or the Clearing House Automated Payment System (CHAPS) to reimburse their customers (consumers, micro-enterprises or small charities) if they are the victim of an APP scam, subject to certain exceptions such as the consumer standard of caution.

The sending PSP will have to refund the victim and the receiving PSP must reimburse 50% of the cost of a refund to the sending PSP. Sending PSPs will be allowed to apply an excess up to GBP100 to a claim under the policy, except for claims made by vulnerable consumers. In addition, the sending PSP is not obliged to reimburse above the maximum level of reimbursement, which the PSR has reduced to GBP85,000, for a single APP scam case or to reimburse any APP scam claim where the customer submits the claim more than 13 months after making the last payment in the case. If the PSP has evidence or reasonable grounds for suspicion of either first party fraud or gross negligence on the part of the claimant, it will also have more time to investigate and can delay the refund.

A “consumer standard of caution” applies such that a refund can be denied to a claimant who is grossly negligent in one of four specific circumstances. These are the requirement to have regard to interventions by the PSP, to make prompt notification to their PSP, to respond to reasonable requests for information from their PSP and to report (or permit their PSP to report) to the police. However, a vulnerable consumer cannot be denied a refund on the basis that they breached the consumer standard of caution.

All customers (including vulnerable customers) can be denied a refund in the case of first party fraud (i.e. where the customer is implicated in the fraud for which a refund is sought).

To implement the reimbursement requirement, the PSR published four legal instruments:

• Specific Requirement 1—imposed on Pay.UK to include the reimbursement requirement in the Faster Payments scheme rules
• Specific Direction 19—given to Pay.UK to create and implement an effective compliance monitoring regime
• Specific Direction 20—given to direct and indirect participants in Faster Payments, obliging them to comply with the reimbursement requirement and the reimbursement rules
• Specific Direction 21—given to direct and indirect CHAPS participants to reimburse APP scam payments and comply with the CHAPS rules

In addition, Pay.UK published amended FPS rules and its FPS Reimbursement Rules: Compliance Monitoring Regime. The Bank of England added the CHAPS reimbursement rules as an annex to the CHAPS Reference Manual.

In October 2025, the PSR published findings of the impact of its APP scam reimbursement requirement policy, one year after its implementation. Between October 2024 and June 2025, GBP112 million was reimbursed to victims, with 88% of claimed losses refunded, an increase from 66% for the same period in the previous year. Firms resolved 97% of claims within 35 days, and 84% within five business days. Claim volumes fell, indicating improved fraud prevention by firms. However, purchase fraud continues to be a significant issue, accounting for nearly 60% of APP scam cases. The survey also reveals that awareness of the reimbursement policy is low, with 71% of victims unaware of it.

The PSR has committed to publish a post-implementation review after 12 months of the APP fraud reimbursement policy being in force and we expect to see the results of this in Q3 2026. It will also review the maximum reimbursement level. The government has also confirmed that it will release an expanded fraud strategy.

Our guide to the UK’s APP fraud mandatory reimbursement scheme can be found here.

Romance fraud

The FCA published in October 2025 its findings from a multi-firm review assessing how PSPs (including banks and other businesses offering payment accounts) detect and respond to romance fraud, a growing financial crime where victims are deceived into sending money to fraudsters who engineer false romantic relationships or friendships. The review covered 60 cases across six firms and the conclusions highlight examples of good practice and areas for improvement.

While some firms are leading the way with proactive engagement and compassionate support reflecting best practice, these examples were not consistent across the industry and it is clear that staff play a critical role in interventions. The review also examined the effectiveness of firms’ systems and controls in detecting romance fraud, to avoid missed opportunities to detect suspicious activity, including transactions to overseas jurisdictions, multiple payments over a short period and sudden increases in the value of funds being sent.

The FCA encourages firms to consider financial distress and unusual borrowing as potential red flags, and to strengthen due diligence on both incoming and outgoing payments. While some firms showed strong customer care, others failed to escalate safeguarding concerns or identify vulnerabilities early enough to intervene. The FCA expects firms to improve staff awareness, support vulnerable customers and ensure communications meet consumer duty standards. The review found that some firms rely too heavily on passive messaging, such as website content, which may not be sufficient to engage customers at risk.

Looking ahead, the FCA expects firms to review their controls, enhance staff training and adopt a victim-centred approach to better tackle romance fraud and support those affected.

Contract termination

The Payment Services and Payment Accounts (Contract Termination) (Amendment) Regulations 2025 have been published. The aim of the regulations is to strengthen consumer protections when banks and payment service providers terminate payment service contracts. Under the new rules, payment service providers must now provide customers at least 90 days’ notice—an increase from the two months currently required—before closing a customer’s account or ending a payment service contract. They must also give a clear, specific written explanation for the termination, enabling customers to understand the decision and, if necessary, challenge it through the Financial Ombudsman Service.

The legislation enters into force on April 28, 2026, and will apply to contract terminations and bank account closures for contracts agreed from and including April 28, 2026.

Contactless limits

Ahead of the revocation of payments authentication regulations relating to strong customer authentication, the FCA proposed replacing fixed regulatory limits on contactless payments with a risk-based exemption that would allow PSPs to process contactless transactions without payer authentication where payment service providers assess the transactions as low risk. This gives greater flexibility to banks and other PSPs to set their own contactless limits in line with business models and compliance with regulatory obligations. The FCA finalised these changes in December 2025 and they come into force on 19 March 2026. Adoption by firms is optional but firms will need to communicate any contactless limit changes to consumers in line with the consumer duty.

Access to cash

The FCA has published an update on its forthcoming review of the access to cash regime. The regime, introduced under the Financial Services and Markets Act 2023, seeks to maintain responsible provision of cash access services to consumers and businesses. The FCA expects to begin its review in Q4 2026 and publish findings in Q2 2027.

While the exact scope and methodology will be determined closer to the time, the review will assess compliance, costs to firms and the regime’s effectiveness in preventing gaps in cash access. It will include quantitative analysis and evaluation of indicators such as consumer sentiment and cash coverage data, alongside stakeholder engagement.

Market review of card scheme and processing fees

The PSR is carrying out two market reviews into card fees—one on card scheme and processing fees and one on cross-border interchange fees.

The market review of card scheme and processing fees looks in detail at the levels, structure and types of scheme and processing fees. In April 2025, the PSR published its consultation on potential remedies to address findings following the PSR’s final report (published in March 2025) on its review of card schemes and processing fees.

The consultation seeks to address the findings of the review, namely that there were ineffective competitive restraints, fees have risen without sufficient evidence of the rationale, and there is insufficiently clear and detailed information provided in respect of costs and pricing. The proposals in the consultation paper relate to:

1. Information transparency and complexity remedies—to ensure that acquirers have sufficient information to understand the fees they are charged and enable merchants to make informed decisions about fees. The PSR is also seeking input on the reduction of the volume of fees being charged, and complexity.
2. Regulatory financial reporting—this would provide the PSR with more detailed and accurate information of the profits the card schemes earn from UK businesses so it can monitor their performance and assess whether any future regulatory action is needed.
3. Pricing governance—the proposals impose requirements on the schemes in respect of their pricing decisions, including three pricing principles that would need to be considered when making any changes.
4. Publication of scheme information—this remedy would require card schemes to publish (i) financial and performance-based metrics on UK businesses such as the number of transactions and approximate revenue from scheme and processing fees, and (ii) information about the schemes’ regulatory financial reporting and pricing governance.

The PSR has subsequently published a consultation paper, proposing specific draft directions to implement two of the potential remedies: (i) information, transparency and complexity remedies, and (ii) a pricing governance remedy. A draft direction for a third remedy on regulatory financial reporting will be consulted on separately in spring 2026. A final decision on remedies is expected by the end of June 2026. The PSR has confirmed that other previously proposed remedies will not proceed.

Market review of cross-border interchange fees

The PSR’s second market review focuses on consumer cross-border interchange fees between the UK and the European Economic Area (EEA). The PSR wants to understand the reason behind the increase in fees associated with some UK-EEA payments, as well as to engage with businesses to better understand how the increases are impacting them.

The PSR published a report setting out its interim conclusions on UK-EEA consumer cross-border interchange fees in December 2023. A year later, in December 2024, the PSR published its final report. The final report finds that due to a lack of competition, cross-border interchange fees have increased since 2021/2022 and are costing businesses GBP150–200m extra annually. The PSR did not identify any justifications for the increases and found that the potential detrimental consequences for services users were not considered.

Alongside the report, the PSR also launched a consultation on a potential price cap remedy on outbound interchange fees. The PSR proposed a two-stage intervention. Stage 1 would consist of an initial, time-limited cap, set for a transitional period while an appropriate methodology for determining the most appropriate level of the price cap is developed and implemented. For stage 2, during the stage 1 period, the PSR would undertake work to develop an appropriate and longer-lasting cap, which might be higher, lower or the same as the cap set during the stage 1 period.

The PSR published a consultation paper on a methodology for developing a price cap on multilateral interchange fees for UK-EEA customer not present outbound transactions in October 2025. The proposed approach uses the Merchant Indifference Test (MIT) as a starting point. The PSR will decide on an appropriate cap based on the results of the MIT and on evidence of the impact of interchange fees on issuers’ incentives and on competition between payment methods. The PSR will publish a statutory consultation setting out the proposed level of any cap before taking a final decision on whether to impose a price cap. The commencement of MIT survey work and other analysis is expected in spring 2026 and the PSR’s final decision on remedies is expected in H1 2027.

The PSR also referred to its December 2024 consultation on whether to have a two-stage process and impose a first-stage, interim price cap while developing the longer-term cap. It confirms it has decided not to proceed with a first stage cap.

Review of Real-Time Gross Settlement (RTGS) and CHAPS settlement hours  

Following the launch of the Bank of England’s Real-Time Gross Settlement (RTGS) service in April 2025, the Bank of England is considering extending the Clearing House Automated Payment System (CHAPS) settlement hours. In October 2024, the Bank of England issued a discussion paper outlining the case for longer hours. The Bank of England’s current ambition is to move to near 24x7 by the turn of the decade.

It intends to adopt a phased implementation approach and, in July 2025, launched a consultation paper on a proposal to start CHAPS settlement at 1:30am (currently 6:00am) to take effect from H2 2027. Additionally, it sought views on opening CHAPS on certain bank holidays and extending the evening contingency window from 8:00pm to 10:00pm. The Bank of England is now considering responses ahead of publishing a policy statement in early 2026. The Bank of England will also publish a separate consultation in early 2026 considering the approach to moving to near 24x7 settlement.

Looking ahead, as set out in the Bank of England’s 2024/25 annual report for the RTGS system and CHAPS, the Bank of England is shifting towards an “ongoing programme of change” focused on continuous improvement to further strategic deliverables.

This includes:

• A series of maintenance releases to address minor defects, enhance functionality and update the CHAPS ISO 20022 messaging format.
• Progressing the Future Roadmap for RTGS, which prioritises: i) extended settlement hours, with its first consultation published in July 2025, (ii) a synchronisation interface to enable interoperability with other ledgers and technologies (e.g. overseas RTGS systems and assets such as land registries), and to support new payment technologies like distributed ledger technology. A Synchronisation Lab will launch in 2026 to test messaging flows in a non-live environment, and (iii) new ways to connect to RTGS to enhance resilience and adaptability in response to emerging services and evolving threats.
• Maintaining the current CHAPS authorised push payment fraud reimbursement limit of GBP85,000, given that many payment service providers voluntarily reimburse above this threshold. The Bank of England will continue to monitor developments and engage with the PSR on this.
• Mandating the use of enhanced data in CHAPS payments, including structured purpose codes, Legal Entity Identifiers, and standardised address and remittance formats. The Bank of England has since published a policy statement confirming the expansion of mandatory ISO 20022 enhanced data requirements for CHAPS payments, following its 2024 consultation. While these requirements will apply from November 2027, the policy statement also addresses feedback on the inclusion of Legal Entity Identifiers within ISO 20022 payment messages. The Bank of England will provide an update on Legal Entity Identifiers and structured remittance expansions by May 2026.
• Introducing an annual change management process for changes to the ISO 20022 implementations for RTGS and CHAPS, aligned with international standards and timelines to maintain interoperability.

Open Banking and Open Finance

Open Banking is a focus area in the UK government’s National Payments Vision (NPV) (see the item on the National Payments Vision above), and looking ahead to 2026 and beyond, the government has clarified its regulatory responsibilities and priorities.

The 2017 Competition and Markets Authority (CMA) Order on Open Banking required the nine largest UK retail banks to make customer data available for use by authorised third-party providers, through a standard set of Application Programming Interface (API) standards. However, the government now believes that there is significant opportunity for Open Banking to grow beyond the scope of the CMA Order, following the successful implementation of the roadmap in September 2024. For Open Banking to scale and help deliver more competition and innovation in the market, the government believes that it needs to transition to a sustainable long-term regulatory framework. The government is committed to delivering this framework and intends to use smart data powers in the Data (Use and Access) Act 2025, to do so.

The Data (Use and Access) Act grants HM Treasury the powers necessary to lay secondary legislation to create smart data schemes for financial services. With this, the FCA will be able to establish the long-term regulatory framework for Open Banking and potentially extend it to future Open Finance schemes. A statutory instrument for Open Banking is expected to be laid in Q4 2026, with the FCA consulting on new rules for the long-term regulatory framework shortly after. The FCA’s Open Finance road map is due to be published before March 2026 to align with the NPV and the FCA’s five-year strategy.

The Joint Regulatory Oversight Committee (JROC) was a committee chaired by the FCA and PSR and also comprising HM Treasury and the CMA. It previously took responsibility for delivering a programme of work to promote the development of Open Banking in the UK. However, for Open Banking to further flourish and successfully deliver seamless account-to-account payments, the roles of the regulators needed to be clear.

JROC has now been wound down, and the government has asked the FCA to be the UK’s sole regulator for Open Banking as set out in the NPV. The government expects the FCA to engage as appropriate with the PSR, including in relation to the interaction of Open Banking overlay services with underlying payment rails which are designated as PSR regulated payment systems.

In August 2025, the FCA published a feedback statement on the design of the Future Entity for UK Open Banking, following the publication of proposals in April 2024. The feedback statement confirms that, subject to legislation, the Future Entity will become the primary UK standard-setting body for Open Banking APIs.

It will set and maintain common standards for minimum service and interoperability, monitor API performance and adherence to standards (without enforcement powers), provide directory and certification services and support development of standards to enable commercial schemes, while not owning or operating such schemes where market innovation incentives exist. The FCA is leading next steps and expects the Future Entity and commercial scheme operators to be regulated as “interface bodies” under the Data (Use and Access) Act 2025. The final design of the Future Entity is expected in Q1 2026.

Previously under the JROC, the PSR led work seeking to develop a commercial model for the phase 1 use cases for Variable Recurring Payments (VRPs). The FCA, as the new lead regulator for open banking, has continued to work in close collaboration with the PSR, jointly working towards the launch of commercial VRPs. VRPs are an open banking technology that allow users to securely authorise trusted third parties to manage recurring transactions.

In December 2025, the FCA and the PSR published a summary report on the development and rollout of commercial VRPs. The summary report highlights significant progress in 2025, with VRPs now accounting for 16% of Open Banking transactions, with much of the growth occurring through “sweeping VRPs”. The FCA has been working with industry to advance VRPs for broader commercial use, in line with the NPV to build a competitive UK Open Banking market and accelerate rollout to “phase 1” use cases.

This year, 31 firms came together to establish a new UK Payments Initiative (UKPI) to drive VRP adoption for “phase 1” use cases, including utilities, financial services, and government payments. Market momentum is growing, with additional players developing VRP schemes and transaction testing already in progress. In relation to UKPI, industry has agreed on a first-phase commercial model and the FCA expects the first live payments under the UKPI scheme will take place in Q1 2026. Over 2026, the FCA will continue to support industry in the rollout of VRPs.

As the FCA set out in its five-year strategy and in line with the expectations set through the NPV, in 2025 the FCA prioritised work on the development of seamless account-to-account payments, so people have more choice about how they pay. This aim is also supported by the strategy for future retail payments infrastructure published by the Payments Vision Delivery Committee (see the item on the National Payments Vision above). This work will continue in 2026.

Deferred payment credit (previously known as buy-now, pay-later)

Buy-now, pay-later, or as it is now called, deferred payment credit (DPC) is joining the ranks of regulated credit products. The Financial Services and Markets Act 2000 (Regulated Activities etc.) (Amendment) 2025 Order (the 2025 Order) was laid before Parliament in July 2025, bringing interest-free DPC agreements within the regulatory perimeter. This means certain providers of these products will require FCA authorisation or will be required to hold a temporary permission by July 15, 2026 in order to continue to provide such services.

The government laid the Financial Services and Markets Act 2000 (Regulated Activities etc.) (Amendment) (No. 2) Order 2025 (the Amendment Order) before Parliament in November 2025. The 2025 Order exempted most merchants from credit broking requirements when offering DPC but excluded domestic premises suppliers. The Amendment Order makes domestic premises suppliers exempt, in line with other merchants ahead of the DPC regime go-live date on July 15, 2026.

Separately, the FCA published a consultation paper in July 2025, setting out its proposed rules to regulating deferred payment credit products. A final policy statement is expected in early 2026. For further information, please see our blog post “The continuing journey towards buy-now, pay-later regulation”.

EU

EU payments package

On June 28, 2023, the European Commission published the texts of legislative proposals that it adopted concerning reforms to EU payment services. The first proposal is a Directive on payment services and electronic money services (PSD3) which will modernise and repeal the revised Payment Services Directive (PSD2) and the revised Electronic Money Directive (EMD2). The package will also establish a new Payment Services Regulation (PSR). PSD3 establishes the licensing and supervisory requirements for payment institutions.

The PSR lays down the conduct rules for payment service providers offering payment and electronic money services in the EU. The package of measures consists of:

1. merging the legal frameworks applicable to electronic money services and to payment services
2. strengthening measures to combat payment fraud, by enabling payment service providers to share fraud-related information between themselves, strengthening customer authentication rules, extending refund rights of consumers who fall victim to fraud and making a system for checking alignment of payees’ IBAN numbers with their account names mandatory for all credit transfers
3. allowing non-bank payment service providers access to all EU payment systems, with appropriate safeguards, and improving their access to bank accounts
4. improving the functioning of Open Banking, especially as regards the performance of data interfaces, removing obstacles to Open Banking services and ensuring consumer control over their data access permissions
5. further improving consumer information and rights. Please see our bulletin for further information.

The European Parliament adopted its negotiating position on the proposed PSD3 and the PSR in April 2024, with the Council of the EU subsequently adopting its negotiating mandate in June 2025. Proposed changes to the European Commission’s original legislative proposals include:

1. bringing electronic communications service providers, such as internet carriers and messaging platforms, within the scope of fraud prevention
2. requiring ATM transactions to show all fees due and exchange rates before a transaction takes place
3. introducing further provisions to enhance transparency on payment card scheme fees and rules
4. introducing safeguards to be put in place concerning new and innovative ways of making payments.

The Council of the EU’s agreement on the negotiating mandate paved the way for the start of trilogue negotiations, with a view to reaching political agreement on the legislation.

At the end of November 2025, the European Parliament and the Council of the EU announced a provisional political agreement on the EU payments package. While the final texts of the PSD3 and PSR are not yet available, press releases indicate that key areas still for discussion include fraud prevention, transparency requirements and open banking. Formal adoption by the European Parliament and Council of the EU is expected in H1 2026 and will follow finalisation of separate technical discussions on the texts. While exact implementation timelines are yet to be confirmed, the legislation is now expected to apply after a 21-month transition period.

EBA and ECB report on payment fraud

At the end of 2025, the European Banking Authority (EBA) and the European Central Bank (ECB) published their joint 2025 report examining payment fraud trends across the EU/EEA from H1 2022 to H2 2024. The report confirms that strong customer authentication (SCA), mandated under the revised Payment Services Directive since 2020, remains effective in reducing fraud, particularly for card payments.

However, overall fraud losses rose to EUR4.2 billion in 2024 (up from EUR3.5bn in 2023). Credit transfer fraud accounted for EUR2.2bn, while card payment fraud reached EUR1.3bn, with losses significantly higher for transactions outside the EEA where SCA is not required. The EBA and ECB stress the need for adaptive security measures and continued monitoring to address evolving fraud risks. It is likely that these findings will play a critical role in the final stages of EU negotiations on the EU payments package (see the item on the EU payments package above), where fraud prevention is a key priority. For more information, please see our blog post “Key takeaways from the EBA and ECB joint 2025 report on payment fraud”.

Instant payments

Regulation (EU) 2024/886 on instant credit transfers in euros (the Instant Payments Regulation) entered into force on April 8, 2024 and aims to improve the availability of instant payment options in euro to consumers and businesses in the EU and in EEA countries. The date on which the various obligations begin to apply depends on the type and location of the payment service provider (PSP). For example, PSPs in the Eurozone have shorter implementation deadlines than those outside, and non-bank PSPs, payment and e-money institutions, have more time to comply with the new obligations than banks and other PSPs.

The Instant Payments Regulation amends the SEPA Regulation to set out new rules on the execution of instant credit transfers as well as obligations for PSPs to provide a verification of payee service to payers (checking that the IBAN and the name of the payee match) in respect of all credit transfers (instant and non-instant). The Instant Payments Regulation also amends the rules on charges for cross-border payments and on the possibility for a PSP to levy additional charges when a user does not provide an IBAN and a Bank Identifier Code (where applicable) as set out in the Cross-Border Payments Regulation.

In addition, the Instant Payments Regulation amends the Settlement Finality Directive and revised Payment Services Directive (PSD2) to introduce rules on direct access to payment systems for non-bank PSPs and new requirements for these non-bank PSPs and payment systems in relation to offering the services of sending and receiving instant credit transfers. Amendments to the Settlement Finality Directive and PSD2 had to be transposed by EU member states in their national legislation and to have applied since April 9, 2025.

The first set of obligations under the Instant Payments Regulation applied on January 9, 2025. From this date, traditional banking PSPs located in the euro area are required to provide a payment service of receiving instant credit transfers, as well as charging the same or lower fees for instant payments as for regular transfers. They have also been required to provide a payment service of sending instant credit transfers in euro and provide the service of verification of payee since October 9, 2025.

Traditional banking PSPs located outside the Eurozone will be required to provide a payment service of receiving instant credit transfers in euro, as well as charging the same or lower fees for instant payments as for regular transfers, by January 9, 2027. Traditional bank PSPs located outside the Eurozone will be required to provide a payment service of sending instant credit transfers and the service of verification of payee where they are the payer’s PSP by July 9, 2027.

Non-bank PSPs from the Eurozone that already provide a service of receiving/sending credit transfers in euro will be obliged to offer a service of receiving/sending instant credit transfers in euro from April 9, 2027, and non-bank PSPs from outside the Eurozone that already provide a service of receiving/sending credit transfers in euro will be obliged to offer a service of receiving instant credit transfers in euro from April 9, 2027 and also to provide a service of sending instant credit transfers in euro from July 9, 2027. All PSPs, whether located inside or outside the Eurozone, are subject to an obligation to perform daily sanctions screening to verify whether any of their payment service users are subject to targeted financial restrictive measures in the context of the offering of the service of receiving/sending instant credit transfers in euro (this obligation began to apply from January 9, 2025).

For more information on the Instant Payments Regulation, please read our brochure here.

Open Finance

The European Commission’s proposed regulation on a framework for financial data access (FIDA) was published in June 2023, alongside the EU payments package (see the item on the EU payments package above). This proposal establishes a framework for responsible access to individual and business customer data across a range of financial services—Open Finance. The proposal aims to ensure that all consumers and firms have effective tools to control the use of their financial data and builds on the Open Banking regime established under the revised Payment Services Directive (PSD2). 

In December 2024, the European Parliament decided to open interinstitutional negotiations and that month also saw the Council of the EU reaching agreement on its mandate on FIDA. Trilogue negotiations among the European Parliament, the Council of the EU and the European Commission to reach agreement on the final text of FIDA are currently underway. The last interinstitutional negotiations on FIDA took place in mid-October 2025 with no new date set. Formal adoption is now expected in 2026 and the majority of provisions will apply 24 months after FIDA’s entry into force.

International

FATF standards on payment transparency

The Financial Action Task Force (FATF) has published revised standards updating its comprehensive framework on recommendations to strengthen global efforts in anti-money laundering, counter-terrorist financing and counter-proliferation financing. The FATF update includes amendments to Recommendation 16, which governs the transparency of wire transfers through the payment chain and is commonly referred to as the “Travel Rule”.

The revised recommendation aims to modernise FATF standards in response to the evolving payments landscape, which now includes a broader range of products and services, technologies and business models. The changes to the standards are described below.

• Clarification of responsibilities within the payment chain, specifying who is accountable for including and maintaining information in payment messages and ensuring it remains unchanged to support secure payments. Under the new standard, the payment chain begins with the financial institution that receives the customer's instruction.
• Implementing standardised requirements for peer-to-peer cross-border payments exceeding USD/EUR1,000, requiring the inclusion of the sender's name, address and date of birth to improve transparency and aid in detecting suspicious transactions.
• Requiring financial institutions to adopt new technologies that protect against fraud and error, such as tools to verify recipient banking information—many of which are already in use in some jurisdictions.
• Clarifying the scope of “purchase of goods and services” on card transactions while maintaining the exemption of such transactions from the full requirements of Recommendation 16.

The changes will take effect by the end of 2030, with the FATF committed to issuing guidance and maintaining active engagement with the private sector to support the industry preparing for them.