Payments View - February 2026

Welcome back to Payments View. Hot off the press this month, HM Treasury together with the Bank of England, the FCA and the Payment Systems Regulator, has published the Payments Forward Plan – a coordinated three-year regulatory roadmap for the UK payments sector with an overview below. Beyond this, our edition of Payments View includes updates on:

• Buy-Now-Pay-Later regulation
• £3.8 million Confirmation of Payee fine for Bank of Ireland UK
• MiCA/PSD2 update
• Three key AMLA consultations

Before we dive into this edition a quick word on something that has come up in conversations with a number of clients. You may be aware of the CBI's Dear CEO letter sent to firms in December last year, following the EU Commission Q&A on the definition of e-money. This letter has not been published and was only sent to existing Irish EMIs, so we wanted to flag it here for those who may not have seen it.

The CBI draws firms' attention to the potential impact of the Q&A on their business models – particularly regarding the classification of certain activities as e-money issuance versus payment services and asks firms to consider any implications for their operations (including regulatory requirements and customer arrangements). They have indicated that there will be follow-up this year to discuss next steps but we’ve heard there are rumblings of discontent from other NCAs that the CBI have asked for industry input so watch this space.

As always, don’t hesitate to reach out to us if you would like to discuss any of the developments in this edition.

HMT, BoE, FCA, PSR and VEG’s NPV’s PFP (that’s a lot of TLAs)

(That’s the relevant regulators and Vision Engagement Group’s National Payment Visions’ Payments Forward Plan for those not up to speed with their three letter acronyms).

The Payments Forward Plan builds on the strategic direction established by the National Payments Vision to provide a view of upcoming payments-related initiatives for 2026+. Going forwards, the Payments Vision Delivery Committee has also agreed to an enhanced focus on payments updates in the Regulatory Initiatives Grid in its first 2027 publication – making an already riveting document even more exciting.

This is a significant publication for the sector and one that firms will want to review carefully. As there is a lot of (very welcome) detail here, we’ve set out an initial overview of the main points:

1. Modernising the regulatory framework - The Plan confirms HMT's consultation response on consolidating the PSR into the FCA with be out this quarter, with legislation to be brought forward when Parliamentary time allows. Additionally, HMT and the FCA are planning engagement from Q2 on the review of assimilated payment services law, including the Payment Services Regulations and E-Money Regulations with this exercise also covering the approach to Open Banking, stablecoin payments, updates to Strong Customer Authentication, and how regulation can better support financial inclusion and the use of emerging technologies such as agentic AI.

2. Retail payments infrastructure - Delivery of the “next-generation retail payments infrastructure” is being progressed through the Retail Payments Infrastructure Board, with a consultation on next steps planned for Spring 2026. The Plan also confirms short-term enhancements to the current Faster Payment System and Bacs Payment System by end of this year, focusing on resilience and innovation in account-to-account payments.

3. Stablecoin regulation - As readers of our sister publication Crypto View will already be aware, this year is going to be a busy one for stablecoins. The Bank's final rules on systemic stablecoins are expected by end of 2026 and the FCA's consultation on cross-cutting conduct standards closes shortly on 12 March 2026, followed by a Policy Statement on stablecoin issuance rules expected in Q2 / Q3 2026. The FCA has also launched a special cohort within the Regulatory Sandbox for stablecoin issuers, with the gateway for cryptoasset firms to apply for authorisation opening in Q3 2026 and the full regime going live in October 2027.

4. Open banking - The Plan provides an update on Variable Recurring Payments with Q3 2026 seeing an FCA consultation on the Open Banking Long-Term Regulatory Framework interface rules, with a Policy Statement following in Q1 2027. Industry is also expected to select an organisation by April 2026 to establish a body capable of becoming the Future Entity for Open Banking.

5. Digital pound - The current design phase of the Digital Pound workplan will run throughout 2026 (so watch this space). HMT and the Bank of England expect to publish a blueprint explaining the proposition for a digital pound and a decision on its future, informed by an assessment of the blueprint and the case for a retail Central Bank Digital Currency.

6. Wholesale payments innovation - Later this quarter, the Bank of England is expected to publish a decision and policy statement on an early morning extension to RTGS and CHAPS settlement hours, as well as a consultation on the potential for near 24x7 settlement. The Bank's RTGS Synchronisation Lab is also planned for launch in Spring 2026, providing a non-live environment for prospective synchronisation operators.

7. APP fraud and protecting users - As covered in previous editions of Payments View, the independent evaluation of the APP scams reimbursement requirement and fraud performance reporting will have its findings published in Q3 2026 (a new date for the diaries however is the June 2026 webinar with stakeholders on the review’s final report and findings). Industry and operator decision on the approach to delivering a (long overdue) claims management system is expected in H1 2026, with the BPS claims management system to be wound down by Q3 2027.

8. Card fees market reviews - The PSR's work on scheme and processing fees continues, with a final decision on Information Transparency and Complexity, and Pricing Governance remedies expected in Q2 2026. A decision on next steps following the cross-border interchange fees market review is expected in Q4 2026.

9. Safeguarding and NBPSPs - The Bank of England is considering offering overnight safeguarding facilities to FCA-authorised Non-Bank Payment Service Providers that hold an RTGS settlement account in H1 2026. The FCA's Supplementary Regime for safeguarding comes into force in May 2026, with continued engagement from the regulator to help firms prepare.

10. Consumer duty and payments 'market focus' - The FCA is planning multi-firm work in 2026 on payments firms' treatment of consumers in vulnerable circumstances, with a publication on good and poor practice expected in Q1 2027. In addition, the FCA's Payments 'Market Focus' Report for the non-bank payments sector is expected in March 2026, with the aim of clarifying FCA expectations and raising standards in the sector.

11. FOS reform - Later this quarter HMT will also publish a consultation response on reforming the Financial Ombudsman Service with the stated aim of "returning the FOS to its original role as a simple, impartial dispute resolution service" - punchy.

12. International and cross-border payments - The Plan includes an OECD report on enhancing transparency in retail cross-border payments and remittances expected in Q3 2026, as well as FATF guidance on changes to Recommendation 16 (on payment transparency) in Q4 2026.

13. Consumer Credit Act reform - Where we’re expecting an update from HMT in Spring as part of the delivery of “a more agile and proportionate regulatory regime”.

While every day as a regulatory lawyer is obviously exhilarating, this is quite an exciting update and sets out a number of quite key developments over the remainder of this year. As always, do let us know if it would be useful to discuss any of these developments.

Buy-Now-Pay-Later, Regulated Soon

You will forgive us for recycling a pun from our last BNPL update, but UK providers of buy-now-pay-later will no longer be able to ‘defer’ their regulatory obligations following the publication of the FCA’s final policy statement (we’ll stop now, before our ‘credit’ of good will runs dry).

The FCA has now published its policy statement (PS26/1) on the regulation of deferred payment credit (DPC), following consultation in CP25/23 last July (which we covered in an earlier edition). The consultation attracted 45 responses, and the feedback was broadly supportive. DPC lenders, in particular, welcomed the FCA's focus on the Consumer Duty and its commitment to delivering an outcomes-based regime rather than a prescriptive rulebook. Whether this is indicative of the approach the FCA might take to wider consumer credit regime in the UK (a parallel regulatory overhaul) remains to be seen.

That said, respondents did request greater clarity in some areas, and the FCA has acknowledged this. The final rules and guidance are largely as consulted on, so firms that engaged with the consultation should find the landscape familiar.

So what does the new regime look like in practice? Most of the existing rules in CONC will apply to DPC, alongside other key FCA Handbook requirements. The FCA has also introduced new guidance to remind firms of their obligations under the Consumer Duty – specifically the consumer understanding and consumer support outcomes. For those familiar with the framework, this should feel like a natural extension of existing obligations rather than a wholesale reinvention. A few additional key points:

• The rules and guidance in DISP will apply, and DPC activities will fall within the compulsory jurisdiction of the Financial Ombudsman Service. This means consumers will have access to the familiar complaints and redress mechanisms – an important consideration for firms. However, due to strong industry pushback, the FCA has relaxed its proposals requiring firms to include FOS rights information in the key product information that firms are required to provide to customers during pre-contract disclosure.
• For firms not currently authorised, there will be a temporary permissions regime (TPR). The notification window opens shortly on 15 May 2026 and closes on 1 July 2026. The FCA will publish further directions in due course, but firms will have six months from Regulation Day to submit a full authorisation application. One important caveat: DPC agreements entered into before Regulation Day will remain unregulated, so the new regime applies only to agreements entered into from that point onwards.
• The final rules are set out in the Deferred Payment Credit Instrument 2026 (FCA 2026/2 and FOS 2026/1), annexed to PS26/1, with most provisions coming into force on 15 July 2026.

Any firm that does not currently hold the necessary consumer credit permissions and does not register for the TPR will be unable to enter new DPC agreements after Regulation Day. If this applies to you, now is the time to start planning your application. We have been advising a number of clients on their readiness for the new regime and would be happy to discuss your position.

Confirmation of Payee: A Costly Lesson from Bank of Ireland UK

The PSR has started the year with a notable enforcement action, fining Bank of Ireland UK plc (BOIUK) just under £3.8 million for failing to implement Confirmation of Payee (CoP) within the required timeframe.

BOIUK was directed to have a system in place to send and receive CoP requests by 31 October 2023. CoP, as you will know, allows customers to verify that the account they are sending money to matches the intended recipient – an important safeguard against APP fraud and misdirected payments. BOIUK implemented the system some 14 months late, meaning that over 1.14 million new payees (and payments totalling approximately £6.9 billion) were apparently processed without the benefit of this protection.

The PSR took the view that payment service providers had ample time to put the measure in place, after the PSR confirmed the requirement in October 2022, and BOIUK was the last Group 1 provider to achieve compliance.

• The fine levied by the PSR is a significant one, driven by the key issues identified by the PSR, where:
• The non-compliance affected a large volume and value of transactions, exposing customers to increased risk of fraud and misdirected payments throughout the period of delay.
• BOIUK had continued to rely on a platform with known gaps in vendor support, despite having identified the risks years before SD17 was issued.
• The bank failed to assess proactive interim mitigants whilst it was unable to implement CoP send functionality.
• BOIUK also failed to notify the PSR promptly of its non-compliance, contrary to the requirements of SD17.

More broadly, the PSR has made clear that it expects firms to maintain systems capable of implementing regulatory changes within prescribed timeframes, to manage dependencies proactively, and to have contingency plans in place. This is not new, but the enforcement action is a strong reminder that regulatory change projects require proper governance, adequate resourcing, and realistic timelines – and when things start to slip, early escalation (both internally and to the regulator) is essential.

MiCA/PSD2 Overlap – clarifications but still unclear

The intersection of MiCA and PSD2 continues to generate questions, and the EBA has now published further guidance to help NCAs navigate the transition. This follows the EBA's June 2025 opinion (often referred to as the "No Action letter"). The latest opinion provides some welcome clarification, although – as is often the case in this area – not complete certainty.

The No Action letter addressed issues arising from the interplay between MiCA and PSD2 for cryptoasset service providers (CASPs) that transact electronic money tokens (EMTs). The EBA set out a nine-month transition period during which CASPs could continue transacting EMTs that qualify as payment services whilst submitting (and awaiting a response to) their applications for authorisation under PSD2. The original letter also identified which types of EMT transaction should not be regarded as payment services under PSD2, and which PSD2 provisions should be deprioritised for supervision and enforcement purposes during the transition period. That period ends on 2 March 2026 – which is now just around the corner.

When that period ends:

• The new opinion advises NCAs on what to do once the transition period ends and outlines the conditions under which NCAs may allow CASPs to continue providing EMT services that qualify as payment services after 2 March 2026, even where the CASP does not yet hold a licence under PSD2. Conversely, where CASPs fail to meet all of the relevant conditions, NCAs are advised to require them to discontinue those services.
• The opinion also emphasises the importance of cooperation between NCAs and other relevant national authorities – both under MiCA and more generally – to ensure compliance. This is a sensible approach, and reflects the reality that CASPs often sit at the intersection of multiple regulatory regimes.

The EBA also notes that more than 100 CASPs have already approached NCAs (whether informally or through formal applications) to seek authorisation as payment service providers since the No Action letter was published. The new opinion is intended to help NCAs prioritise their authorisation efforts as the transition period draws to a close.

For CASPs affected by these provisions, close and proactive engagement with your NCA is going to be essential. If you have not yet submitted an application (or at least initiated dialogue), time is running short. We have been helping a number of clients navigate this process and would be pleased to discuss your situation.

AMLA: Three Consultations on the AML Horizon

Finally, a quick update on developments from AMLA – the EU Authority for Anti-Money Laundering and Countering the Financing of Terrorism. AMLA has published three consultation papers, each addressing different aspects of the evolving AML framework. We summarise them briefly below, but firms with AML compliance obligations will want to consider whether to engage with any or all of these consultations.

• The first consultation concerns draft regulatory technical standards (RTS) on sanctions, administrative measures, and periodic penalty payments under Article 53(10) of MLD6. In essence, AMLA is proposing a framework for how supervisors should assess the gravity of AML breaches. The draft RTS set out indicators that supervisors will take into account, together with criteria for classifying breaches into one of four severity categories. This is an important piece of the puzzle for understanding how enforcement will work under the new regime. Comments are due by 9 March 2026.
• The second consultation relates to draft RTS on customer due diligence (CDD) under Article 28(1) of the AML Regulation. These draft standards set out proportionate, risk-based CDD measures intended to harmonise how AML and CFT requirements are applied across the EU. The EBA published an earlier version of the draft RTS in October 2025 in response to the European Commission's call for advice. AMLA has now published a revised version with tracked changes, making it easy to see what has been amended. Comments on this consultation are due by 8 May 2026.
• The third consultation addresses draft RTS on criteria for identifying business relationships, occasional transactions, linked transactions, and lower thresholds under Article 19(9) of the AML Regulation. The criteria apply to all obliged entities across both the financial and non-financial sectors, though some are tailored to specific categories of entity. Interestingly, AMLA has the option under the Regulation to set additional lower CDD thresholds for occasional transactions, but has chosen not to exercise this option at this stage. Comments on this third consultation are also due by 8 May 2026.

News Flash

A note that we heard some very interesting points raised at the Frankfurt Digital Finance conference on the macroeconomic/political development surrounding EU payment systems where sovereignty is now of paramount importance – we’ve been speaking with a few readers on this so let us know if of interest and we’d be happy to discuss.