Payments View – Spring 2025

Welcome back to Payments View following a busy start to the year for payments firms, regulators and disruptors of international trade (we’re way past the car crash emoji here!). Hot off the press is the publication of the latest version of the FCA’s regulatory initiatives grid confirming a number of timing points (including incoming updates on BNPL, safeguarding, and the rules on the termination of framework contracts).

Ahead of our usual programming, however, we wanted to briefly focus on our new cross-border regulatory product, Payments Reviewer: Global Insight. This new product sits alongside our more detailed Payments Reviewer and provides a bespoke regulatory heatmap of up to 150 jurisdictions – providing an ‘at a glance’ assessment of the cross-border regulatory treatment of your business at a fraction of the costs associated with cross-border compliance projects. If this might be useful for your regulatory or compliance needs, let us know and we can have you up and running in a few weeks.

In the meantime, this edition of Payments View covers a range of updates including:

• Abolition of the PSR;
• FCA to encourage risk-taking in push for growth;
• Further narrowing of e-money definition in the EU;
• Digital wallet work highlighted as a competition issue;
• Contactless payment limits change;
• ECB decision on non-bank PSP access to central bank systems;
• Quincecare Update – ‘duty of retrieval’ rejected;
• Consumer Duty – multi-firm review findings published; and
• Eurosystem verification of payee confirmed.

As always, don’t hesitate to reach out to us if you would like to discuss any of the developments in this edition.

Abolition of the PSR – going, going, going…

The storm clouds have been gathering for quite some time now for the much maligned PSR (particularly following the challenges raised by industry and government as part of the implementation of SD20) but it did come as rather a surprise to see the press release from the PM’s office on the regulator’s abolition.

While we haven’t had any confirmation of how this ‘bonfire of red tape’ will work in practice, the main point is that the PSR’s remit will be folded into the FCA. However, the announcement “does not result in any immediate changes to the Payment Systems Regulator’s remit or ongoing programme of work” and goes on to say that the PSR “will continue to have access to its statutory powers until legislation is passed by Parliament to enact these changes.”

The timing and final shape of the new regulatory landscape therefore remains uncertain for firms and, ironically, may cause more of the complexity that the abolition is trying to resolve. Bringing together the regulation of payment firms and payment systems also raises questions about the risk of scope-creep for firms in the sector and whether or not tangible benefits from the policy will actually be realised – sentiment that some in industry seem to share.

It also raises questions on a number of the PSR’s workstreams which have had a flurry of updates over the last few weeks, namely on:

• The PSR’s policy statement on its Compliance Monitoring Framework (PS25/2). Here, you might remember that we hosted a webinar with the PSR as part of the policy’s publication and would be very happy to discuss any of the points raised. In the meantime, the policy statement itself sets out how the PSR’s Compliance Monitoring team is / would have been evaluating firms’ compliance with regulations, alongside the PSR’s announcement that it was planning to make changes to its Process and Procedures Guide later in 2025, as this has not had a significant overhaul since 2020.

• The continued delays on APP scam RCMS. October last year now feels like a long time ago and since the implementation of the APP scam reimbursement policy, industry has been faced with a variety of separate claims management systems or the onerous need to manage claims manually. In an attempt to address this, the PSR provided an update on its blog that it will publish a consultation in April (confirmed in the FCA’s RIG) regarding the implementation of regulatory requirements for Pay.UK’s reimbursement claims management system (RCMS) for APP scam claim management and data reporting. There is limited detail at this point except that the consultation will run for at least eight weeks, with the PSR seeking stakeholder views on “potential implementation dates for any new requirements”. The regulator has also indicated that the earliest possible date for any confirmed requirements to come into effect is likely to be late 2025, revising previous expectations of a May 2025 implementation. While we assume this will go through, it’s unclear who will now take forward the much promised independent review of the APP scam rules later in the year.

• Ongoing work on (arguably) the PSR’s largest workstream, being its ‘engagement’ with card schemes on processing fees and interchange. On the former, the PSR recently published its final report on its market review and on the latter, the FCA will no doubt be delighted to have seen the news of Visa and Revolut’s joint judicial review.

Upping the ante – FCA to encourage risk-taking in push for growth

The FCA has made further statements on a push for growth and a wholesale readjustment of its risk tolerance. The latest comments came from FCA Chair Ashley Alder, who said that the regulator will encourage retail investors to take more risks with their savings, and comes alongside a new five-year strategy that was published at the end of March.

We’ve set out the detail of the FCA’s strategy in a separate article here, but the key points include the FCA’s aim of:

• enhancing efficiency and effectiveness through improved processes and technology;
• enabling investment and innovation – as well as establishing a presence in the US and Asia-Pacific for the first time;
• boosting trust and product innovation, ensuring access to information and support for financial decisions; and
• disrupting criminal activities – particularly in relation to fraud.

Specific to payments firms, as it takes over delivery of the NPV, the FCA will focus on building on the foundations of Open Finance (with a roadmap due within a year) on which it is engaging with a number of firms already, as well as reviewing the redress system. As has been trailed by the PSR for a few years now (and covered in Payments View), the FCA highlights improving the adoption of Account-to-Account payments and ‘making VRP a reality’ as other key areas of focus.

This strategy update follows HMT’s own ‘action plan’ setting out the steps the government intends to take to reform the UK regulatory system to ensure regulators and regulation support growth, including the following key points of focus:

• tackle complexity and the burden of regulation;
• reduce uncertainty across the regulatory system; and
• challenge and shift excessive risk aversion in the system.

As we’ve mentioned in the last few editions, the government’s (and, less enthusiastically, regulators’) focus is firmly on growth and adjusting the regulatory burden.

Further narrowing of e-money definition in the EU

For those tracking the European developments on the regulatory scope of e-money, the European Commission has (in a Q&A) built on the Court of Justice of the European Union’s findings in the Projektai case (the findings of which we found surprising when they were made back in February 2024) and have seemingly further narrowed the scope of when a firm will be treated as issuing e-money in the EU.

The Q&A states that the last condition of the definition of e-money - being that it must be accepted by a natural or legal person other than the electronic money issuer - should be understood as "entailing the transferability and voluntary acceptance of e-money as a separate monetary asset" – emphasis added. Importantly, and contrary to the position understood by many in the market, the Q&A response states that this condition is not satisfied simply on the reception by the payee of funds resulting from redeemed e-money but actually requires the acceptance of the e-money itself (i.e. not just the proceeds). This leads to a significant narrowing of the scope of e-money when read alongside both (i) the finding in Projektai that a contractual agreement between the user and the issuer so that the user can consent to the issuance of e-money, is strictly required for e-money to be issued and (ii) the decision in a previous EBA Q&A response from 2021 that holding funds on a payment account without a payment order would not mean that such funds had to be held as e-money, provided they were intended to be used for future payments.

This narrower interpretation does not align with how many market participants, regulators (and even the asker of the Q&A!) understand the scope of e-money and in our view raises serious questions over how e-money now works with a number of business models, from those utilising card schemes to Banking as a Service providers.

According to the EBA, the result of the decision and the Projektai case would mean that (in their view) funds received by a firm will only qualify as e-money if, when the ‘issued e-money/funds’ are used to make a payment transaction by a payer:

• the funds are received as a separate monetary asset by the payee such that;
• the payee becomes the holder of that separate monetary asset, and where;
• the payee’s own rights of redemption are set out in a contractual arrangement with the issuer.

Conceptually this raises a number of questions which firms operating in the e-money space will want to consider – in particular the effect of narrowing the scope of e-money in this way and blurring the lines between considerations relevant to issuance, with the practicalities of how funds are actually settled. This is especially true for hybrid crypto / payments firms in a post-MiCAR world with the requirement for e-money tokens (EMTs) to be issued by EMIs.

While as a Q&A the EBA’s decision here is not binding, this is something firms will need to keep under review given the possible consequences for the sector were regulators to swayed and adopt this view.

Do let us know if this is one that you’d like to discuss.

FCA and PSR highlight digital wallets as a competition issue

It was surprising to see in July last year the FCA and PSR teaming up to target the provision of digital ‘pass through’ wallets like Google and Apple Pay (covered in the summer edition of Payments View) and the regulators have now published their response to the joint call for information.

The main takeaways are the resounding response from industry that digital wallets provide a significant benefit to consumers and the regulators taking a marked step back from the possible interventions in the sector which they had floated last year.

Instead, any intervention - the FCA and PSR have confirmed no further “in-depth work” in this area - has been passed over to the CMA’s side of the table, particularly on the response’s key concerns over:

• “deficiencies in competition between digital wallets” where the CMA will lead in its wider review of digital wallets within its investigations into Apple and Google mobile ecosystems;
• “barriers to effective competition between payment systems within digital wallets” where some follow-up in relation to improving A2A payments is hinted at;
• operational resilience concerns and “gaps in the current regulatory framework” – although there are limited details here. The FCA notes that “some stakeholders suggested that the provision of digital wallets could be brought within the FCA’s regulatory perimeter, though others warned against prescriptive regulation” and that they will engage with HM Treasury to consider these issues as part of its wider review of the regulatory framework.

In a separate letter to the CMA directly, the regulators agree on the scope of the proposed investigations into Apple and Google, as well as the proposed avenues of the investigation, including the proposed consumer research. In terms of potential steps, they point specifically to the approaches taken by the European Commission in relation to the opening up of Near Field Technology.

Contactless payment limits

As part of the push for growth, the FCA have relatedly published an engagement paper on increasing – or even removing – the contactless limits for cards, which closes on 9 May. The lack of limits – and therefore friction – when making card payments through digital wallets is called out, together with less convincing arguments, including around the impact of inflation since the limits were last increased in 2021. Interestingly, while the issue of fraud comes up throughout the paper, the FCA appear to be at pains to play down both the current levels of fraud involving contactless payments where cards have been lost or stolen and the impact of an increase or removal of the current limits.

We would be extremely interested to hear your views on this one.

ECB decision on non-bank PSP access to central bank systems

Readers of Payments View will know that changes are incoming for non-bank payment service providers (“NBPSPs”) operating in Europe particularly on access to ECB operated payment systems and central bank accounts. Following on from the updates from Centrolink last year, the ECB decision has now been published in the Official Journal.

The decision requires that no later than 31 December 2025, Eurosystem central banks must terminate access for NBPSPs registered as addressable business identifier code (BIC) holders or reachable parties on the Eurosystem central banks’ own account in TARGET.

For firms operating as NBPSPs, the decision introduces a uniform set of non-discriminatory, objective, and risk-based criteria for accessing these systems. This aims to enhance the efficiency and smooth functioning of the retail payments sector, particularly in facilitating instant payments across the euro area. Specifically NBPSPs will be required to ensure that:

• it (or, interestingly, an agent) installs, manages, operates, monitors and ensures the security of the necessary IT infrastructure to connect to the central bank operated payment system and is able to submit cash transfer orders to the central bank operated payment system;
• the NBPSP provides any supporting information the relevant central bank reasonably deems necessary to decide on an application to obtain access to the central bank operated payment system;
• the NBPSP implements adequate security controls to protect its systems from unauthorised access and use, including in relation to cyber resilience and information security;
• the NBPSP submits to the relevant central bank either a statement issued by the relevant national competent authority or a statement duly signed as approved by the competent management body of the NBPSP on certain compliance matters.

Firms will need to comply with specific security requirements and provide supporting documentation to demonstrate ongoing compliance. The decision also imposes a maximum holding amount (broadly speaking this will be twice the daily peak value of outgoing payment orders) on funds held in central bank accounts, which firms must adhere to, with the aim of ensuring that accounts are used strictly for settlement obligations and not for safeguarding purposes. Importantly here, the decision indicates that non-compliance “shall” result in a penalty of 0.03 % on the total amount in excess of the maximum holding amount held, alongside additional daily penalties, and possible account termination. The decision also prohibits Eurosystem central banks from offering safeguarding accounts to NBPSPs (as well as cryptoasset service providers) emphasizing the role of credit institutions in providing such services.

Interestingly this comes as the Bank of England sets out its response to its own discussion paper on reviewing access to Real-Time Gross Settlement (RTGS) for settlement – aiming to improve access to settlement in central bank money and remove barriers for industry. The key point to note is the significant change that the BoE has made in introducing stage gates to enable applicants seeking access to RTGS, including new and small FMIs as well as specifically exploring whether and on what terms the BoE could offer NBPSPs with settlement accounts with safeguarding facilities. On access to RTGS for NBPSPs more generally, the Bank and the FCA have also made changes to the co-operation framework to enhance the assessment process in:

• requiring an applicant NBPSP to undertake regulated activities for at least nine months before a full assessment;
• undertaking a s166 assessment of the applicant’s activities, compliance, or controls prior to the FCA providing an objection or non-objection to the BoE granting RTGS access; and
• setting an expectation that fast-growing firms will be subject to enhanced supervision by the FCA when granted RTGS access.

Quincecare Update – ‘duty of retrieval’ rejected

In a helpful step for a number of firms on their legal requirements relating to APP scams, the recent judgement of Santander UK PLC v CCP Graduate School Ltd (link here) has rejected allegations that a receiving PSP owes a duty to victims, with whom it has no contractual relationship, to take proactive steps to remedy harm already done by seeking to recall payments already made on the proper and valid instruction of its customers.

This follows the leading case on the existence of a ‘Quincecare duty’ in an APP scam context (Philipp v Barclays) where the door was left open to a so-called ‘duty of retrieval’ – which could be a duty owed by a PSP to take prompt steps to recover stolen funds. However, this decision narrows that by clarifying: "The duty of retrieval identified in Philipp is an extension of the contractual duty owed by a bank to its customer. There is no basis for extending this duty to a third party."

While firms will of course have had SD20 front of mind for the last few months, developments on Quincecare will be equally important to keep on top of.

Consumer Duty – Multi-firm review findings published

As covered in our sister-publication, Consumer Duty View, the FCA have published findings of their review on firms’ approaches to the ‘consumer support’ outcome and examples of good and poor practice. We wanted to flag this in particular as it includes a section on culture, governance and accountability, with a number of areas for improvement identified for firms across the board (but clearly being a key area of focus for payments firms), including:

• ensuring firms can demonstrate substantive steps to drive cultural change, including firms’ Boards and senior management ensuring that they are embedding a culture where good outcomes for consumers is at its core;
• firms’ should be able to evidence appropriate training to ensure staff understand their role in delivering good outcomes, particularly in relation to characteristics of vulnerability; and
• ensuring firms’ statements of purpose align with their obligations under the Duty.

For more detail, you can see our article outlining the other good and poor practices identified here as well as a separate article on the FCA’s findings from its review of firms’ treatment of customers in vulnerable circumstances.

Eurosystem verification of payee confirmed

The ECB has announced that it will be progressing its exploratory work for offering a Verification of Payee (VoP) service for payment service providers building on the services developed by the Banco de Portugal and Latvijas Banka. The solutions will achieve SEPA-wide reach and allow PSPs in the euro area to be able to fulfil their obligation to offer a VoP service to their customers by 9 October 2025, using one of the two solutions.

News Flash

• The APPG for Fair Banking has published a detailed report on APP scams which calls for greater steps to be taken by industry – including raising concerns over what it sees as delays in how long it is taking firms to process claims.
• The EBA has published a consultation paper (EBA/CP/2025/04) on proposed regulatory technical standards relating to the new anti-money laundering and counter-terrorist financing framework.
• The Wolfsberg Group has published a document to supplement, and be read in conjunction with, the Wolfsberg Group Payment Transparency Standards published in October 2023.
• As above, the FCA published its Regulatory Initiatives Grid which confirms the intended timing for several initiatives we have been tracking. Notably, the final rules for regulating BNPL providers are due to be published before the summer and the interim final rules for the safeguarding requirements are expected to be published by July.