Payments View – September 2025

Welcome back to Payments View from what we hope has been a good summer break – if you didn’t catch our recent Insights article on the changes to the safeguarding regime because you were enjoying the last of the summer sun, you can find this update here.

Overall we think that the response to the safeguarding consultation is positive for industry and particularly agree with the FCA’s decision not to press ahead with the ‘end state’ provisions on imposing a statutory trust. Our Insight article breaks down the key changes that firms will need to be aware of, particularly that the obligations on firms from a compliance and reporting perspective are being strengthened. The reconciliation pack requirement is probably the most important one for firms to get ahead of before the May 2026 implementation deadline so do let us know if you’d like to discuss the template version we’ve already prepared.

Beyond this, this edition of Payments View covers a range of updates including:

• A Phaedo for the Modern Age – PSR publishes annual report in the midst of getting axed
• HMT Consultation on Said Axing
• Contactless Limit Being Removed
• FCA Simplifying Supervisory Communications
• Mansion House Speech and Leeds Reform – ‘Unlocking Growth’ in Financial Services
• Deferred Payment Credit Regulation – FCA Consultation
• FCA’s Secondary Objective – Progress Update
• Concerns raised over Bank of England ‘not moving’ on stablecoin ownership limit
• Recent Enforcement Actions – lessons on systems and controls
• US Open Banking Developments

As always, don’t hesitate to reach out to us if you would like to discuss any of the developments in this edition.

A Phaedo for the Modern Age – PSR publishes annual report in the midst of getting axed

The PSR has released its Annual Report for 2024/25, striking a reflective note as it looks back on a busy 12 months in the face of its own axing.

As may be expected a significant focus of the report is the planned consolidation of the PSR into the FCA which the foreword “welcomes” as a "pragmatic next step" which will lead to "clearer regulation, faster decision-making, and greater efficiencies”. However, as a consultation on the integration has only just published (more details below) there is still plenty to do for the regulator, with an updated overview of the various workstreams since their strategy review that we covered at the start of this year.

The report also highlights the PSR’s ‘greatest hits’ from this year, focusing on some interesting data points in the measures to address APP scams, noting that “99% of victims have been refunded and that concerns about unintended consequences have not materialised so far … [with] 86% of money lost to APP scams returned to victims … [thereby] preventing approximately £27 million in losses”. It would be interesting to dig into the maths on this one, but we would generally agree that the industry seems to have adapted to many elements of the new requirements, although we’re not entirely sure how the PSR has come to the conclusion that the data shows “no major evidence of increased ‘moral hazard’”. An independent review of the policy is still scheduled to begin in October, with plans to include stakeholder engagement to assess the impact and identify any unintended consequences. The report further touches on the expansion of Confirmation of Payee and that it now applies to 99% of Faster Payments transactions, helping to reduce fraud and errors.

One area we thought was particularly interesting was buried deep in the ‘Principal risks and uncertainties facing the PSR’ section where the PSR identifies several risks to the payments ecosystem, including barriers to innovation and competition due to the economic characteristics of payment systems, the growing role of big tech in payments and digital wallets, fraud risks for users, and the concentration of critical roles in payment system infrastructure among a small number of parties. These are an interesting set of points to pick out (particularly in light of the wider growth agenda) and it’ll be interesting to see how they are taken forwards / continue to be addressed in due course.

HMT Consultation on Said Axing

The detail of this consultation paper isn’t too surprising and generally tracks the position outlined over summer that the PSR was essentially going to be subsumed into the FCA. The powers and objectives of the PSR are going to be brought over into the FCA’s remit with changes made to FSMA to accomplish this (a new section of FSMA to deal with anything that cannot easily be amended is apparently also planned). As the paper notes, this shouldn’t change the firms that the regulators’ powers extend/will extend to (noting we still have questions over the scope of what the PSR’s powers under FSBRA actually cover) nor should the scope of regulation for payment systems themselves change either (outside of a small point on POND access that HMT have identified).

Contactless Limit Being Removed

Off the back of the wider ‘growth agenda’, the FCA has proposed changes to Strong Customer Authentication (“SCA”) requirements, specifically removing the payment limits for contactless payments. Currently, as you’re probably aware, contactless payments are capped (both at a transaction and cumulative level) before SCA is required. The FCA’s proposal would replace these fixed limits with a new exemption allowing under the SCA-RTS for PSPs to process contactless payments identified as posing a “low level of risk”. This approach would enable firms to set or maintain their own limits in line with their business models and customer needs, provided they comply with regulatory requirements, including robust transaction monitoring mechanisms under Article 2 of the SCA-RTS.

The FCA’s consultation, interestingly published not on its own but rather as part of its broader quarterly consultation paper, is intended to reflect advancements in fraud controls and smart technology that support a more tailored approach to payment limits. In particular it seems to be intended to more closely align contactless card payments with transactions involving digital wallets (which currently have no such limits). This follows the FCA and PSR stepping back from their plans last year where they raised the idea of much closer regulation of apps such as Google / Apple Pay. While the FCA does not anticipate immediate changes to the current £100 limit (and the changes to the SCA-RTS will allow firms to retain controls), the proposed framework would give firms the ability to adjust limits as well as implement additional measures, such as requiring PIN authentication after a certain number of transactions. The FCA has also emphasised the importance of PSPs considering their Consumer Duty obligations, including accommodating vulnerable customers and offering options for personalised limits.

The consultation is open until 15 October, with potential implementation of changes as early as next year.

FCA Simplifying Supervisory Communications

As covered in Payments View previously, the FCA’s focus on growth has meant that it is revisiting its older guidance and strategy documents. As part of this, the FCA has confirmed (although this was first kicked off in April this year) that they will be simplifying their multi-firm and thematic reviews and will change how they provide guidance for firms.

Instead of issuing Dear CEO or portfolio letters, the FCA intends to publish a “small” number of market reports “soon” which will include information that is relevant to different types of firms, as well as more general insights from the FCA's supervisory work. Reviews published before 2022 will be labelled as "historical". Until these reports are published, the FCA advises firms to continue referring to relevant supervisory communications for guidance but notes that, after the publication of the new reports, historical documents will remain publicly accessible.

As already discussed with a number of clients however we still see many of these ‘historical’ letters dealing with important points that firms might need to keep in mind – perhaps more so amongst the payments sector than for other areas under FCA supervision. In particular guidance on safeguarding, customer communications, and financial crime covered in the “historical” letters still appear to be useful for firms to consider but their ‘historical’ designation also means, slightly obliquely, that the FCA does not “expect your firm to refer to these historical letters when interpreting our current supervisory expectations”. Therefore from a technical perspective, we think the question of whether firms should continue to be following them to be in a state of limbo until the new market reports are published.

Mansion House Speech and Leeds Reform – ‘Unlocking Growth’ in Financial Services

You probably saw that over the summer the Chancellor delivered her second Mansion House speech, unveiling the long-anticipated Financial Services Growth and Competitiveness Strategy 2035 alongside a comprehensive package of reforms known as the Leeds Reforms. These measures mark a significant shift towards deregulation and aim to position the UK as the global hub for financial services by 2035.

The strategy outlines a 10-year roadmap to enhance the UK’s competitiveness focusing on streamlining regulatory processes, opening up investment opportunities, and fostering innovation. The accompanying Leeds Reforms introduce targeted changes across areas such as regulatory reporting, retail investment, fintech growth, and skills development. Together, these initiatives are designed to “unleash the potential of the UK’s world-leading financial services sector and drive economic growth”.

For a detailed breakdown of the proposals, their timing, and key considerations for firms, you can access our full analysis here. Additionally, we hosted a webinar on ‘What the Mansion House Speech Means for Financial Services’ which you can view on demand here.

Deferred Payment Credit Regulation – FCA Consultation

Also over the summer the FCA published a consultation paper (CP25/23) outlining the long-trailed proposed approach to regulating deferred payment credit (DPC), commonly referred to as BNPL – being interest-free credit products repayable in 12 or fewer instalments within 12 months, which are currently exempt from regulation.

You can see our full breakdown here but key areas of the proposals include:

• Information Requirements: Ensuring consumers receive clear and timely information to make informed decisions through the creation of new bespoke rules that will form part of the Consumer Credit Sourcebook (CONC).
• Creditworthiness Assessments: Applying existing rules and guidance under CONC 5.2A.
• FCA Handbook: Extending the Senior Managers and Certification Regime (SMCR) to DPC firms and ensuring access to the Financial Ombudsman Service (FOS).

Significantly, the FCA’s proposals focus on leveraging the Consumer Duty where possible, rather than introducing new rules. The FCA is also proposing a temporary permissions regime for firms meeting specific criteria, allowing them to continue offering DPC products from ‘Regulation Day’ (being the 15 July 2026). Comments on the consultation can be made until 26 September 2025, with a policy statement expected in early 2026.

FCA’s Secondary Objective – Progress Update

The FCA has published its SICGO report 2024/25, providing a six-month update on its progress towards meeting its secondary objective of promoting international competitiveness and growth. The report highlights the FCA’s accelerated pace of delivery and its focus on “ruthlessly” prioritising activities to advance the regulator’s secondary objective.

We prepared an overview for Lexis+ with more detail which you can find here (or, if you don’t have access, just let us know if you’d like to have a quick chat!).

Recent Enforcement Actions – lessons on systems and controls

All the recent focus on growth has not, however, meant that the regulators have taken a step back from more involved engagement with firms over the summer period. You’ll have likely seen the conclusion of the FCA’s enforcement action against Monzo Bank (you can find the Final Notice here) highlighting the FCA’s continued focus on robust financial crime controls and the requirement for firms to adapt their financial crime frameworks proactively as they scale.

An update that’s received less attention however, has been the BoE’s fine of Vocalink Ltd for £11.9 million, due to compliance failures related to its systems and controls. You can read the Final Notice here. The fine follows a particularly protracted process (starting with Vocalink’s December 2020 implementation of a remediation programme) but specifically results from the BoE’s view that Vocalink failed to comply with further remediation work required in 2022. Section 4 of the Final Notice sets out some key lessons for firms (relevant, to our eyes, for any firm working through large remediation projects) including ensuring adequate risk management frameworks, controls and governance arrangements are in place; having open communication (within the firm and to regulators); and the importance of having a centralised process in place to adequately quantify, track and interrogate decisions being made on progress.

US Open Banking Developments

While we don’t usually cover the US in detail at Payments View, we’d be remiss not to mention the huge changes expected over the pond on Open Banking and the proposals that banks may soon charge firms for access to customer data (with Visa’s shuttering of its open banking unit the most recent development). All of this is occurring as Open Banking in the UK hit 15 million users in July (and being one in 13 of all transactions over Faster Payments according to the PSR) and the FCA Feedback Statement from earlier last month on the continued work on the design of the Future Entity.