Latest Payments News: Crypto Firms in 48 Jurisdictions Face New Tax Reporting Rules Under OECD Framework, and more

Catch up on some of the stories our payments compliance analysts have covered lately, and stay up-to-date on the latest news.

Crypto Firms in 48 Jurisdictions Face New Tax Reporting Rules Under OECD Framework

The Organisation for Economic Co-operation and Development’s (OECD) new multilateral reporting framework aims to address tax evasion and tax avoidance in the crypto-asset sector through information sharing and standardisation.

The Crypto-Asset Reporting Framework (CARF) is a global tax transparency initiative that will automate and standardise the exchange of crypto-related tax information between regulators.

Under CARF, tax information provided by reporting crypto-asset service providers (RCASPs) will be shared with the tax authorities of relevant participating jurisdictions on an annual basis.

The framework also provides for mandatory registration for reporting purposes, with penalties for non-compliance set under domestic law.

CARF was finalised in 2023, following concerns that the rapid growth of the crypto-asset sector risked undermining the tax transparency gains achieved since 2014, when the OECD introduced its Common Reporting Standards (CRS).

The CRS targets traditional financial assets and financial institutions, and has since become a key tool in addressing offshore tax evasion.

CARF aims to replicate this success by applying similar rules to an asset class that has historically sat outside of traditional financial reporting regimes.

The new framework consists of three distinct components that must be implemented by each participating jurisdiction:

1. Rules and related commentary that can be transposed into domestic law to collect information from RCASPs.
2. A multilateral competent authority agreement enabling automatic exchange of information under CARF, supported by commentary (or, where applicable, bilateral agreements).
3. An electronic reporting format (XML schema) to be used by competent authorities for information exchange, and by RCASPs when reporting to tax administrations, as required under domestic law.

The regime marks a decisive shift in how crypto-asset activity is treated for tax transparency purposes, both domestically and internationally.

UK–EU Agreement on Supervision of Critical Third Parties Set to Benefit PSPs

The operational resilience Memorandum of Understanding (MoU) is intended to reduce the risk of fragmented or conflicting supervisory responses during crises, but does not affect payments firms’ responsibility for their own third-party risk management.

The MoU was signed in January 2026 by the UK’s Financial Conduct Authority (FCA), the Bank of England and the Prudential Regulation Authority (PRA), together with the European Supervisory Authorities (ESAs): the European Banking Authority (EBA), the European Securities and Markets Authority (ESMA) and the European Insurance and Occupational Pensions Authority (EIOPA).

Its aim is to enhance cooperation by establishing a framework for coordinating and sharing information on the oversight of technology and infrastructure providers whose disruption could pose systemic risks to financial services, including via incidents such as power outages or cyber-attacks.

These include cloud service providers, data and connectivity firms and other ICT suppliers that support large numbers of regulated firms across borders.

The UK's regime for the supervision of critical third parties (CTPs) was established under the Financial Services and Markets Act (FSMA) 2023; the EU’s Digital Operational Resilience Act (DORA) created the critical third-party providers (CTPPs) regime.

For payment service providers (PSPs), the primary benefit of the MoU should be a more coordinated regulatory response during significant operational disruptions.

In November 2025, the ESAs announced their first list of CTPPs under DORA, marking a significant milestone in the EU’s implementation of the regime. By contrast, the UK has yet to announce its initial list, despite growing pressure to act.

In October 2025, for example, a widespread outage at Amazon Web Services (AWS) disrupted several organisations, including Lloyds Banking Group, and prompted the UK’s Treasury Select Committee to write to the economic secretary to the Treasury questioning why AWS had not yet been designated under the CTP regime.

The designation of systemic providers marks the beginning of a significant operational shift for financial institutions, including PSPs, which will need to strengthen their understanding of third-party dependencies and the risks that accompany them.

After Eight Years, UK Open Banking Enters Its Defining Phase

UK open banking has delivered a functioning ecosystem, but its growth remains incremental, leaving regulators and firms focused on open finance and the next phase of payments reform.

January 2026 marks eight years since the launch of open banking in the UK, a milestone Open Banking Limited (OBL) has framed as evidence of lasting structural change in the financial system.

In announcing the anniversary, OBL described open banking as having evolved from a regulatory initiative into a core component of the UK’s financial infrastructure, supporting innovation across payments, lending and money management.

The scale of the ecosystem is now difficult to dismiss. According to OBL, more than 16.5m user connections are live across the UK, nearly 5,000 skilled digital jobs have been created since 2018, and open banking payments reached close to 33m in November 2025 alone.

Henk van Hulle, OBL’s chief executive, said in a statement that open banking has grown into an “ecosystem that people and businesses across the UK now use as part of everyday financial life, sometimes without even realising.”

The UK’s role as a pioneer is also widely acknowledged. Through the Competition and Markets Authority’s (CMA) Retail Banking Market Investigation Order, the UK delivered one of the first mandatory open banking regimes globally, complete with common technical standards, regulated third-party access and a central implementation entity.

Compared with many jurisdictions, the UK succeeded in building stable and secure API infrastructure at scale, and did so quickly.

However, eight years on, the impact of open banking has been more measured than many early advocates anticipated.

Although adoption has grown steadily, account-to-account (A2A) payments have not displaced cards in any meaningful way, nor has open banking fundamentally reshaped mainstream consumer payment behaviour.

Much of its use remains embedded in specific journeys such as onboarding, affordability checks and account verification, rather than operating as a visible alternative payment method.

Ultimately, the UK’s open banking framework has proven its value as regulated infrastructure but has not yet delivered the kind of market-led disruption once forecast.

‍

Want to know more? 

Request a demo with one of our experts today to gain full access to the stories we cover - and much more - and start learning how you can make compliance a competitive advantage for your organisation.