.svg)
As the authorities implement the National Payments Vision (NPV) and extend the regulatory perimeter to ensure consumer protection in newer areas of the system, compliance teams face a wave of new obligations.
Prior to the November 2024 publication of the government’s NPV, there had been a sense that the UK’s leadership in payments had lost momentum. The NPV represented a reset intended to restore the country’s reputation for financial innovation.
We are seeing the impact of the vision now, following a series of steps intended to modernise the UK payments regulatory landscape.
Open banking and open finance were a key part of the NPV, and the Financial Conduct Authority (FCA) has collaborated with industry to establish the Future Entity and with HM Treasury to establish a long-term regulatory framework.
One of the concerns about extending open banking and relaxing the rules on strong customer authentication (SCA) was the increased risk of fraud, and in March 2026 the Home Office published the Fraud Strategy for 2026 to 2029.
The strategy sets out a renewed national response to what remains the most commonly reported crime in England and Wales, and should help to boost confidence in open banking and open finance.
In addition, the FCA’s new safeguarding rules will come into effect on May 7, 2026, increasing security for consumers in the event of organisational failure.
The authorities are also expanding the regulatory perimeter, with a new regime for buy now, pay later (BNPL) services coming into force in July 2026. The final policy statements on the FCA’s cryptoasset regime are also due later in the year and the Supercharged Sandbox and AI Live Testing are ongoing, with an evaluation report expected by the end of this year.
The FCA is keeping firms informed of its activities and priorities through the publication of its Payments Priorities and Annual Work Programme for 2026/27.
Opportunity and risk
As the UK government and regulatory authorities work to promote a modernised payments system with features such as seamless account-to-account (A2A) payments and widely adopted open banking, firms will see both opportunities and risks.
In February 2026, Amazon introduced Pay by Bank, allowing UK customers to pay for their purchases directly from their bank account, without using a card. Customers select their bank at checkout and are then redirected to their mobile banking app, where they can authorise the transaction using biometric authentication or PIN code.
Such initiatives create opportunity for some but disintermediation risk for others, with the traditional card rail bypassed entirely. This significantly reduces merchant acquisition costs but shifts the burden of dispute resolution and consumer protection directly onto the banks.
The introduction of commercial variable recurring payments (cVRPs), meanwhile, allows consumers to securely authorise trusted third parties to manage recurring transactions, which could help open banking compete with direct debits and the big card schemes.
Alongside creating these opportunities, the Fraud Strategy recognises the heightened risk from fraud and seeks to introduce a coordinated, tech-enabled prevention model based on deeper collaboration between the government and industry.
Strategic readiness
Payments organisations will need to consider and respond to the UK authorities’ efforts to modernise.
With the FCA prioritising open banking and open finance, and aiming to develop a long-term, sustainable regulatory framework that is a core part of the payments infrastructure, firms should think about what might be around the corner.
This could mean moving beyond just meeting requirements and seeking to begin building systems for “open everything”, ensuring that internal data architectures are flexible enough to support not just A2A payments, but cVRPs, cross-sector data sharing and broader open finance functionality.
One key area to focus on is the expectation that payments are secure by design, meaning that compliance teams must work closely with product developers to ensure that friction points such as SCA are applied intelligently to minimise fraud risk.
In addition, the expansion of the regulatory perimeter creates additional obligations for affected organisations. For example, under the new regime, from July, BNPL providers will be subject to the Consumer Duty.
To ensure they are compliant, firms must be able to prove that not only do they have affordability checks and plain English disclosures in place, but that they are actually delivering good outcomes for users.
Similarly, bringing fiat-backed stablecoins into the Financial Services and Markets Act (FSMA) regime from September 2026 creates work for compliance functions.
There is no grandfathering, meaning that firms currently registered under the Money Laundering Regulations (MLRs) must apply through the new gateway to continue stablecoin activities by the October 2027 commencement date.
Stablecoin providers’ internal controls will need to be comparable to those of traditional e-money institutions, particularly regarding reserve backing and redemption rights.
Overall, the UK is seeking to modernise its payments landscape via greater use of technology based on improved analytical capabilities, stronger governance and deeper collaboration with industry.
For firms this means recognising and embracing a new role for compliance – as an accelerator of innovation rather than a hurdle to overcome.
