Top themes for the payments sector in 2026

In the UK, digital and contactless payments continue to rise, with 48.8 billion transactions last year alone and cash usage dropping below 10% for the first time. This research, from UK Finance, highlights that debit cards were the most prevalent payment method, comprising 26.1 billion transactions, followed by Faster Payments with 5.6 billion. With these trends set to continue, and cash predicted to total just 4% by 2034, the payment sector is becoming an increasingly important part of the financial system.

The imminent consolidation of the Payment Systems Regulator into the Financial Conduct Authority marks the extent of that growth. Payment service providers (PSPs) will need to adopt higher standards of governance and risk management to meet all regulatory expectations – from Consumer Duty to operational resilience to wind-down planning. This includes proactive horizon scanning and enhanced control to prevent, monitor and respond to cyber-attacks and fraudulent activity. Increased scrutiny is already apparent through a high volume of section 166 reviews, with 52 PSPs reviewed from January 2020 to October 2024.

Meeting emerging regulatory requirements is no mean feat, but payments activities are also inherently tied with emerging technology. Firms must be responsive to evolving trends, with scalable processes to meet the growing volume of transactions. They’ll also need to guard against digital exclusion to ensure innovation doesn't leave some customers behind. 

Increased regulatory scrutiny 

In relation to the regulatory supervision of payments firms, the FCA’s Dear CEO portfolio letter (from February 2025), highlighted key areas of focus for the sector, namely: 

• competition and innovation, in line with the Consumer Duty requirements 
• integrity of the financial system, through robust financial crime and operational resilience controls
• keeping customer money safe through appropriate safeguarding, wind-down planning and prudential risk management. 

This aligns with the National Payments Vision, unveiled by HM Treasury in November 2024, which set out ambitious plans for a world-leading, customer-centric payments ecosystem using next-generation technology.

To achieve this, payments services firms need to leverage the power of emerging technology, underpinned by effective governance, oversight and leadership. This includes effective use of AI to enhance operational efficiency, improve customer experience and prevent fraud. Crucially, this approach can also reduce the cost of compliance, which can (in time) remove barriers to entry and boost competition across the sector. 

Consumer Duty 

Last year’s multi-firm review by the FCA highlighted significant areas for improvement for payment services providers, with only 50% meeting Consumer Duty expectations. With implementation now two years in, it’s vital for firms to be able to show that they have fully embedded its principles, recognising that it’s a not simply a set of rules, but a regulatory philosophy. Firms must know what ‘good outcomes’ are from their products and services, and be able to measure whether these are being achieved. Demonstrating that you’re not generating poor outcomes or customer harm isn’t enough. 

There are two important elements to note here: 

Consumer Duty is non-prescriptive 

As such, there isn’t a one size fits all approach, and firms are taking time to establish good practice for their products and customers within their unique operating environments. Payments firms need to think about evidencing good customer outcomes, product governance and fair value – and what they mean in the context of their specific business activities.

Consumer Duty is a core element of the FCA’s simplification agenda 

The FCA is cutting back, simplifying or clarifying some of the more prescriptive elements of its handbook, and falling back on Consumer Duty as a safety net. So, taking the time to hone implementation will help with broader regulatory compliance.

For payments firms, the FCA is particularly interested in customer understanding and pricing, particularly in international payments. It published good and poor practices in May 2025 and is planning further work in this space. Firms need to make sure their communications are clear, and that they have cause to be confident that customers genuinely understand them. All costs should be fully and transparently disclosed (including third-party fees) and ‘zero fee’ claims must not be misleading.

Operational resilience

The final operational resilience deadline was in March 2025, and by now payments and e-money firms should have a robust working framework to effectively manage and recover from service outages. This includes mapping important business services, establishing contingency plans, reviewing exit agreements and effective scenario testing to assess tolerance limits. Firms should continue to embed these resilience activities into business-as-usual activities.

The FCA has also published CP24/28 on operational incident and third-party reporting, with final rules due later this year. Under the new rules, payment service providers must report operational incidents where they could cause consumer harm, affect market integrity or impact safety and soundness of the firm or the wider market. Electronic money institutions (EMIs) and authorised payment institutions (APIs) will also need to inform the FCA, and maintain a register of material third-party arrangements with appropriate controls in place.

Safeguarding customer funds 

In August 2025, the FCA published PS25/12 on safeguarding customer funds. Following extensive industry feedback, the policy statement has deferred the end-state (post-repeal) rules (subject to further review and industry consultation) while the FCA considers some of the more contentious changes outlined in CP24/20 – notably statutory trust arrangements and immediate segregation.  

A supplementary regime will apply to payments firms from 7 May 2026. The post-repeal regime is subject to further consultation, and its implementation date will depend on the Treasury’s timeline to repeal and replace the Payment Services Regulations 2017 (PSR) and the Electronic Money Regulations 2011 (EMR). Payments firms should be undertaking a thorough gap analysis of the new requirements and proactively engaging with registered audit firms in respect of the mandatory annual audit requirement, particularly where they have previously engaged with consultancy firms for such audits.

Safeguarding customer funds

Safeguarding 2.0: FCA’s proposals for payment firms

Read more

Wind-down planning

In June 2025, the FCA published its findings from a multi-firm review of risk management and wind-down planning at e-money and payments firms. While firms have attempted to implement risk management frameworks, these often don’t reflect the complexity of their activities. The FCA noted the following: 

• risk management approaches need to be more comprehensive and encompass enterprise-wide frameworks, liquidity risk and group risk
• wind-down plans (WDPs) need more detail and better integration with risk management frameworks to consider operations, residual safeguarded funds, liquidity needs and wind-down triggers.

Effective wind-down plans must be practical and actionable to help firms exit the market in an orderly manner, should the need arise. The FCA will continue to engage with the sector to maintain appropriate standards, particularly in response to specific risk indicators they perceive. 
Crucially, firms shouldn’t view wind-down planning as a ‘once and done' exercise. Rather, wind-down plans should be prepared and regularly assessed alongside (and as part of) the firm’s evolving risk management framework, ensuring they align with regulatory expectations and operational realities.

Balancing growth and risk

Wind-down planning for payments firms

Read more

Contactless payment limits 

In September 2025, the FCA announced plans to remove the limit for contactless payments to support the Government’s growth agenda (CP25/24). The move follows March’s engagement paper, and is an increase from: a £100 single payment limit; £300 across several payments; or five consecutive contactless transactions. 

These limits were enabled by an exemption under Article 11 of SCA-RTS, which the FCA plans to amend to support limitless card payments with the caveat that the PSP must identify ‘the risk of a payment transaction to be low’. This is supported by the Payment Services Regulations 2017 (Regulation 106A), requiring firms to establish appropriate security for payment service users and providers.

Payment Systems Regulator consolidation into the FCA

In March 2025 the UK Government announced that the Payment Systems Regulator (PSR) will be merged into the FCA, as part of wider efforts to streamline regulatory frameworks. It also reflects the increasingly blurred boundary between payment services and the broader financial sector, including the role of fintechs, non-bank PSPs and ‘big tech’ in payments infrastructure.

The underlying legislative changes and practical implementation will take time, but the PSR, FCA and Bank of England are already working together closely to ensure a smooth transition.  

Digital wallets 

In February 2025, the FCA and PSR published a joint report on the growing role of digital wallets, such as Apple Pay and Google Pay. Accounting for nearly 30% of UK card transactions in 2023 (up from 8% in 2019), the regulators are concerned over four main issues.

Limited competition for choice of wallets 

Digital wallets are primarily tied to specific smartphone platforms, so consumer choice is limited by mobile market leaders. There are also competition concerns over blocking third party access to the near-field communication (NFC) chip, limiting the use of non-proprietary wallets. 

Limited competition for underlying payment systems 

This type of digital wallet contains online versions of debit, credit or prepaid cards. Customers can’t currently add crypto currency or open banking account-to-account (A2A) payments, limiting consumer choice. 

Operational resilience 

This is crucial as disruption to digital wallets could have serious implications for users, particularly if they lack access to physical cards or cash. 

Lack of FCA supervision 

Moving digital wallets within the FCA’s perimeter could provide greater oversight over security and operational resilience.   

The regulators are working with the Competition and Markets Authority (CMA) to explore the above issues.

Payment and E-money Special Administration Regime Review 

The Payment and Electronic Money Special Administration Regime (PESAR) was introduced in the UK under the Payment Electronic Money Institution Insolvency Regulations 2021. The PESAR aims to streamline the insolvency process for payment and e-money firms, ensuring a quicker and more efficient process for returning customer funds, improving communication with regulators and preserving business operations, where possible. 

In December 2024, the Treasury launched an independent review of PESAR to assess its effectiveness and whether it meets its intended objectives, including the timely return of funds to customers. The review will also consider the regime’s suitability for larger firms and its interaction with other jurisdictions. Interim findings were due by 30 September 2025, but at the time of writing haven’t yet been published. The final report is currently still due by the end of the year. 

ISO 20022 adoption 

Payment messages have traditionally been communicated using legacy MT formats; ISO 20022 replaces these with structured, XML-based messages that support richer data, global interoperability, and intelligent, automated processing. With the end of the ISO 20022 coexistence period approaching in November 2025, the UK payments landscape is undergoing a major transformation, particularly in CHAPS and cross-border transactions.

Since May 2025, enhanced data requirements such as legal entity identifiers (LEIs) for financial institutions and purpose of payment (PoP) codes for CHAPS payments have become mandatory, alongside hybrid structured address formats that include town and country fields.  

By November 2025, legacy SWIFT FIN MT messages will be retired, and all cross-border payments must use ISO 20022 MX formats. Structured address data will be required for CHAPS payments, and bank statements will transition from MT940/950 to CAMT.053 formats for improved reconciliation. 

Across the payments ecosystem, institutions are ensuring their systems can handle these new structured data, support CAMT integration, and align with new data governance standards. Firms are building forward thinking strategic solutions as unstructured addresses will be fully decommissioned by November 2026, and structured remittance information will become mandatory by November 2027.  

These changes are critical for the efficient operations of payment systems and not only demand compliance but also offer opportunities for enhanced automation, fraud detection, and better customer experience through richer data and more efficient processing. 

APP reimbursements 

In October 2024, the PSR introduced mandatory reimbursement policies (Specific Direction 20) for victims of authorised push payment (APP) fraud. Applying to all payment service providers using CHAPS and FPS, the measures aim to protect consumers, microenterprises and charities by mandating reimbursement for victims of APP fraud up to £85,000, unless the customer was grossly negligent or involved in the fraud (first-party fraud). The cost of reimbursement is split equally between the sending and receiving PSPs. 

The scope of the reimbursement regime doesn’t cover civil disputes, payments that take place on BACS, or international payments, such as those within the Single Euro Payments Area. Under the new rules, PSPs must reimburse consumers within five business days, but they can pause the timeline while seeking additional information.

The PSR’s published data shows that during the first nine months following implementation, 88% of money stolen through in-scope APP fraud was returned to victims (worth around £112 million). The final quarter of 2025 will see the PSR commence an independent post implementation review to assess the overall impact and effectiveness of the new rules, alongside related anti-fraud policies (the balanced scorecard, confirmation of payee and delayed payments legislation). This is likely to be published sometime in H1 2026.

Safe use of AI

In September 2025, the FCA published an update on its oversight of AI use across the financial sector, confirming that it has no plans to introduce additional regulations in that space. It remains product-agnostic and continues to encourage firms to explore the safe use of AI, in line with its five core principles. 

When adopting AI, it’s essential to take a strategic approach, starting with pilot projects to test the technology's effectiveness before scaling up. Firms can make use of FCA initiatives such as the Supercharged Sandbox, AI Lab, and Innovation Pathways to safely develop and test new AI use cases.

As AI becomes an increasingly important element of the business and compliance landscape, payments firms need to consider the impact of AI outages on operational resilience, and ensure robust third-party oversight, where relevant. Over time, the Treasury could designate some AI providers as critical third parties, so it’s essential to factor in resilience by design throughout adoption.

Open finance 

The UK is adopting open finance, allowing customers to share their data with a range of financial services providers for smoother support for mortgages, SME lending, insurance and investment management, among others. Unlike open banking, this isn’t mandated as yet, but it’s likely in the future to prevent a fragmented market.

In the FCA’s FS25/4, published in August 2025, it confirmed that while it will be the lead regulator, a future not-for-profit entity will set open finance standards and monitor API performance. Ongoing work in this space includes a research note published in October 2025, the Smart Data Accelerator (which launched in September), and two further sprints planned in November 2025 and February 2026 to bolster collaboration. The combined output from this work will feed into the FCA’s Open Finance Roadmap, which is due by the end of March 2026. 

PSD3 

PSD3 is being implemented across the EU, alongside a new Payment Services Regulation, and is expected to be rolled out in 2026. It broadly aligns with existing UK payments practices, but UK businesses will need to ensure that their EU entities comply. It aims to boost access to payments systems and promote a more level playing field for innovation, while reducing fraud. Key elements include new authorisation requirements, clearer strong customer authentication expectations and changes to capital requirements.

For further information on the payments sector, get in touch with our team.