Regulatory Briefings

Future of Payments and Regulatory Compliance

The CBI's RSO is a direct statement of supervisory intent. This briefing covers all five focus areas, Finvisor's independent assessment, and the questions your Board, CEO, and Head of Compliance should be asking now.

A Sector in Transformation — and the Regulatory Frameworks Trying to Keep Pace

The payments sector is undergoing its most significant structural shift in a generation. New entrants, new technologies, and new business models are reshaping how money moves globally. Regulators across the EU and UK are responding — not by slowing innovation, but by raising the bar for the firms that want to participate in it.

For payment institutions, e-money firms, and the fintechs building on top of them, the message from regulators in 2026 is consistent: scale responsibly, govern properly, and demonstrate that your compliance framework is built for the business you are running today — not the one you launched three years ago.

This briefing sets out the key regulatory developments shaping the future of payments, what they mean for your firm, and where compliance teams should be focusing their attention now.

The Regulatory Landscape Is Shifting Simultaneously on Multiple Fronts

The challenge for payments compliance teams in 2026 is not a single incoming regulation. It is the convergence of several major frameworks arriving at the same time, each with material implications for how payment firms operate, govern, and report.

The firms that will navigate this successfully are those that treat regulatory change as a strategic input — not a compliance deadline to be managed at the last minute.

PSD3 and the Payment Services Regulation

The EU's revised payments framework — PSD3 and the accompanying Payment Services Regulation — represents the most significant overhaul of payments regulation since PSD2. Final adoption is expected in mid-2026, with the PSR applying 18 months after publication.

What is changing:

  • IBAN verification obligations will require payment service providers to verify that the name and account number provided by a payer match before executing a transfer. This has significant operational and technical implications for payment processing infrastructure.
  • Open banking reform strengthens the rights of third-party providers and introduces new requirements for access to payment account data. Firms that have treated open banking as a peripheral concern will need to reassess.
  • Fraud liability frameworks are being revised to clarify liability between PSPs and customers in cases of authorised push payment fraud. The direction of travel is toward greater PSP accountability.
  • Licensing harmonisation across EU member states aims to reduce the fragmentation that has made passporting operationally complex for many payment firms.

What your firm should be doing now:

  • Conduct an impact assessment against your current product set and payment flows
  • Engage your technology and operations teams on IBAN verification requirements
  • Review your fraud liability policies and customer communication frameworks
  • Monitor the finalisation of technical standards from the EBA

Digital Assets and the Payments Infrastructure Intersection

The boundary between traditional payment services and digital asset activity is narrowing. MiCAR-authorised crypto-asset service providers are increasingly offering payment-adjacent services. Payment institutions are exploring stablecoin settlement rails. Central bank digital currencies are moving from research to pilot.

For compliance teams, this convergence creates a new category of regulatory complexity — firms that operate across both frameworks must satisfy two distinct regulatory regimes simultaneously, often with different supervisory expectations and reporting obligations.

Key developments to monitor:

  • Stablecoin regulation under MiCAR is now live. Asset-referenced tokens and e-money tokens are subject to specific authorisation, reserve, and redemption requirements. Payment firms exploring stablecoin rails need to understand where their activity falls within the MiCAR framework.
  • CBDC pilots across the EU and UK are generating supervisory guidance on how digital central bank money will interact with existing payment infrastructure. While commercial rollout remains some years away, the operational implications for payment firms are significant.
  • Interoperability standards between traditional payment rails and blockchain-based settlement are emerging. Firms building on these rails now will be shaping their compliance obligations for the next decade.