Payment Service Regulations

For payment service providers (PSPs) to connect merchants to the wider financial system, they must comply with relevant jurisdictional payment service regulations. Regulated payment services generally include provisions relating to payment accounts, executing payment transactions, issuing payment instruments, acquiring services, and typical open banking services. PSPs that do not comply with relevant regulations can face financial or criminal penalties.

What are payment service regulations?

Payment service regulations are the rules set out to ensure PSPs complete comprehensive due diligence to mitigate the risk of financial fraud. 

Payment service regulations differ across jurisdictions. Some countries and international bodies – including the European Union, Singapore, and Canada – have modernized their frameworks in recent years, using a risk-based approach to address new business models based on offering multi-faceted services subject to both overlapping regulations and, in places, gaps in regulatory oversight. 

Payment service regulations in the UK

The main piece of legislation governing payment services in the UK is the Payment Services Regulations 2017 (PSRs 2017). PSRs 2017 broadened the extent of payment services regulations in the UK and brought third-party payment service providers (TPPs) within the scope of regulation for the first time. 

To improve consumer protection and competition, PSRs 2017 also introduced changes to the way businesses manage client relationships, including client documentation and communicating with clients if a security incident occurs that might impact their financial interests. These changes not only brought regulations into line with developments in the market for payment services, but also introduced better assistance from PSPs to victims of fraud.  

In 2021, the UK’s regulator, the Financial Conduct Authority (FCA), set out a further set of rules to help protect customers from e-commerce fraud. As a result, strong Customer Authentication (SCA) will be expected of all banks and other payment service providers by the extended deadline of March 14th, 2022. 

Payment service regulations in the EU

Becoming law in 2018, the Second Payment Services Directive (PSD2) is an integral European regulation for electronic payment services that builds on the legislative framework set out by the previous Payment Services Directive established in 2009.

Promoting open banking and intending to improve consumer choice and reduce fraud, two of the directive’s main objectives relate to Strong Customer Authentication (SCA) and the emergence of new regulated PSPs. However, under the PSD2 TPPs are also able to access account information held by banks, mitigating their need to go through an intermediary service provider when they need to process a payment.

Although the UK left the European Union on December 31st 2020, PSD2 remains applicable in the UK as it was transposed into national law in 2017. As a result, the UK broadly aligns with the guidelines and recommendations in PSD2, in order to maintain steady relations with European financial institutions. 

Payment service regulations in the US

Payment service regulations in the US are distributed across multiple state and federal regulators, creating a patchwork of charters firms need to understand and adhere to. 

At the federal level, there are numerous agencies charged with regulating and overseeing financial institutions in the United States. These include the Federal Reserve Board (FRB), the Securities and Exchange Commission (SEC), and the Federal Deposit Insurance Corp. (FDIC).

Unlike the UK and the EU, the US has not yet developed or formalized a legal regime for “open banking”. However, the Biden administration is urging the Consumer Financial Protection Bureau (CFPB) to establish regulations that “allow customers to download their banking data and take it with them”. As a result, further payment service regulations are expected to come into effect, especially related to digital assets and FinTechs. 

Due to rapid technological advancement, updated payment service regulations can be expected to continue for the foreseeable as jurisdictions seek to enhance payment structures, improve payment efficiency and safety, and future-proof regulatory frameworks in a way that promotes innovation. 

Payment service regulations in Singapore

Regulated by the Monetary Authority of Singapore (MAS), the Payment Services Act (PSA) took effect in 2020 to create a safe, innovative environment for FinTechs in Singapore. 

The PSA combines the previous Payment Systems (Oversight) Act 2006 and the Money-Changing and Remittance Businesses Act 1979 to create an “omnibus framework”, which covers both new and traditional licensable payment activities. 

Before the PSA, virtual currencies, cryptocurrencies, and utility tokens had not been defined in legislation in Singapore. However, with the commencement of the PSA, “digital payment token exchanges” now require a payment institution license from MAS and must comply with a range of AML/CFT requirements.

Explore our anti-money laundering solutions

Screen payments and onboard customers faster with confidence with our AML solutions.

Learn about our AML solution