Global regulations for PSPs: What you need to know

In a world of increased scrutiny and digital complexity, it’s no easy feat for global payment firms to remain compliant. As we move into 2026 and beyond, they need to shift from basic anti-money laundering (AML) and know your customer (KYC) checks to a more rigorous, consumer-centric model. 

Essentially, payment service providers (PSPs) are required to complete comprehensive customer due diligence (CDD) to combat financial crime and protect the integrity of the financial system. 

Because these rules vary across jurisdictions, international regulators have updated their frameworks, using a risk-based approach, to address new complex business models. For PSPs, staying compliant now requires navigating a high-speed environment defined by instant settlement and regulated open finance.

By aligning operational frameworks with regulations, PSPs can better mitigate the rising costs of financial crime while leveraging innovative compliance systems. Let’s look at the current legal requirements across the UK, the EU, North America, and Asia-Pacific.

United Kingdom

The UK has shifted from a “best-efforts” compliance model to a mandatory reimbursement regime, fundamentally altering the obligations set out in the Payment Services Regulations 2017 (PSRs 2017). This shift places the financial burden of financial crime prevention directly on PSPs through the following mechanisms:

• APP reimbursement: Under recent amendments to the PSRs 2017, PSPs now have a direct financial liability and must reimburse victims of authorized push payment (APP) scams – incidents in which customers are deceived into authorizing transfers – within 5 business days. To incentivize more robust detection of financial crime networks, the reimbursement cost is split 50/50 between the sending and receiving firms.
• Payment delays: To help firms manage this new financial exposure, the Payment Services (Amendment) Regulations 2024 now grant PSPs the power to pause suspicious outbound transfers for up to four business days. This provides a vital legal “safe harbor” to investigate potential illicit activity without breaching the “timely execution” rules originally established in the 2017 Regulations.
• Enhanced security requirements: The financial risk is further solidified by a new standard of caution, as the burden of proof falls exclusively on the PSP to prove that a non-vulnerable customer acted with “gross negligence” by ignoring these warnings. These interventions “must offer a clear assessment of the probability that an intended payment is an APP scam payment”.

European Union

The European Union is enhancing payment security and speed with a major regulatory overhaul. To create a single, consistent rulebook, the EU is replacing the second Payment Services Directive (PSD2) with the new Payment Services Regulation (PSR). This change introduces harmonized, legally-binding requirements for all 27 member states, including:

• The 10-second rule: Under the instant payments regulation (IPR), all PSPs in the Eurozone must ensure that euro-denominated instant transfers are processed and funds made available to the payee within 10 seconds, 24/7/365.
• Verification of payee (VoP): All PSPs are required to implement a service to verify whether the recipient’s name matches the provided IBAN before a transfer is authorized, providing the payer with an “exact match,” “close match,” or “no match” notification. Notably, this applies to both instant and standard credit transfers.

Meeting these new requirements, especially the 10-second rule, means firms can no longer rely on traditional batch-based screening. The industry is shifting to real-time, automated checks to detect sanctions and fraud instantly. This ensures security without the disruptive false positives that can harm the customer experience. A prime example of this shift in action is the global real estate software provider RealPage. 

“I am seeing the activity in close to real-time – seconds. I have worked with different software providers at different institutions, and the rapid response to alerts is the biggest benefit I have seen.”
Blanca Rojas, Transaction Risk Manager at RealPage

North America

Regulators in the US and Canada are working to balance two powerful forces: the market demand for faster, more open financial services and the critical need for stronger safeguards against financial crime. This has led to a wave of new regulations designed to manage the transition to real-time payments, secure open banking, and a regulated digital asset market.

US:

• A risk-based compliance philosophy: Recent updates to the Anti-Money Laundering Act of 2020 (AMLA) and Bank Secrecy Act (BSA) signal a major shift. PSPs are now expected to prioritize “high-value” enforcement areas defined by FinCEN, moving away from “checkbox” compliance toward a risk-based approach tailored to specific financial crime threats.
• Enhanced data security & modernization: Rule 1033 requires large financial institutions to provide secure API access. For PSPs, this means conducting financial crime risk assessments that align with this new risk-based approach, accounting for more transparent, standardized data streams.
• Real-time payment accountability: With the full adoption of FedNow, PSPs must support 24/7/365 instant settlement. This new velocity necessitates a shift to near-real-time transaction monitoring, as traditional batch-processing can no longer adequately manage risk in this environment.
• Stablecoin & digital asset oversight: Under the GENIUS Act, stablecoin issuers are now regulated at the federal level. To ensure solvency and prevent illicit financing, issuers must maintain 1:1 liquid reserves and undergo mandatory monthly public audits.

Canada:

• Consumer-Driven Banking Act (CDBA): Canada has entered the implementation phase of its open banking framework. While the initial focus is on secure “read-only” API access for the “Big Six” banks (RBC, TD, Scotiabank, BMO, CIBC, and National Bank) to eliminate risky screen-scraping practices, the framework is expanding to include “write-access” for payment initiation. This shift requires PSPs to implement robust liability and financial crime prevention protocols as they begin to initiate transactions directly on behalf of consumers.
• Real-time rail (RTR) and ISO 20022: Canada’s new real-time payment system, the RTR, is in a prolonged testing and implementation phase. Once launched, it will require all participants to adopt the ISO 20022 messaging standard, which provides the rich data necessary for automated AML reconciliation and more accurate screening of complex, high-velocity payments.
• Stablecoin regulatory framework: Following proposals in recent federal budgets, Canada is establishing a framework for stablecoins. Under this proposed regime, issuers would be supervised by a federal regulator (like the Bank of Canada), would be required to maintain 1:1 reserves in high-quality liquid assets, and would be prohibited from paying interest to token holders.

Asia-Pacific

To operate successfully in the Asia-Pacific (APAC) region, PSPs must navigate a distinct primary regulatory framework in each key market. Unlike the harmonized approach of the EU, APAC’s landscape is defined by strong, country-specific legislation. Here is a look at the cornerstone regulations in four major jurisdictions:

• Singapore: The cornerstone regulation is the Payment Services Act (PSA), which consolidated various frameworks into a single, activity-based license for all payment providers. It mandates high standards for consumer protection and AML/CFT, with recent amendments requiring digital payment token (DPT) providers to segregate customer assets in trust accounts.
• Australia: The main regulatory event is the government’s payments system modernization agenda, which significantly expands the definition of a PSP. Under the Treasury Laws Amendment (Payments System Modernisation) Act 2025, previously unregulated services like digital wallets and BNPL providers are now brought into the same regulatory perimeter as traditional banks.
• Hong Kong: The foundational law is the Payment Systems and Stored Value Facilities Ordinance (PSSVFO), which establishes the licensing and supervision framework for e-wallets and other retail payment systems. This has recently been complemented by the Stablecoin Ordinance, which specifically regulates the issuance of fiat-referenced stablecoins.
• Philippines: The primary legislation is the National Payment Systems Act (NPSA), which provides the Bangko Sentral ng Pilipinas (BSP) with the authority to oversee the entire payments ecosystem. A key initiative under this act is the BSP Open Finance Framework, which mandates API interoperability to foster competition and financial inclusion.

These shifting regulations demand more than just manual oversight; they require intelligent, scalable technology that can keep pace with 10-second payment windows and sophisticated financial crime. 

ComplyAdvantage provides the essential toolkit for the modern PSP, offering real-time AML screening, ongoing monitoring, payment screening, and seamless solutions that align with AML standards across the UK, EU, North America, and APAC. With powerful data-driven insights, you ensure your teams move from reactive tick-box compliance to a proactive strategy that keeps your firm resilient in an increasingly complex global market.