FCA's 2025 Priorities for Payments Firms: What You Need to Know

The UK Financial Conduct Authority (FCA) has recently published its updated priorities for payments firms, providing crucial guidance on what is expected of Payment Institutions (PIs), Electronic Money Institutions (EMIs), and Registered Account Information Service Providers (RAISPs). These firms must align with the National Payments Vision, which aims to create a trusted and world-leading payments ecosystem that balances innovation, competition, and security. The FCA emphasises that while firms have made improvements in governance, risk management, and customer outcomes, significant work remains to be done to ensure a resilient and consumer-centric financial environment.

The FCA has set out three key objectives that payments firms must prioritise in order to align with regulatory expectations. First, firms must foster effective competition and innovation by developing solutions that truly meet customer needs, ensuring that services are accessible, efficient, and continuously evolving. The FCA has observed that while Open Banking and Open Finance are creating new opportunities, some firms still fail to act in the best interest of their customers, particularly in ensuring clarity around fees and pricing structures. Companies must ensure that their products and services consistently deliver good customer outcomes and are fully compliant with the Consumer Duty, which sets higher expectations for firms to prioritise consumer welfare. The FCA will closely monitor firms' implementation of the Consumer Duty and will take action where deficiencies are identified.

Second, firms must take robust measures to maintain the integrity of the financial system. This includes ensuring strong governance, effective oversight, and resilience against financial crime. The FCA is particularly focused on reducing fraud and has emphasised the need for firms to enhance their anti-money laundering controls, fraud detection systems, and overall financial crime prevention strategies. It is no longer sufficient to have basic fraud detection mechanisms; firms must now demonstrate an advanced approach that includes comprehensive transaction monitoring and timely reporting. Additionally, firms must comply with the new APP fraud reimbursement rules, which require them to take responsibility for fraud-related losses and ensure fair treatment of affected consumers. The FCA has made it clear that it will rigorously assess firms' compliance with fraud prevention obligations and take appropriate enforcement action where necessary.

Operational resilience is another critical focus area, as the FCA has observed that many firms lack the necessary oversight and preparedness to manage significant disruptions. Payment firms must ensure that their IT systems, cybersecurity measures, and third-party supplier management strategies are robust and resilient. The FCA has introduced new regulatory requirements that mandate firms to identify their important business services, establish clear impact tolerances, and conduct thorough testing to ensure they can withstand operational disruptions. The deadline for firms to implement these changes is March 2025, and those failing to do so risk severe regulatory consequences. Firms should also conduct regular stress tests, review their incident response plans, and engage in continuous improvement strategies to enhance resilience and responsiveness to emerging threats.

Third, the FCA has underscored the importance of keeping customer money safe, which remains a fundamental concern within the payments sector. Although improvements have been noted in financial resilience, the FCA continues to identify weaknesses in safeguarding practices. Firms must rigorously adhere to the safeguarding requirements set out in the Payment Services Regulations 2017 and the Electronic Money Regulations 2011. This includes correctly identifying and segregating customer funds, performing daily reconciliations, and ensuring that financial records are up-to-date and accessible. Firms that use safeguarding insurance must be mindful of potential changes in availability and costs and ensure that their policies align with regulatory guidance. The FCA is currently consulting on new safeguarding rules that will be introduced in two stages, with final interim rules expected to be published in mid-2025. Firms must begin preparing for these changes now to avoid compliance risks in the future. Furthermore, businesses should establish clear governance frameworks around their safeguarding practices, ensuring independent audits and transparent reporting mechanisms are in place.

In addition to these priorities, the FCA is urging firms to strengthen their governance, oversight, and leadership structures. Weaknesses in these areas have been identified as a root cause of many of the regulatory issues observed in the sector. Senior management and boards of directors must ensure that their governance arrangements are effective, provide independent challenge to business decisions, and actively oversee risk management strategies. The FCA expects non-executive directors to play a crucial role in ensuring accountability within firms. Furthermore, firms operating hybrid business models with multiple regulatory obligations must have robust internal controls to ensure compliance across all areas of their business. Companies should also invest in leadership training to ensure that key decision-makers fully understand and can effectively implement regulatory requirements, further strengthening compliance culture at all levels.

Looking ahead, the FCA is also preparing for significant changes in payments regulation, including the expansion of Open Banking, the replacement of Strong Customer Authentication (SCA), and the introduction of new operational resilience standards. Firms must actively engage with the regulator, respond to consultation papers, and participate in industry discussions to ensure that future regulations are practical and effective. The FCA has reaffirmed its commitment to working closely with the Payment Systems Regulator (PSR), the Bank of England, and other relevant authorities to ensure that the UK’s payments ecosystem remains secure, competitive, and conducive to growth. Organizations should take a proactive approach in adapting to these shifts by continuously reviewing their compliance strategies, engaging with industry bodies, and leveraging technology to streamline adherence to evolving regulatory standards.

The FCA's updated priorities signal a clear message to payments firms: maintaining high regulatory standards is not optional, and failure to meet these expectations will result in enforcement action. Firms must proactively assess their compliance with these requirements, invest in strengthening their risk management frameworks, and take a customer-centric approach to innovation. The payments sector is evolving rapidly, and those that embrace regulatory best practices will be best positioned for long-term success. Proactive firms will not only reduce regulatory risk but also build stronger customer trust, enhance operational efficiency, and create sustainable growth opportunities in a competitive financial landscape.