top of page

What Regulations Apply to Payment Institutions in the UK? (2026)

  • 4 days ago
  • 6 min read
What Regulations Apply to Payment Institutions in the UK? (2026)

What Regulations Apply to Payment Institutions in the UK? (2026)

Payment institutions in the United Kingdom are regulated by the Financial Conduct Authority, principally under the Payment Services Regulations 2017. Sitting alongside that core regime are the safeguarding rules, strengthened from 7 May 2026 under Policy Statement PS25/12; the Money Laundering Regulations 2017; the FCA's Principles for Businesses and the Consumer Duty; operational resilience requirements; and, for firms that also issue electronic money, the Electronic Money Regulations 2011. Together these instruments govern how a payment institution is authorised, capitalised, governed, supervised and held to account. Understanding the full framework, rather than only the authorisation requirements, is essential, because supervision and enforcement focus heavily on the ongoing obligations.


This guide sets out the regulations that apply to UK payment institutions, what each requires, and how they fit together.


Who regulates payment institutions in the UK

The Financial Conduct Authority authorises and supervises payment institutions. Firms are authorised as Authorised Payment Institutions or, where their payment volumes are below the relevant threshold, registered as Small Payment Institutions. Systemically important payment systems are additionally overseen by the Bank of England and the Payment Systems Regulator, but for the great majority of firms the FCA is the day-to-day regulator, and its expectations are set out in the Handbook and in its approach document, Payment Services and Electronic Money: Our Approach, the current version of which was published in March 2026.


The core legislation

Several instruments form the backbone of the regime. The Payment Services Regulations 2017 are the primary source: they define the payment services that fall within scope, set the authorisation requirements, and impose conduct, safeguarding and capital obligations. The Electronic Money Regulations 2011 apply additionally to firms that issue electronic money. The Money Laundering Regulations 2017 impose anti-money-laundering and counter-terrorist-financing obligations. Over the top of these sit the FCA's Principles for Businesses, including the Consumer Duty in PRIN 2A, and the relevant Handbook sourcebooks governing systems and controls, reporting and complaints. The FCA's perimeter guidance at PERG 15 helps firms determine whether their activities require authorisation in the first place.


The key obligations at a glance

The regulations translate into a set of ongoing obligations that a payment institution must meet throughout its life, not merely at authorisation.

Area

What it requires

Safeguarding

Segregate and protect customer funds; from 7 May 2026, enhanced reconciliation, monthly returns, an annual safeguarding audit and a resolution pack under PS25/12

Capital and own funds

Initial capital of £20,000 to £125,000 for an Authorised Payment Institution depending on services, plus ongoing own funds calculated under an FCA-assigned method

Governance

Fit-and-proper management, clear allocation of responsibilities, and approval of key individuals

Financial crime

A risk-based anti-money-laundering programme, customer due diligence, transaction monitoring, suspicious activity reporting and a nominated officer

Consumer Duty

Act to deliver good outcomes for retail customers, with an annual board report

Conduct of business

The conduct requirements in the Payment Services Regulations, strong customer authentication, and complaints handling with access to the Financial Ombudsman Service

Operational resilience

Identify important business services, set impact tolerances, and test and map them

Reporting

Regular returns through the FCA's systems, and notifications of material changes and incidents


Safeguarding and PS25/12

Safeguarding is the FCA's central prudential concern for payment firms, because the protection of customer funds is what determines whether customers are made whole if a firm fails. The Payment Services Regulations require firms to segregate and protect the funds they hold. From 7 May 2026, the Supplementary Regime introduced by Policy Statement PS25/12 substantially strengthens these arrangements, adding enhanced reconciliation, a monthly safeguarding return, an annual safeguarding audit for firms above a £100,000 threshold, and a resolution pack. Firms holding customer funds must comply, and getting safeguarding wrong is the most common route to FCA intervention.


Capital and own funds

An Authorised Payment Institution must hold initial capital set according to the services it provides: £20,000 for money remittance only, £50,000 for payment initiation services, and £125,000 for services such as executing payment transactions, issuing payment instruments and merchant acquiring, with the highest applicable tier applying where services span more than one band. On an ongoing basis, the firm must maintain own funds calculated under one of the methods the FCA assigns having regard to the firm's business and scale, and additional capital may be required where the firm's risk profile or volumes justify it. Small Payment Institutions are not subject to the initial capital requirement, but they face a volume cap and lighter permissions.


Financial crime, conduct and the Consumer Duty

Payment institutions are subject to the Money Laundering Regulations 2017 and must operate a risk-based anti-money-laundering programme, including a business-wide risk assessment, customer due diligence, ongoing monitoring, suspicious activity reporting and a nominated officer. They must comply with the conduct-of-business requirements in the Payment Services Regulations, including strong customer authentication and fraud-prevention obligations, and must handle complaints in line with the FCA's rules, with unresolved complaints able to be referred to the Financial Ombudsman Service. Where they serve retail customers, they are subject to the Consumer Duty and must act to deliver good outcomes and produce an annual board report.


How Buckingham Capital Consulting can help

Buckingham Capital Consulting advises UK payment institutions on the full regulatory framework that applies to them, from authorisation through to ongoing compliance. We prepare FCA authorisation and registration applications, and we support firms with safeguarding under PS25/12, capital and own funds, financial crime frameworks, the Consumer Duty, operational resilience and regulatory reporting. We help firms understand not only how to become authorised but how to remain compliant, which is where supervision and enforcement are concentrated.


If you need to understand the regulations that apply to your payment business, or need support with authorisation or ongoing compliance, contact our team for an initial assessment.




Frequently asked questions

What is the main regulation for payment institutions in the UK?

The primary regulation is the Payment Services Regulations 2017, which the Financial Conduct Authority enforces. These regulations define the payment services that require authorisation, set the requirements for becoming an Authorised Payment Institution or Small Payment Institution, and impose the core conduct, safeguarding and capital obligations. Firms that also issue electronic money are additionally subject to the Electronic Money Regulations 2011. Over the top of these sit the FCA's Principles for Businesses, including the Consumer Duty, the Money Laundering Regulations 2017, operational resilience requirements, and the FCA's Handbook and approach document. The Payment Services Regulations are therefore the backbone, but a payment institution must comply with a wider framework of regulation, not that single instrument alone.


Do payment institutions have to safeguard customer funds?

Yes. Safeguarding customer funds is a fundamental obligation for payment institutions that hold those funds, and it is the FCA's central prudential concern for the sector. The Payment Services Regulations require firms to segregate and protect relevant funds, and from 7 May 2026 the Supplementary Regime under Policy Statement PS25/12 substantially strengthens these arrangements. The enhanced regime introduces improved reconciliation, a monthly safeguarding return to the FCA, an annual safeguarding audit for firms that safeguard more than £100,000, and a resolution pack demonstrating an orderly wind-down. Because safeguarding failures are the most common cause of consumer harm when a payment firm fails, they are also the most common trigger for FCA supervisory intervention, so firms must get this right.


How much capital must a payment institution hold?

An Authorised Payment Institution must hold initial capital determined by the services it provides: £20,000 where it provides money remittance only, £50,000 for payment initiation services, and £125,000 for services such as executing payment transactions, issuing payment instruments and merchant acquiring. Where a firm provides services spanning more than one band, the highest applicable tier applies. On an ongoing basis, the firm must maintain own funds calculated under a method the FCA assigns according to the firm's business model and scale, and the FCA may require additional capital where a firm's risk profile or transaction volumes justify it. Small Payment Institutions are not subject to the initial capital requirement, but they are limited by a volume cap and cannot provide certain services.


Does the Consumer Duty apply to payment institutions?

Yes, where a payment institution serves retail customers. The Consumer Duty applies across retail financial services and captures payment and e-money firms dealing with retail customers. Such firms must act to deliver good outcomes across the Duty's four outcomes, covering products and services, price and value, consumer understanding and consumer support, and must monitor the outcomes their customers actually receive. They must also produce and have their board approve an annual Consumer Duty report. Given that many customers of payment firms show characteristics of vulnerability, the FCA regards good outcomes in this sector as an important supervisory priority, and payment institutions should treat the Duty as a core, ongoing obligation rather than a one-off implementation exercise.


Are payment institutions subject to anti-money-laundering rules?

Yes. Payment institutions are subject to the Money Laundering Regulations 2017 and must operate a risk-based anti-money-laundering and counter-terrorist-financing programme. This includes maintaining a business-wide risk assessment, applying customer due diligence proportionate to risk, monitoring transactions on an ongoing basis, reporting suspicious activity, and appointing a nominated officer to oversee financial crime compliance. These obligations sit alongside the strong customer authentication and fraud-prevention requirements in the Payment Services Regulations. Financial crime compliance is a significant area of supervisory attention, and weaknesses in a firm's anti-money-laundering framework, such as a stale risk assessment or an under-resourced compliance function, are a frequent source of regulatory concern, so firms should ensure their programme is genuine, current and properly resourced.


 
 
bottom of page