Payments Regulation
Specialist advice for payment firms, fintechs and infrastructure operators
If you handle customer funds, process payments, or issue electronic money, FCA authorisation and ongoing regulatory compliance are not optional. Payments regulation in the UK is governed by the Payment Services Regulations 2017, the Electronic Money Regulations 2011 and the supervisory frameworks of the FCA and PSR. Bratby Law advises payment firms, fintechs and infrastructure operators on authorisation, safeguarding, scheme governance, operational resilience and Consumer Duty. Rob Bratby serves as General Counsel at UK Payments Initiative Limited, the operator of the commercial variable recurring payments scheme, giving the practice direct operational exposure to how payments regulation works in practice.
The regulatory framework
The Payment Services Regulations 2017 form the backbone of UK payment services regulation. Payment institutions and e-money issuers must obtain FCA authorisation. The regulations set conduct requirements, safeguarding requirements for customer funds (regulations 23–25), and operational resilience standards. The Electronic Money Regulations 2011 impose parallel safeguarding obligations on e-money issuers (regulations 20–22). The FCA enforces the Consumer Duty regime under PRIN 2A, which requires payment firms to deliver fair value and put customer interests at the centre of decision-making.
Designated payment systems are regulated by the Payment Systems Regulator under the Financial Services (Banking Reform) Act 2013. The PSR sets access rules, interoperability requirements and governance standards. The FCA’s operational resilience regime requires payment institutions to identify, measure and manage operational resilience across their business. The Financial Services and Markets Act 2023 introduced a critical third parties regime that may capture systemically important payment service providers.
The regulatory environment is in active transition. HM Treasury has proposed consolidating the PSR’s functions into the FCA. The FCA’s CASS 15 supplementary regime (PS25/12) specifies how firms must discharge those statutory safeguarding obligations, imposing daily reconciliation, monthly returns, annual third-party audits and resolution packs. The mandatory reimbursement regime for authorised push payment fraud requires payment firms to compensate victims. Open banking is transitioning from an interim framework to a statutory regime, with commercial variable recurring payments being implemented. These reforms are reshaping the regulatory obligations and commercial environment for every payment firm in the UK.
What we advise on
Our payments regulation services cover authorisation, compliance and transactions.
Why payments regulation matters
Payments regulation determines product design, operational capability and competitive positioning. Payment firms compete on speed, cost and user experience, but regulatory compliance shapes the boundaries of what is possible. Firms that treat compliance as a cost centre rather than an operational design question fall behind. Regulatory authorisation is not a one-time event; it is the foundation for every new product, market entry and partnership. PE investors in payments businesses need due diligence that goes beyond the compliance manual: they need to understand the regulatory risk profile, the cost of implementation and the sustainability of the operating model. Understanding how regulators think, how operators work, and how deals are structured is the foundation of effective advice.
Our unique perspective on payments regulation
Bratby Law’s payments regulation advice is anchored in three distinct perspectives.
The Regulator’s Perspective
Rob Bratby spent a year on secondment to Oftel from Baker and McKenzie. That experience of working inside a regulator applies directly to engagement with the FCA and PSR: understanding regulatory priorities, how they assess compliance, and when to push back. Regulators in telecoms and payments share institutional assumptions and procedural approaches. Insight from one transfers to the other.
The Operator’s Perspective
Rob Bratby serves as General Counsel at UK Payments Initiative Limited, the operator of the commercial variable recurring payments scheme. That role gives him direct operational exposure to scheme governance, FCA engagement, safeguarding, and the commercial dynamics of running a regulated payments business. He also holds fractional GC appointments at TOTSCo, TelXL and Core Communication. These are not advisory relationships: they involve day-to-day responsibility for regulatory compliance.
The Advisor’s Perspective
Rob Bratby has spent 30 years advising on regulated sectors at leading UK and US City law firms. His payments practice covers authorisation, safeguarding, scheme governance, open banking and enforcement. He advises payment firms, fintechs and infrastructure operators on the FCA and PSR regulatory framework, combining legal analysis with practical understanding of how payments businesses operate.
This combination of regulator, operator and advisor perspective gives clients access to practical, confident payments regulation advice grounded in how the FCA, PSR and payment firms actually operate.
Our payments regulation credentials
Chambers UK ranks Bratby Law in Band 2 for Telecoms Regulation, reflecting the firm’s cross-disciplinary strength across telecoms, data and payments. The Legal 500 ranks Rob Bratby as a Leading Partner. Lexology recognises him as a Global Elite Thought Leader. His payments regulation practice is anchored by his General Counsel appointment at UK Payments Initiative Limited, with additional fractional GC appointments at TOTSCo, TelXL and Core Communication providing continuous operational exposure to regulated businesses.
Why a specialist boutique?
Payments regulation is a sufficiently specialised field that expertise is concentrated in a small number of practitioners. Most general financial regulatory practices treat payments as a sub-category within a broader FS mandate.
| Factor | Bratby Law | Full-service financial regulatory practices |
|---|---|---|
| Regulatory insider perspective | UKPI General Counsel appointment and Oftel secondment give direct operational and regulatory insight. | Advisory-only perspective. Limited exposure to how payments regulation operates within live businesses. |
| Payments focus | Specialist practice with deep expertise across PSRs 2017, EMRs 2011, safeguarding, scheme governance, Consumer Duty and operational resilience. | Payments sits within a broad financial regulatory practice covering banking, insurance, wealth management and markets. |
| Senior partner delivery | Advice delivered by Rob Bratby, Managing Partner with 30 years’ experience. No delegation. | Work typically staffed with associates. Senior partner involvement limited and expensive. |
| Cost and engagement flexibility | Boutique pricing. Fractional GC arrangements available for ongoing payments regulatory support. | Full-service billing rates. Payments advice priced as part of a broader FS mandate. |
| Operator-side experience | Direct operational participation through UKPI GC role. Real-time exposure to scheme governance, rule-making and regulator engagement. | No operator-side roles. All insight is advisory. |
Recent payments regulation insights
- AI in legal practice: what I tried, what broke, and what I built
- Merchant interchange fees: CAT Trial 2 pass-on findings and the PSR cross-border cap judicial reviews
- SM&CR reform and payment firms: scope before substance
Related insight
The hidden architecture of UK open banking: how the directory, dispute management system and API standards built under the Retail Banking Market Investigation Order 2017 have become the UK’s durable competitive advantage.
How we work
Bratby Law works with clients in three ways: as direct legal advisors on specific matters, as specialist co-counsel supporting other legal teams, and as fractional general counsel on a longer-term retained basis. Each model delivers partner-level input without delegation.
Independent directory rankings
Our specialist expertise is recognised in major independent legal directories:
- Chambers & Partners: Rob Bratby is ranked as a band 2 lawyer in the UK Guide 2026 in the “Telecommunications” category: Chambers
- The Legal 500: Rob Bratby is listed as a “Leading Partner – Telecoms” in London (TMT – IT & Telecoms): The Legal 500
- Lexology: Rob Bratby is featured on Lexology’s expert profiles as a Global Elite Thought Leader for data: Lexology
Need specialist payments regulation advice?
Frequently asked questions about payments regulation
Who regulates payment services in the UK?
The FCA regulates payment institutions and e-money issuers, setting conduct and safeguarding standards. The PSR regulates designated payment systems, setting access and governance rules. The Bank of England has macroprudential oversight of payments infrastructure. HM Treasury sets the overall policy framework. The PSR’s functions are being consolidated into the FCA.
Do I need FCA authorisation to provide payment services?
It depends on whether your service falls within the definition of a payment service under the Payment Services Regulations 2017. Payment services include money remittance, payment accounts, payment execution, credit transfers, direct debits and payment cards. We advise on regulatory perimeter analysis to determine whether authorisation is required.
What is the difference between the FCA and the PSR?
The FCA regulates individual payment institutions (firm-level regulation). The PSR regulates payment systems themselves (system-level regulation). A payment firm may be regulated by the FCA for conduct and safeguarding, and by the PSR if it operates or participates in a designated payment system. The two regulators’ functions are being consolidated.
What safeguarding requirements apply to payment firms?
The statutory obligation to safeguard customer funds derives from the Payment Services Regulations 2017 (regulations 23–25) and the Electronic Money Regulations 2011 (regulations 21–22). These require firms to segregate relevant funds in designated accounts or cover them by insurance or guarantee. The FCA’s CASS 15 supplementary regime (PS25/12) specifies how firms must operationally comply: daily bank reconciliation, monthly safeguarding returns, annual third-party audits, resolution packs and a designated senior individual. CASS 15 does not create new safeguarding obligations; it prescribes how firms discharge existing ones.
What is a commercial variable recurring payment?
A commercial variable recurring payment allows a consumer to authorise a merchant to vary the payment amount in recurring transactions without requiring new Strong Customer Authentication for each payment. The UKPI scheme is now operational. Participation is voluntary under the interim framework; mandatory participation is expected under the statutory framework.
Does DORA apply to UK payment firms?
The Digital Operational Resilience Act is EU legislation and does not apply directly to UK payment institutions. The UK has its own operational resilience framework, including the critical third parties regime under FSMA 2023, which imposes similar requirements but is not an implementation of DORA. UK firms with EU operations or clients may need to comply with DORA in that context. We advise on both UK operational resilience requirements and the interaction with DORA where relevant.
What does Consumer Duty mean for payment firms?
The FCA’s Consumer Duty requires payment firms to deliver fair value, act with integrity and put customer interests at the centre of decision-making. This applies to product design, pricing, communications and dispute resolution. We advise on Consumer Duty integration and product governance.
What is the regulatory perimeter for payment services?
The regulatory perimeter is the boundary between regulated and unregulated activity. A service that receives customer funds may require FCA authorisation as a payment institution or e-money issuer, or may be unregulated if customer funds are held by a regulated firm on your behalf. Regulatory perimeter analysis is the foundation of authorisation strategy.
When should I engage a specialist payments lawyer?
Early. Payment regulation intersects with product design, governance, operational capability and transaction structure. Engaging before you make product or business decisions allows you to design for compliance. Common trigger points include FCA authorisation applications, product launches, safeguarding changes, scheme participation and PE due diligence.
Also see
Our related pages on Telecoms Regulation, Data Protection and Transactions explore the intersections between payments regulation and these adjacent areas. For information about our engagement models, see How We Work. For commentary on current regulatory developments, see Insights. For analysis of the regulatory questions raised by autonomous agents initiating payments, see Agentic AI and Payments: Can an AI Agent Consent to a Payment?