Payments Regulation
Specialist advice for payment firms, fintechs and infrastructure operators
Payments regulation in the UK is governed by the Payment Services Regulations 2017, the Electronic Money Regulations 2011 and the supervisory frameworks of the FCA and PSR. Bratby Law advises payment firms, fintechs and infrastructure operators on authorisation, safeguarding, scheme governance, operational resilience and Consumer Duty. Rob Bratby serves as General Counsel at UK Payments Initiative Limited, the operator of the commercial variable recurring payments scheme, giving the practice direct operational exposure to how payments regulation works in practice.
The regulatory framework
The Payment Services Regulations 2017 form the backbone of UK payment services regulation. Payment institutions and e-money issuers must obtain FCA authorisation. The regulations set conduct requirements, safeguarding requirements for customer funds, and operational resilience standards. The FCA enforces the Consumer Duty regime under PRIN 2A, which requires payment firms to deliver fair value and put customer interests at the centre of decision-making. Parallel requirements apply to e-money issuers under the Electronic Money Regulations 2011.
Designated payment systems are regulated by the Payment Systems Regulator under the Financial Services (Banking Reform) Act 2013. The PSR sets access rules, interoperability requirements and governance standards. The FCA’s operational resilience regime requires payment institutions to identify, measure and manage operational resilience across their business. The Financial Services and Markets Act 2023 introduced a critical third parties regime that may capture systemically important payment service providers.
The regulatory environment is in active transition. HM Treasury has proposed consolidating the PSR’s functions into the FCA. The FCA’s safeguarding regime imposes daily reconciliation, monthly returns, annual third-party audits and resolution packs on all firms holding customer funds. The mandatory reimbursement regime for authorised push payment fraud requires payment firms to compensate victims. Open banking is transitioning from an interim framework to a statutory regime, with commercial variable recurring payments being implemented. These reforms are reshaping the regulatory obligations and commercial environment for every payment firm in the UK.
What we advise on
Our payments regulation services cover authorisation, compliance and transactions.
Why payments regulation matters
Payments regulation determines product design, operational capability and competitive positioning. Payment firms compete on speed, cost and user experience, but regulatory compliance shapes the boundaries of what is possible. Firms that treat compliance as a cost centre rather than an operational design question fall behind. Regulatory authorisation is not a one-time event; it is the foundation for every new product, market entry and partnership. PE investors in payments businesses need due diligence that goes beyond the compliance manual: they need to understand the regulatory risk profile, the cost of implementation and the sustainability of the operating model. Understanding how regulators think, how operators work, and how deals are structured is the foundation of effective advice.
Our unique perspective on payments regulation
Bratby Law’s payments regulation advice is anchored in three distinct perspectives.
The Regulator’s Perspective
Rob Bratby spent a year on secondment to Oftel from Baker and McKenzie. That experience of working inside a regulator applies directly to engagement with the FCA and PSR: understanding regulatory priorities, how they assess compliance, and when to push back. Regulators in telecoms and payments share institutional assumptions and procedural approaches. Insight from one transfers to the other.
The Operator’s Perspective
Rob Bratby serves as General Counsel at UK Payments Initiative Limited, the operator of the commercial variable recurring payments scheme. That role gives him direct operational exposure to scheme governance, FCA engagement, safeguarding, and the commercial dynamics of running a regulated payments business. He also holds fractional GC appointments at TOTSCo, TelXL and Core Communication. These are not advisory relationships: they involve day-to-day responsibility for regulatory compliance.
The Advisor’s Perspective
Rob Bratby has spent 30 years advising on regulated sectors at leading UK and US City law firms. His payments practice covers authorisation, safeguarding, scheme governance, open banking and enforcement. He advises payment firms, fintechs and infrastructure operators on the FCA and PSR regulatory framework, combining legal analysis with practical understanding of how payments businesses operate.
This combination of regulator, operator and advisor perspective gives clients access to practical, confident payments regulation advice grounded in how the FCA, PSR and payment firms actually operate.
Our payments regulation credentials
Chambers UK ranks Bratby Law in Band 2 for Telecoms Regulation, reflecting the firm’s cross-disciplinary strength across telecoms, data and payments. The Legal 500 ranks Rob Bratby as a Leading Partner. Lexology recognises him as a Global Elite Thought Leader. His payments regulation practice is anchored by his General Counsel appointment at UK Payments Initiative Limited, with additional fractional GC appointments at TOTSCo, TelXL and Core Communication providing continuous operational exposure to regulated businesses.
Why a specialist boutique?
Payments regulation is a sufficiently specialised field that expertise is concentrated in a small number of practitioners. Most general financial regulatory practices treat payments as a sub-category within a broader FS mandate.
| Factor | Bratby Law | Full-service financial regulatory practices |
|---|---|---|
| Regulatory insider perspective | UKPI General Counsel appointment and Oftel secondment give direct operational and regulatory insight. | Advisory-only perspective. Limited exposure to how payments regulation operates within live businesses. |
| Payments focus | Specialist practice with deep expertise across PSRs 2017, EMRs 2011, safeguarding, scheme governance, Consumer Duty and operational resilience. | Payments sits within a broad financial regulatory practice covering banking, insurance, wealth management and markets. |
| Senior partner delivery | Advice delivered by Rob Bratby, Managing Partner with 30 years’ experience. No delegation. | Work typically staffed with associates. Senior partner involvement limited and expensive. |
| Cost and engagement flexibility | Boutique pricing. Fractional GC arrangements available for ongoing payments regulatory support. | Full-service billing rates. Payments advice priced as part of a broader FS mandate. |
| Operator-side experience | Direct operational participation through UKPI GC role. Real-time exposure to scheme governance, rule-making and regulator engagement. | No operator-side roles. All insight is advisory. |
Recent payments regulation insights
- PSR/FCA Consolidation: What Changes for Payment Firms and Scheme Participants
- What Do the FCA and PSR Regulate? A Guide to UK Payments Regulation
- Agentic AI and Payments: Can an AI Agent Consent to a Payment?
How we work
Bratby Law works with clients in three ways: as direct legal advisors on specific matters, as specialist co-counsel supporting other legal teams, and as fractional general counsel on a longer-term retained basis. Each model delivers partner-level input without delegation.
Independent directory rankings
Our specialist expertise is recognised in major independent legal directories:
- Chambers & Partners: Rob Bratby is ranked as a band 2 lawyer in the UK Guide 2026 in the “Telecommunications” category: Chambers
- The Legal 500: Rob Bratby is listed as a “Leading Partner – Telecoms” in London (TMT – IT & Telecoms): The Legal 500
- Lexology: Rob Bratby is featured on Lexology’s expert profiles as a Global Elite Thought Leader for data: Lexology
Ready to discuss your matter?
Frequently asked questions about payments regulation
Who regulates payment services in the UK?
The FCA regulates payment institutions and e-money issuers, setting conduct and safeguarding standards. The PSR regulates designated payment systems, setting access and governance rules. The Bank of England has macroprudential oversight of payments infrastructure. HM Treasury sets the overall policy framework. The PSR’s functions are being consolidated into the FCA.
Do I need FCA authorisation to provide payment services?
It depends on whether your service falls within the definition of a payment service under the Payment Services Regulations 2017. Payment services include money remittance, payment accounts, payment execution, credit transfers, direct debits and payment cards. We advise on regulatory perimeter analysis to determine whether authorisation is required.
What is the difference between the FCA and the PSR?
The FCA regulates individual payment institutions (firm-level regulation). The PSR regulates payment systems themselves (system-level regulation). A payment firm may be regulated by the FCA for conduct and safeguarding, and by the PSR if it operates or participates in a designated payment system. The two regulators’ functions are being consolidated.
What safeguarding requirements apply to payment firms?
All payment institutions and e-money issuers holding customer funds must implement daily bank reconciliation, file monthly FCA returns, commission annual third-party audits, maintain resolution packs and designate a named senior manager responsible for safeguarding. These are operationally demanding requirements.
What is a commercial variable recurring payment?
A commercial variable recurring payment allows a consumer to authorise a merchant to vary the payment amount in recurring transactions without requiring new Strong Customer Authentication for each payment. The UKPI scheme is now operational. Participation is voluntary under the interim framework; mandatory participation is expected under the statutory framework.
Does DORA apply to UK payment firms?
The Digital Operational Resilience Act is EU legislation and does not apply directly to UK payment institutions. The UK has its own operational resilience framework, including the critical third parties regime under FSMA 2023, which imposes similar requirements but is not an implementation of DORA. UK firms with EU operations or clients may need to comply with DORA in that context. We advise on both UK operational resilience requirements and the interaction with DORA where relevant.
What does Consumer Duty mean for payment firms?
The FCA’s Consumer Duty requires payment firms to deliver fair value, act with integrity and put customer interests at the centre of decision-making. This applies to product design, pricing, communications and dispute resolution. We advise on Consumer Duty integration and product governance.
What is the regulatory perimeter for payment services?
The regulatory perimeter is the boundary between regulated and unregulated activity. A service that receives customer funds may require FCA authorisation as a payment institution or e-money issuer, or may be unregulated if customer funds are held by a regulated firm on your behalf. Regulatory perimeter analysis is the foundation of authorisation strategy.
When should I engage a specialist payments lawyer?
Early. Payment regulation intersects with product design, governance, operational capability and transaction structure. Engaging before you make product or business decisions allows you to design for compliance. Common trigger points include FCA authorisation applications, product launches, safeguarding changes, scheme participation and PE due diligence.
Also see
Our related pages on Telecoms Regulation, Data Protection and Transactions explore the intersections between payments regulation and these adjacent areas. For information about our engagement models, see How We Work. For commentary on current regulatory developments, see Insights.