Payments Regulation
Senior advice on UK payments regulation for payment service providers, fintechs and scheme participants
Payments regulation in the UK is complex, multi-layered and changing rapidly. bratby.law is a specialist payments regulation lawyer advising on the full range of UK payments regulation, from PSRs 2017 authorisation and FCA compliance through to open banking, commercial variable recurring payments (cVRPs), scheme governance and operational resilience. The firm’s payments regulation practice is anchored by a current General Counsel appointment at UK Payments Initiative Limited, providing direct working engagement with the PSR, FCA and scheme governance frameworks.
The regulatory framework
UK payments regulation is primarily governed by the Payment Services Regulations 2017 (PSRs 2017), which transposed the EU’s revised Payment Services Directive (PSD2) into UK law. The PSRs 2017 establish the authorisation and supervision framework for payment institutions and e-money institutions, set conduct of business requirements, and regulate access to payment systems and accounts. HM Treasury is reviewing the PSRs 2017 as part of its Smarter Regulatory Framework programme, with firm-facing rules expected to move progressively into the FCA Handbook.
The Payment Systems Regulator (PSR) regulates payment systems designated under the Financial Services (Banking Reform) Act 2013. The Financial Conduct Authority (FCA) authorises and supervises payment service providers and e-money institutions. In March 2025, the government announced its intention to abolish the PSR and consolidate its functions within the FCA. HM Treasury consulted on the details in autumn 2025. Legislation is expected when parliamentary time allows, with a target of completing the transfer by end of 2026. The PSR’s current work programme continues and substantive regulatory obligations remain unchanged during the transition.
The EU’s Digital Operational Resilience Act (DORA) has applied since January 2025 and imposes ICT risk management, incident reporting and resilience testing obligations on financial entities operating within the EU, including payment institutions and e-money institutions. DORA does not apply directly in the UK, but UK-based firms with EU operations or serving EU clients must comply. The UK has its own operational resilience framework under FCA and PRA rules, supplemented by the Critical Third Parties regime under the Financial Services and Markets Act 2023, with the oversight regime operational from January 2025.
What we advise on
Our payments regulation services include:
Why payments regulation matters
The UK payments landscape is undergoing significant structural reform. The consolidation of the PSR into the FCA, the expansion of open banking through commercial VRPs, the FCA’s strengthened safeguarding regime and the growing influence of operational resilience requirements all create a regulatory environment that demands specialist advice to navigate. Payment service providers, fintechs, scheme operators and their investors need a payments regulation lawyer who understand both the regulatory framework and the commercial dynamics of the sector.
As a specialist payments regulation lawyer, bratby.law provides strategic, commercial and regulatory advice to help payments clients comply with current obligations, prepare for forthcoming reforms and structure commercial arrangements with confidence.
Our unique end-to-end perspective
Our payments regulation practice draws on a combination of regulatory, scheme operator and private-practice experience that is rare in this sector:
The Regulator’s Perspective
Work at Oftel, the predecessor to Ofcom, provides first-hand experience of how UK financial and communications regulation is developed, interpreted and enforced. That regulatory grounding informs our understanding of how the FCA and PSR approach supervision, enforcement and policy development in the payments sector.
The Operator’s Perspective
A current General Counsel appointment at UK Payments Initiative Limited provides direct operational insight into how payment schemes are designed, governed and regulated. Combined with senior in-house roles at COLT and embedded general-counsel positions within operator-side businesses, this gives practical understanding of how regulated businesses manage compliance, commercial risk and stakeholder engagement from the inside.
The Advisor’s Perspective
As a former partner and practice leader at international law firms in London and Singapore, Rob Bratby has advised regulated businesses, technology companies, investors and scheme participants on complex regulatory matters, cross-border transactions and multi-jurisdictional compliance programmes across the payments, telecoms and technology sectors.
This combination gives clients access to a payments regulation lawyer whose advice is legally rigorous, commercially aligned and technically grounded.
Our payments regulation experience
Rob Bratby holds a General Counsel appointment at UK Payments Initiative Limited (UKPI), a company established in 2025 to develop and deploy commercial variable recurring payment (cVRP) infrastructure in the UK. This makes bratby.law a payments regulation lawyer with direct, current engagement with the PSR, FCA, Pay.UK, scheme governance frameworks and the payments industry’s approach to open banking expansion. First live payments under the UKPI scheme are expected in 2026.
That operational grounding complements the firm’s advisory work for payment service providers, fintechs and technology companies navigating FCA authorisation, PSR obligations and open banking compliance. bratby.law is ranked in Chambers UK (Band 3, Telecommunications) and The Legal 500 (Leading Partner, Telecoms), and recognised by Lexology as a Global Elite Thought Leader in data and privacy.
Why a specialist boutique?
Payments regulation sits at the intersection of financial services law, technology and scheme governance. Most firms offering payments advice are either full-service financial regulatory practices without sector depth, City firms with high cost structures and delegated delivery, or international firms focused on cross-border compliance rather than UK operational detail. bratby.law offers a different model:
| bratby.law | Full-service or City firm |
|---|---|
| Current GC appointment inside a payments scheme operator | Advising payments firms without operational involvement |
| Specialist focus on UK payments, telecoms and data regulation | Broad financial services coverage with variable sector depth |
| Senior delivery on every matter, no delegation | Work delegated to teams of varying seniority and experience |
| Direct engagement with PSR, FCA and scheme governance frameworks | Regulatory knowledge based on secondary research or general practice |
| Predictable, flexible engagement models | Rigid structures, high minimum fees and process-driven delivery |
As a specialist payments regulation lawyer, bratby.law combines current scheme operator experience with regulatory depth and commercial pragmatism. Engagement models are flexible and predictable, including direct instruction, specialist co-counsel and fractional general-counsel support.
How we work
Clients work with bratby.law in three ways: direct matter-specific advice, specialist co-counsel support, and longer-term fractional general counsel engagements. Whether you need a payments regulation lawyer for a discrete authorisation question, an ongoing compliance programme or strategic scheme governance support, each model is structured to deliver senior, technically informed guidance aligned to commercial, operational and regulatory priorities.
Need advice on UK payments regulation?
Find out how we can help you meet your regulatory obligations, manage risk and progress your objectives efficiently
Frequently asked questions about payments regulation
Do we need FCA authorisation as a payment service provider?
Whether FCA authorisation or registration is required depends on whether your activity falls within the definition of a payment service under Schedule 1 of the PSRs 2017. The analysis turns on the nature of the service, the currency and territory involved, and whether any exclusions apply. bratby.law advises on perimeter assessments, the application process, conditions of authorisation and ongoing supervisory obligations.
What does the abolition of the PSR mean for regulated firms?
The government announced in March 2025 that the PSR will be abolished and its functions transferred to the FCA. HM Treasury consulted on the details in autumn 2025 and legislation is expected when parliamentary time allows, with a target of end of 2026. Substantive regulatory obligations will remain. The practical implications concern the transition of supervisory relationships, the interaction of PSR-style economic regulation with FCA conduct rules, and potential changes in process, appeals routes and information powers.
What are our obligations under DORA?
DORA applies to financial entities (including payment institutions, e-money institutions and credit institutions) operating within the EU from January 2025. Obligations include maintaining an ICT risk management framework, reporting major ICT incidents, conducting digital operational resilience testing and managing third-party ICT provider risks. DORA does not apply directly in the UK, but UK firms with EU operations must comply. The UK has parallel requirements under FCA/PRA operational resilience rules and the Critical Third Parties regime.
What is open banking and how is it regulated?
Open banking allows authorised third parties to access customer account data and initiate payments through bank APIs. In the UK, it is regulated under the PSRs 2017 (implementing PSD2) and underpinned by the CMA’s Retail Banking Market Investigation Order 2017. The FCA is expected to become the lead regulator for open banking, with new rulemaking powers anticipated in 2026. Commercial variable recurring payments (cVRPs) represent the next phase of open banking expansion.
What are the FCA’s safeguarding requirements?
Payment institutions and e-money institutions must safeguard customer funds under the PSRs 2017 and Electronic Money Regulations 2011. The FCA published a supplementary safeguarding regime effective May 2026, imposing requirements for daily reconciliation, named senior managers responsible for safeguarding, resolution packs, annual safeguarding audits and enhanced reporting. A full replacement regime based on statutory trust is expected to follow once HM Treasury revokes the current regulations.
How does the Consumer Duty apply to payments firms?
The FCA’s Consumer Duty requires payments firms to deliver good outcomes for retail customers across four areas: products and services, price and value, consumer understanding, and consumer support. The FCA conducts deep-dive reviews of payments firms and a post-implementation assessment is expected in mid-2026. Firms must demonstrate how they deliver fair value, communicate effectively and support vulnerable customers.
What is a cVRP and how does it work?
A commercial variable recurring payment (cVRP) is an open banking technology allowing consumers to authorise trusted third parties to manage recurring payments of variable amounts. Unlike direct debits, cVRPs give the consumer direct control through their banking app. In 2025, UK Payments Initiative Limited (UKPI) was established to deploy cVRP infrastructure, with first live payments expected in 2026 for utility, financial services and government use cases. As General Counsel at UKPI, Rob Bratby is directly involved in the development and governance of this infrastructure.
Can bratby.law advise on payments transactions?
Yes. We advise on scheme agreements, membership and licensing agreements, participant onboarding documentation, pricing frameworks, interchange arrangements, vendor agreements, outsourcing contracts and technology procurement for payments infrastructure. Our transactions practice serves all three of our regulatory pillars: telecoms, data and payments.