In today’s regulated payments industry, who does what?

Share this post

Demystifying emerging payments, from the Payments Association

Thanks to Open Banking, there has never been a more exciting time for creators and consumers of financial services. But it is not always clear to those outside of the payments industry as to who does what and under what conditions. The Payments Association’s (Payments Association) Project Regulator team has produced this brief explanation of who the new players are and how they weigh up against the longer-established players.

What is going on in payments?

In addition to the traditional high-street banks, there is now an array of new service providers —such as Currencycloud, Modulr, Cashplus, Fire, Tuxedo Money Solutions and Contis — that provide innovative, user-friendly and cost-effective bank-alternatives for consumers and businesses in areas such as payment transfer, digital accounts, currencies and collections.

These providers are the result, among other things, of European Union (EU) directives (the first and second Payment Services Directive, or PSD1 and PSD2) that created a new type of player to compete with banks in providing payment services with the hope that this would increase innovation and lower prices. In order to give customers confidence in the new players, the directives require that they are authorised or registered as payment service providers and obliges them to protect customers’ rights to the same high standards as banks – for example, the right to information before and after a payment and fair treatment when something goes wrong. But the new players do not have to bear some of the other costs that come with regulation – for example, the cost to become authorised or registered is much less than it would be to become a bank and the capital they must hold is much less. This is further explained below.

Another exciting development is that both PSD2 and a ruling by the Competition and Markets Authority in the UK has resulted in Open Banking, which is what we call the project for banks and other payment service providers to allow open and secure access to customers’ account information by specific third party providers – based on the customer giving their consent – so that consumers and businesses have greater choice as to how they transact and access their payment accounts and payment services.

Who are the new players?

The businesses mentioned above are not banks, but are authorised or registered either as payment institutions (PIs) or e-money institutions (EMIs) by the UK’s financial services regulator, the Financial Conduct Authority (FCA).

While we’ve had hundreds of years to get our heads around the concept of what a bank does, EMIs and PIs are relatively new kids on the block. So, what are the main differences between banks, EMIs and PIs?

Banks take deposits

One of the main distinctions is that, out of the three, only banks are authorised to accept customer deposits. This means that banks are allowed to lend from these funds and therefore earn money on customers’ money. But with this benefit comes greater responsibility and regulatory burdens. Here are a few examples.

  • Before becoming a bank, applicants must go through a long and intensive application process that proves to the regulators that they are fit to become a bank.
  • Once authorised, banks have much more engagement with their regulators than EMIs and PIs.
  • Banks are subject to higher capital requirements than EMIs and PIs, which means they have to prove to their regulator that they hold sufficient financial resources to meet their obligations if business doesn’t go as well as they expect.

Payment institutions and e-money institutions provide payment services

With a payment institution or e-money institution license, PIs and EMIs are allowed to provide payment services (such as credit transfers, direct debits, electronic credit card transactions, money transfer) and even payment accounts.

However, a PI is not allowed to hold funds on account without a payment instruction whereas an EMI can offer a payment account, or ‘digital account’, which looks and feels similar to a current account offered by a bank.

E-money institutions make payments and provide ‘digital accounts’

Like payment institutions, EMIs can make payments, but they also provide customers with accounts for ‘e-money’. This is the “digital equivalent of cash” stored on an electronic device (mobile phone or e-wallet) or remotely on a server, effectively creating “digital accounts.”

These digital accounts are a new way of providing a service that banks have offered for hundreds of years but can be more easily and quickly created. Customers can use these digital accounts to get paid, make payments, reconcile, monitor fund flows, and receive real-time notifications about the status of payments.

How safe is my money?

Now we know which sort of organisation does what, how are customers of EMIs and PIs protected if the business goes bust?

If a bank becomes insolvent, customers’ deposits are guaranteed by the Financial Services Compensation Scheme (FSCS), which provides compensation up to a specified limit. The funds received by EMIs and PIs are not protected under the FSCS so, instead, the EMIs and PIs have to ‘safeguard’ the funds by either placing them in a separate dedicated account, or getting them covered by insurance or guarantee, so they can be easily repaid to customers (the segregation method) and/or be covered by an insurance policy or compatible guarantee should such an institution become insolvent.

What are the new categories of payment services activities under PSD2?

PSD2 introduces two new categories of payment service activities: account information services (AIS) and payment initiation services (PIS). Any UK bank, e-money institution or authorised payment institution can apply for permission from the FCA to be able to offer these services. Providers of these services (AISPs and PISPs) will access their customers’ accounts held with other payment service providers, but always with the customers’ consent.

What is an AISP?

An Account Information Service Provider (AISP) offers an account aggregation service that allows customers to get a single view of all their payment accounts via one site. Lenders and credit reference agencies are likely to use AISPs to make better informed lending decisions.

What is a PISP?

A PISP is an overlay payments provider that can make a direct bank transfer from the customer’s account with another payment service provider to pay a retailer or merchant. The benefit for the merchant is that they can determine whether the funds are available before releasing the goods or services.

How safe are AISPs and PISPs?

AISPs and PISPs that are authorised or registered by the FCA will have gone though an application process in which they will have provided the regulator with details of how they will operate and manage their business and protect their customers’ data. PISPs have to hold capital and both AISPs and PISPs have to hold Professional Indemnity Insurance that meets certain specified criteria. They do not have to safeguard customers’ funds because neither take possession of the payment funds (while PISPs set up payments for customers the payment is made by what is known as the account servicing payment service provider, in other words, the payment service provider that provides the account).

What if something goes wrong?

If anything goes wrong with a payment service or a customer has any reason to make a complaint, the customer should get in touch with their payment service provider in the first instance. Payment service providers have to respond within 15 business days if the complaint is about a breach of the customers rights under the payment services or e-money legislation. In exceptional cases, the payment service provider may need more time to investigate and respond to the complaint, in which case they can take up to 35 days.

If the payment service user is an individual or a small business, trust or charity under a certain size and they are not satisfied with the response they’ve received, they can take their complaint to the Financial Ombudsman Service. The Ombudsman is an independent watchdog with responsibility for judging complaints and has the power to award compensation.

Key differences between Banks, E-Money and Payment Institutions

  Banks E-money Institutions Payment Institutions
What they can do Usually authorised to accept deposits, lend money, make investments, pay interest and can issue e-money (digital wallets and cards) Provide payment services, issue e-money (digital wallets and cards) Provide payment services (credit transfers, direct debits, electronic credit card transactions, money transfer)
What they can’t do Banks must only carry on the regulated activities for which they have permission – which includes all usual banking services including those services offered by EMIs and PIs Cannot accept deposits, lend from the payment services funds, make risky investments or pay interest on e-money it issues. This is covered in forms of customer protection Cannot issue e-money, accept deposits, make risky investments. Client funds cannot be mixed with the institution’s own money and must be held in a separate account
Forms of customer protection for customers funds Financial Services Compensation Scheme to guarantee customer deposits Must safeguard funds which are received in exchange for e-money under the EMRs and also, those EMIs which supply unrelated payment services are subject to the safeguarding provisions of the PSRs (as if they were authorised PIs).


Safeguarding can be carried out either through segregation of those funds or covering them with an insurance policy/compatible guarantee

Safeguard funds (either received from a service user or a PSP for the execution of a payment transaction) in accordance with the PSRs


Safeguarding can be carried out either through segregation of those funds or covering them with an insurance policy/compatible guarantee

Examples Barclays, Raphaels Bank, Lloyds Bank, Metro Bank, Arkea Banking Services Modulr, Currencycloud, Satispay, deVere, Cashplus, Neteller, Skrill and Paysafe Geoswift, Fire, Saxo Banking Circle

About Project Regulator and the The Payments Association

We think the changes brought about by the payment services and e-money directives have brought about, and will continue to bring about, tremendous advantages to consumers and businesses because it has facilitated a vibrant, innovative and exciting market place of emerging payment service providers. Regulation can and should be challenging so the The Payments Association, through Project Regulator, champions good regulation that protects consumers and allows business to flourish.

Project Regulator is led by payments regulation specialist, Alison Donnelly, and championed by payments entrepreneur, Myles Stephenson.

For more information on Project Regulator and the The Payments Association, please contact

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?