Beyond 2026, the focus shifts to longer-term structural reform. The digital pound, the move to open finance, and changes to prudential and settlement frameworks will reshape payments architecture, despite uncertain timelines.
Q2 2026 brings key regulatory deadlines into force, including updated Financial Conduct Authority safeguarding rules, payment account termination requirements, and ISO 20022 timelines for CHAPS and RTGS. BNPL, stablecoins, and Competition and Markets Authority oversight of agentic AI signal further expansion beyond traditional payments.
This regulation roadmap by The Payments Association provides a forward-looking view of key legal and regulatory developments shaping the financial services and payments landscape. It brings together major initiatives across the UK, EU and other relevant jurisdictions, highlighting both confirmed reforms and emerging policy direction.
The roadmap is designed to help firms identify what is changing, when it is expected to happen, and where regulatory focus is likely to intensify. It covers a broad range of topics, including payments, cryptoassets, prudential regulation, consumer protection, data and digital innovation, and financial market infrastructure.
Rather than a comprehensive statement of all regulatory change, the roadmap focuses on developments most likely to affect firms’ strategy, compliance and operational planning. It draws on primary legislation, regulatory publications, consultations and supervisory signals to provide a structured view of the evolving landscape.
Timelines and key dates are included where available. In some cases, these reflect indicative or expected milestones rather than fixed deadlines, particularly where reforms are still under consultation or subject to legislative change.
A timeline of key regulatory milestones and expected developments shaping the financial services landscape.
Q2 2026 introduces key deadlines across safeguarding, capital, and payment account protections as Financial Conduct Authority reforms take effect. ISO 20022 progresses with April’s final change requests, and redress modernisation adds new compliance focus areas.
The FCA’s Regulatory Priorities: Payments report replaces the previous Dear CEO letter format and is now published annually as a sector-wide document directed at all firms authorised or registered under the Payment Services Regulations 2017 and the Electronic Money Regulations 2011. It is explicitly addressed to boards and chief executives, and sets out what the FCA expects firms to do and what it will do itself across four priority areas: preparing for the future (innovation, open banking, stablecoins, modernising regulation); Consumer Duty implementation; financial system integrity (AML, fraud, operational resilience); and safeguarding.
The report functions as the FCA’s clearest statement of supervisory intent for the year. It signals where the FCA will focus its scrutiny and enforcement activity, which means it should directly inform firms’ internal compliance programmes, board reporting, and risk prioritisation. It sets out four priority areas:
Possibly the most pointed signal is the FCA expecting an increase in adverse audit opinions following its new Supplementary Regime coming into force in May 2026.
Notably, the document references the Payments Forward Plan as the companion piece for regulatory timelines, positioning these two publications together as the primary reading for any firm mapping its regulatory obligations for 2026 and beyond.
The Payments Forward Plan, published jointly by HM Treasury, the Bank of England, the FCA and the Payment Systems Regulator, sets out a coordinated three-year regulatory pipeline for UK payments. Building on the National Payments Vision, it provides a consolidated view of planned policy and regulatory activity across retail and wholesale payments and digital assets.
Rather than a single reform, the Plan maps what is coming and when. It sequences activity across key workstreams, including the FCA’s safeguarding regime (May 2026), open banking, stablecoins, BNPL, RTGS settlement hours and the digital pound. It also reflects efforts to manage industry capacity and reduce overlap, including the planned consolidation of the PSR into the FCA.
Key dates
The FCA has published its open finance roadmap, setting out a path to develop open finance in the UK through to 2030. Building on open banking’s foundations, open finance would extend secure, consent-based data sharing across a much wider range of financial products and services, including mortgages, SME lending, insurance, pensions, savings and investments, giving consumers and businesses greater control over their financial data.
The FCA’s approach is structured in three phases: 2026 focuses on collaboration and prioritisation, with TechSprints, a PolicySprint, and the development of a Prioritisation and Real-world Insights Selection Matrix (PRISM); 2027 moves into regulatory design and coordination with HM Treasury; and 2028–2030 targets scaling through the launch of open finance schemes. Priority use cases identified are SME lending and mortgages. The FCA is clear that where industry-led progress stalls, regulatory intervention may follow. Firms should treat this as an early signal of the direction of travel, particularly around data sharing obligations, consent frameworks, and infrastructure investment.
Key dates
Q2 2026: FCA PolicySprint to build consensus on priority use cases and framework needs
Q3 2026: PRISM taskforce report published, identifying impacts of use cases on consumers, competition and innovation
Q4 2026: Further TechSprint outcomes report published; FCA discussion paper on delivering a framework for the first open finance scheme
H1 2027: FCA discussion paper on long-term regulatory framework published
H2 2027: FCA works with HM Treasury on options for a regulatory framework
2028–2030: Open finance schemes developed and launched on a rolling basis
The Bank of England has confirmed the scope of ISO 20022 schema changes for the November 2026 CHAPS, RTGS and net settlement release, based on updates published in December 2025. The changes affect the XSD schemas used for Swift validation of payment messages.
The 2026 scope is narrower than earlier proposals, focusing on corrections, updates and targeted additions to align with international standards such as CBPR+ and HVPS+. Each change is categorised by Swift impact and mapped to specific message types to support firm-level impact assessment.
Following industry feedback, the Bank has reduced scope. Proposed changes to pacs.029, camt.053 and camt.054 have been deferred to a future backlog, with greater transparency provided on items not proceeding.
The Bank expects a broader ISO 20022 base message upgrade in November 2027.
Key dates
PS25/14 sets out the FCA’s final rules to simplify and consolidate the definition of regulatory capital (“own funds”) for FCA investment firms under MIFIDPRU 3, following consultation CP25/10. The policy removes all remaining cross-references to the UK Capital Requirements Regulation (UK CRR) and establishes a standalone, self-contained definition of capital within the FCA Handbook, tailored specifically to investment firms rather than banks.
Importantly, the changes are structural and clarificatory, not substantive. The FCA is not increasing capital requirements or requiring firms to change their capital structures. Instead, the reforms aim to reduce complexity, improve clarity and accessibility, and remove banking-specific provisions that are no longer relevant to investment firms. All capital definitions are now located in a single MIFIDPRU chapter, with clearer distinctions between CET1, AT1, and Tier 2 capital.
The policy forms part of the FCA’s broader programme to modernise and simplify the Investment Firms Prudential Regime (IFPR), delivering on commitments made in PS21/6. It also aligns with the Government’s wider regulatory reform agenda, including the Leeds Reforms and Mansion House commitments to streamline regulation while maintaining prudential resilience. The FCA positions these changes as the first phase in a longer-term vision for an integrated prudential sourcebook (COREPRU).
Key dates
The regulations amend the Payment Accounts Regulations 2015 and Payment Services Regulations 2017 to strengthen transparency around account refusals and terminations, in response to concerns about “debanking”. Made under the Financial Services and Markets Act 2023, they come into force on 28 April 2026.
For payment accounts, designated credit institutions must give clear reasons for refusals or termination, unless unlawful, and inform customers of their right to complain to the Financial Ombudsman Service.
For payment services, new rules distinguish contracts entered into before and from 28 April 2026. For new contracts, firms must generally give at least 90 days’ notice of termination, with reasons and complaints information.
Exceptions apply where notice is not required, including cases involving financial crime, immigration, public order, or regulatory direction.
Key date
The FCA’s supplementary safeguarding regime strengthens governance, record-keeping, monitoring and audit requirements, moving closer to CASS standards while stopping short of a statutory trust model.
PS25/12 follows CP24/20, which identified significant weaknesses, with only 35% of client funds returned in insolvencies between 2018 and 2023.
Key changes include daily reconciliations (including D+1 internal checks), CASS-style resolution packs, annual audits by Companies Act-qualified auditors (with a small firm exemption), and monthly regulatory returns. Firms using insurance or guarantees must plan to move to segregation if cover cannot be renewed.
The FRC has issued interim guidance (March 2026) for safeguarding audits, pending a full standard expected in 2027. Transitional flexibilities include extended reporting deadlines and the option of hybrid or separate audit opinions.
The FCA sees this as a step towards a fuller regime, potentially including statutory trusts, although no timeline is set.
Key dates
The FCA and the Financial Ombudsman have published CP26/9, following CP25/22, setting out proposals to modernise the redress framework within the current legislative perimeter. The Government has confirmed it will legislate for wider reform when Parliamentary time allows.
The existing regime is seen as creating uncertainty, particularly around complaint handling, mass redress events and consistency of decisions. The proposals focus on earlier identification of harm, clearer expectations on proactive redress, and closer FCA–Ombudsman coordination.
Measures include guidance on when firms should notify the FCA of systemic issues, expectations for proactive redress, operational changes at the Financial Ombudsman and FSCS, a new complaint registration stage, revised dismissal grounds, and changes to the “fair and reasonable” test to anchor decisions to standards at the time of conduct.
The reforms aim to deliver faster, more predictable outcomes, reduce weak complaints, and support growth and competitiveness.
Key dates
11 May 2026: consultation closes
2026: further joint policy statement expected
The FCA is running a programme of webinars to help firms prepare for the new cryptoasset regulatory regime, due to come into force on 25 October 2027. Each session includes a live Q&A with FCA authorisations experts and is aimed at firms currently registered for cryptoasset activities, firms not yet registered (including those accessing the UK market via a section 21 financial promotions approver), and payments and e-money firms that may need FSMA authorisation. Links to the webinars can be found below:
H2 2026 brings tighter oversight across capital, BNPL, and stablecoins, alongside operational pressure from settlement and misconduct rules. Competition and Markets Authority and Department for Science, Innovation and Technology activity signals the start of formal AI regulation.
On 10 November 2025, the Bank of England (BoE) published a landmark consultation paper (CP) setting out its proposed prudential and supervisory framework for sterling-denominated systemic stablecoins, building on its November 2023 discussion paper and subsequent industry engagement.
Systemic stablecoins are those whose scale of use in payments may pose risks to UK financial stability, as determined by HM Treasury. Once recognised under the Banking Act 2009, they will be subject to dual regulation: the BoE for prudential and financial stability matters, and the FCA for conduct, consumer protection and competition. Non-systemic stablecoins will remain subject to FCA-only regulation.
The consultation also signals the development of detailed Codes of Practice, expected in 2026, and is accompanied by a Financial Stability Paper on holding limits. A joint BoE/FCA approach document is likewise expected in 2026 to clarify how the two regulators’ remits will operate in practice.
Key dates
The FCA has published PS26/1: Regulation of Deferred Payment Credit (unregulated Buy Now Pay Later), bringing unregulated Buy Now Pay Later products into scope following CP25/23. The final rules largely reflect the consultation proposals, with minor clarifications.
DPC lenders will be required to carry out proportionate creditworthiness assessments for each agreement, provide key product information at the point of sale, and offer forbearance and support to customers in financial difficulty. Most existing Consumer Credit Sourcebook (CONC) rules will apply, alongside new requirements on missed payment notifications and signposting to free debt advice. Complaints will fall within DISP, with the Financial Ombudsman Service’s compulsory jurisdiction extended to DPC.
Firms without the necessary consumer credit permissions must enter the Temporary Permissions Regime (TPR). Merchants that broker DPC agreements remain exempt.
Key dates
The FCA’s December 2025 policy statement ‘Tackling non-financial misconduct in financial services’ sets out guidance on non-financial misconduct (NFM) in financial services, following consultation under CP25/18. The reforms amend the Code of Conduct (COCON) and clarify how NFM is assessed under the Fit and Proper (FIT) framework, aiming to improve consistency, certainty, and fairness in how firms address misconduct.
The reforms build on the FCA and Prudential Regulation Authority’s joint Discussion Paper (DP21/2, 2021) and the FCA’s September 2023 consultation (CP23/20). The FCA reports that its proposals received broad industry support, with 80% of authorised firms and 90% of trade bodies backing its approach.
The guidance responds to strong industry support (95% of respondents) for additional clarity, while emphasising that firms must continue to exercise judgement. The FCA stresses that its framework does not replace employment law, criminal law or internal disciplinary processes, nor does it create new routes for employee redress. Instead, it is intended to help firms take decisive, proportionate action where behaviour risks harming individuals, workplace culture, consumer outcomes or market integrity.
Key dates
The Bank of England is consulting on Phase 1 of extending settlement hours for CHAPS on its renewed RTGS platform, RT2.
Following RT2’s go-live in April 2025 and strong industry support, it proposes opening settlement from 1.30 am on existing business days, ahead of the current 6 am start, as a step towards near-24×7 settlement later in the decade.
The proposal is intended to align UK settlement more closely with international systems, support G20 cross-border initiatives, reduce settlement risk, and enable innovation, including synchronisation and tokenisation, by extending access to central bank money. Implementation is targeted for H2 2027, subject to consultation feedback.
Participation in the 1.30 am–6 am window would be optional for CHAPS Direct Participants. All would receive payments from 1.30 am, but only those opting in could send them. The Bank proposes an “alert and respond” support model, with no active business support until 5.45 am, no changes to contingency arrangements, liquidity facilities or euro bridge timings, and intraday liquidity credited at 1.30 am but not amendable before 8 am.
Key dates
The FCA published an engagement paper in December 2025 reviewing how market risk capital requirements are set for solo-regulated FCA investment firms that manage a trading book.
Current requirements derive from bank-focused Basel standards via the UK Capital Requirements Regulation (UK CRR), creating disproportionate burdens for specialised trading firms, particularly around hedging recognition.
The engagement paper explores seven possible approaches, ranging from amending the existing standardised K-NPR method, extending the margin-based K-CMG, reforming the internal models approach, to more novel methods such as a weighted liquid exposure methodology or adopting a net capital rule.
Key dates
The FCA has published its strategic vision for the next phase of open banking in the UK, built around five goals: accessibility and consumer value; safety and security; scalability; interoperability, including cross-border; and competition and innovation. It notes that open banking now has over 16 million active users, with payments up 53% in 2025.
The immediate priority is to enable commercially sustainable account-to-account payments. However, the FCA’s ability to introduce binding rules depends on new legislative powers expected from HM Treasury in 2026. In the meantime, it is working with industry, building on agreed principles for variable recurring payments and recent work on open banking and open finance. The vision aligns with the National Payments Vision and the Strategy for Future Retail Payments Infrastructure.
Key dates
The Competition and Markets Authority (CMA) has published research on how agentic AI may reshape consumer markets, with implications for payments and financial services.
Agentic AI refers to systems that can autonomously plan and act, breaking tasks into steps, using real-time data, executing transactions and retaining memory. The CMA distinguishes these from traditional automation by their autonomy, goal orientation, multi-step reasoning and cross-platform capability.
Use remains focused on business-facing applications, with consumer deployment still limited and human oversight common. However, investment is increasing, and the CMA expects a gradual shift towards more capable personal agents.
For payments firms, the most relevant development is agentic commerce: agents that monitor prices, switch providers, manage subscriptions and execute transactions within set parameters. This raises questions around instruction, authority, liability and safeguarding.
Key dates
This is not currently a standalone regulatory obligation, but it carries material legal risk across several existing frameworks:
The government has confirmed its intention to legislate for artificial intelligence, but has not set a timetable. The FCA has welcomed the move and reiterated its commitment to a technology-agnostic, principles-based and outcomes-focused approach.
Rather than creating a new regulator, the government will rely on existing bodies, including the FCA, CMA, ICO, Ofcom and MHRA, to apply a common framework within their remits. This is built around five cross-sector principles: safety, security and robustness; transparency and explainability; fairness; accountability and governance; and contestability and redress.
Key dates
The Digital Regulation Cooperation Forum (DRCF), comprising the FCA, CMA, ICO and Ofcom, has published a foresight paper on agentic AI.
While not a formal policy, it signals alignment on key risks and supervisory expectations. For payments firms, the FCA confirms that Consumer Duty applies to the use of agentic AI, alongside ICO data protection and CMA consumer law requirements.
The paper highlights governance, data minimisation, human oversight, cybersecurity and algorithmic collusion as the main risk areas. Financial services is identified as a sector where agentic AI is already in use across tool, assistant and operator levels.
Key dates
Beyond 2026, the focus shifts to longer-term structural reform. The digital pound, the move to open finance, and changes to prudential and settlement frameworks will reshape payments architecture, despite uncertain timelines.
Published on 4 February 2026, the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026 establish a comprehensive FSMA-based regime for cryptoasset activities, following draft legislation laid before Parliament in December 2025.
The Regulations amend the Regulated Activities Order 2001 to define three categories: qualifying cryptoassets, qualifying stablecoins and specified investment cryptoassets. They also bring a range of activities into scope, including issuance, safeguarding, trading platform operation, dealing, arranging and staking, requiring FCA authorisation where carried on by way of business.
They introduce a market abuse regime covering insider dealing, unlawful disclosure and market manipulation, and restrict public offers of qualifying cryptoassets, with unauthorised offers constituting a criminal offence. Existing AML and financial promotions rules will be updated to reflect the new perimeter.
Key dates
The Bank of England and HM Treasury continue to assess the case for a digital pound, with the design phase running through 2026. No decision has been taken.
A blueprint is due in 2026, setting out key design features to support a joint policy assessment. Phase 2 of the Digital Pound Lab is open, allowing firms to test use cases in a no-live-money environment, with findings feeding into the design process.
In July 2025, Governor Andrew Bailey signalled a more cautious stance, saying he would need “a lot of convincing” if existing payment systems continue to perform well. The policy direction remains open.
Key dates
The PRA has finalised its Basel 3.1 rules, consolidating earlier policy statements and its response to CP17/25 on market risk. The package introduces more risk-sensitive standardised approaches to RWAs and an output floor to limit variability between firms using internal models. Implementation has been delayed by one year to January 2027, reflecting international timing and competitiveness concerns.
The FRTB internal model approach (IMA) is delayed further to 1 January 2028. Until then, firms may retain existing IMA permissions while applying the new Advanced Standardised Approach to out-of-scope positions. Other changes include simplified treatment of collective investment undertakings and a permissions regime for the residual risk add-on. The rules apply to PRA-authorised banks, building societies, designated investment firms and their holding companies.
Key dates
The UK will move from a T+2 to a T+1 settlement cycle for securities transactions on 11 October 2027, requiring equities and bonds to settle within one business day and reducing counterparty risk. The Accelerated Settlement Taskforce, chaired by Andrew Douglas, is overseeing the transition, with the FCA and Bank of England as observers.
The move aligns with other major markets: the US, Canada, Mexico and Argentina adopted T+1 in May 2024, and the EU and Switzerland are targeting October 2027, reducing cross-border settlement risk.
Key dates
EU reforms, including PSD3, PSR, MiCA, the Digital Euro, and instant payments, raise regulatory standards, while the US GENIUS Act signals formal recognition in the core stablecoin market.
EU PSD3 & PSR – Proposed reforms to the EU payments framework
Following political agreement in November 2025, PSD3 and the PSR will significantly reshape the EU payments framework, moving beyond PSD2.
The package splits responsibilities: the PSR, as a Regulation, sets conduct, transparency, fraud liability and open banking rules, removing national divergence; PSD3, as a Directive, covers authorisation and supervision, integrating EMIs into the PI regime and repealing the Electronic Money Directive.
Key changes include mandatory payee name/IBAN verification, a shift in APP fraud liability towards PSPs, enhanced SCA accessibility, and more prescriptive open banking standards.
Key dates
On 18 July 2025, President Donald Trump signed the (GENIUS) Act into law, establishing the first federal regime for payment stablecoins. It restricts issuance to licensed entities, with prudential, reserve and disclosure requirements.
The Act defines payment stablecoins as fully backed and redeemable at par, with segregation, audits and monthly certifications. It also clarifies their treatment under US law, distinguishing them from securities and commodities. Oversight will be shared across federal and state regulators, with a new interagency certification committee.
Foreign issuers may operate only where their home regime is deemed “substantially similar” and must hold reserves in the US.
Key dates:
The European Central Bank (ECB) and EU co-legislators are advancing plans for a retail digital euro, intended to complement cash and support a resilient, pan-European payments system.
In December 2025, the Council of the EU agreed its position on draft regulations covering the digital euro framework and the legal tender status of cash. The digital euro would be usable online and offline, offer strong privacy, and sit alongside private payment methods. Holding limits would apply to manage financial stability risks.
The framework also clarifies costs: core services must be free for consumers, while fees for value-added services are permitted. Interchange and merchant fees will be capped initially, and fair access to mobile infrastructure is required.
Final issuance will depend on legislative adoption and an ECB decision.
Key dates
The EU Instant Payments Regulation (IPR), adopted in March 2024, aims to drive uptake of euro instant credit transfers by making them the default. It responds to historically low adoption despite the SCT Inst scheme.
The Regulation requires PSPs offering standard euro credit transfers to also offer instant payments, with funds credited within 10 seconds, 24/7. Charges must not exceed those for standard transfers.
It also introduces safeguards, including mandatory Verification of Payee for all credit transfers and simplified sanctions screening, balancing speed with fraud and compliance risks.
Implementation is phased across institutions and jurisdictions.
Key dates
The EU’s Markets in Crypto-Assets Regulation (MiCA) establishes a pan-European framework for cryptoasset issuance, custody, trading and marketing. It introduces licensing for cryptoasset service providers, disclosure requirements for issuers, prudential and conduct standards, and a dedicated regime for stablecoins.
Existing firms benefit from transitional arrangements, after which all CASPs must be authorised to operate. Member States may apply shorter transition periods.
Key dates
You need to be logged in to do this!
