FCA’s Strategic Priorities: Strengthening the UK Payments Sector

The UK payments sector is currently navigating a period of profound structural change. According to the National Payments Vision (November 2024) and the 2025 McKinsey Global Payments Report, the industry is shifting from a card-dominant landscape toward a ‘multi-rail’ ecosystem. In 2024, debit cards accounted for over 50% of UK payments, but the surge in mobile contactless adoption (used by 50% of the adult population) and the growth of Faster Payments (reaching 5.6 billion transactions) have introduced new systemic risks.

As digital wallets and account-to-account (A2A) payments become infrastructure rather than alternatives, the Financial Conduct Authority (FCA) has updated its supervisory framework to ensure that innovation does not outpace safety. The latest Regulatory Priorities Report and the preceding ‘Dear CEO’ letters signal a transition from high-level guidance to rigorous enforcement, focusing on effective competition, financial system integrity, and the safety of customer money.

1. Operational Resilience: The March 2025 Deadline

Under Policy Statement PS21/3, the transitional period for operational resilience rules ended on 31 March 2025. Firms are no longer in a ‘preparation’ phase; they must now actively demonstrate resilience.

• Impact Tolerances: Firms must show they can remain within defined ‘impact tolerances’ during severe disruptions (e.g. a major cloud outage or cyber-attack).

• Mapping and Testing: Regulatory focus has shifted to the quality of scenario testing. The FCA expects firms to have mapped the full chain of their ‘important business services’, including dependencies on critical third parties.

• Third-Party Risk: In alignment with the Digital Operational Resilience Act (DORA) standards in the EU, the UK is increasing scrutiny of ‘critical third-party’ technology providers to prevent a single point of failure from destabilising the entire sector.

2. Financial Crime and the APP Fraud Regime

Financial crime remains the FCA’s top enforcement priority. A major legislative shift occurred with the PSR PS24/7 requirements and the Payment Services (Amendment) Regulations 2024.

• Mandatory Reimbursement: Since October 2024, firms have been liable for reimbursing victims of Authorised Push Payment (APP) fraud up to a cap of £85,000. The liability is split 50:50 between the sending and receiving firms, a move designed to force receiving banks to shut down ‘mule accounts’.

• Payment Delays: Legislation now allows firms to delay suspicious outbound payments by up to four business days. The FCA expects firms to use this power proportionately, balancing fraud prevention with the need to minimise friction for legitimate transactions.

• AML Governance: The FCA continues to cite weaknesses in Suspicious Activity Report (SAR) quality. Under the Senior Managers and Certification Regime (SM&CR), individual executives are increasingly being held accountable for systemic failures in Anti-Money Laundering (AML) and sanctions screening.

3. Safeguarding and ‘Solvent Wind-down’

The safety of customer funds (safeguarding) is a critical concern, particularly as the FCA observes a rise in ‘adverse’ audit opinions in the payments sector.

• The New Safeguarding Regime: Final interim rules for a strengthened safeguarding regime are expected in mid-2025, with full implementation by May 2026. This will move the industry closer to a CASS-style (Client Money) model, requiring stricter asset segregation and more frequent reconciliations.

• Wind-down Planning: The FCA requires ‘actionable’ Wind-down Plans (WDPs). Plans must include specific cash-flow triggers that indicate when a firm must begin a solvent exit from the market to ensure customer funds are returned before they are depleted by operational costs.

4. Implementation of the Consumer Duty

The Consumer Duty (PS22/9) is now the standard by which all payment services are judged. For 2025, the FCA has identified specific areas of ‘poor value’:

• Price Transparency: A thematic review into International Remittances found that many firms are not transparent about FX mark-ups. The FCA expects firms to provide a total ‘all-in’ cost to consumers.

• Vulnerable Customers: Following the Vulnerable Customer Review, firms must prove that their automated fraud blocks or account freezes do not disproportionately harm customers in vulnerable circumstances.

Summary of Regulatory Deadlines

Preparing for a ‘Supervision-First’ Era

For leaders in the fintech and finance sectors, the FCA’s priorities signal the end of the ‘growth at all costs’ era. To navigate this tightening environment, executives and boards should focus on three strategic preparations:

1. Industrialise Compliance: Compliance can no longer be a manual, periodic check. Leaders must invest in RegTech that provides real-time visibility into safeguarding reconciliations and automated fraud detection that aligns with the new 50:50 liability model.

2. Audit the Supply Chain: With the focus on PS21/3, leaders must conduct deep-dive audits of their critical third-party providers. You are only as resilient as your weakest API integration; ensuring your partners meet the FCA’s impact tolerances is now a mandatory component of vendor management.

3. Refine the Exit Strategy: Every firm, regardless of its valuation or funding stage, must have a ‘live’ Wind-down Plan. This requires CFOs and Risk Officers to move beyond theoretical models and establish concrete, data-backed triggers that protect the consumer above the interest of the business.

By treating these priorities as a blueprint for operational excellence rather than a list of hurdles, fintech leaders can build the institutional trust necessary to scale in an increasingly scrutinised global market.