The Payment Services Directive 2 (PSD2) established the regulatory framework for payment services across Europe. In the UK, its requirements were transposed into domestic law through the Payment Services Regulations 2017 (PSR 2017), which continue to apply post-Brexit and are enforced by the Financial Conduct Authority (FCA). Any business that wishes to provide payment services in the UK on a commercial basis must hold the appropriate FCA authorisation or registration.
The PSR 2017 applies to a wide range of payment activities carried out in the UK. Regulated payment services include credit transfers, direct debits, card-based payment transactions, money remittance, payment initiation services (PISP), and account information services (AISP). The scope also extends to the issuance and acquiring of payment instruments, executing payment transactions through funds lines of credit, and telecom-billed payment transactions.
Firms that carry on these services commercially without holding a full banking licence must be authorised or registered with the FCA before commencing activity.
The main authorisation route for firms providing a broad range of payment services. APIs can carry out the full list of regulated payment services, operate throughout the UK, and appoint agents and distributors. There is no upper limit on transaction volumes.
A simplified registration route for smaller firms. SPIs are subject to lighter requirements but must keep average monthly payment transaction volumes below €3 million. SPIs cannot passport into other EEA countries and have more limited operational permissions than APIs.
Firms that issue electronic money fall under the Electronic Money Regulations 2011 (EMR 2011) rather than the PSR 2017. AEMIs can issue e-money, redeem it on request, and carry out payment services connected to the e-money business. There is no cap on the volume of e-money issued.
A lighter-touch registration route under the EMR 2011 for e-money firms with average outstanding e-money below €5 million. SEMIs are subject to some scope restrictions and cannot passport within the EEA.
Applications for FCA authorisation must demonstrate the following:
Applications are submitted to the FCA through the Connect portal. The FCA assesses complete applications within approximately three months. Incomplete applications can take up to twelve months. The FCA can reject an application without assessment if minimum required information is missing, which makes early preparation and a well-structured submission critical.
The application includes, at a minimum, application forms, a programme of operations, a regulatory business plan, financial forecasts, governance and ownership materials, an AML/CTF framework, and safeguarding and operational documentation. Depending on the model, activity-specific materials may also be required.
Once authorised, firms are subject to continuous FCA supervision. Ongoing obligations include maintaining adequate capital, submitting regular regulatory returns, notifying the FCA of material changes to the business, managing safeguarding obligations, keeping AML/CTF controls up to date, and co-operating with FCA requests and supervisory engagement.
The UK government is reviewing the PSR 2017 and EMR 2011 with a view to replacing them with updated primary legislation. The FCA and HM Treasury are expected to introduce a new Payment Services Regulation and Electronic Money Regulation that will modernise and consolidate the existing rules. Firms should monitor regulatory developments and ensure their compliance arrangements remain aligned as the framework evolves.
We help you choose the right licensing route, prepare the full application pack, and manage the process from submission to approval.
