UK fintech & payments: FCA/PRA dual oversight under FSMA 2000; comprehensive crypto regime
The UK maintains a comprehensive regulatory framework for fintech and payments, primarily overseen by the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) under the Financial Services and Markets Act 2000. The regime covers traditional payment services, e-money, and increasingly, cryptoassets, with the FCA issuing final policy statements establishing clear standards for stablecoin issuance, custodial services, and trading. The PRA focuses on prudential supervision, particularly for banks and insurers, while the Bank of England manages systemic payment infrastructure and monetary stability.
Recent regulatory developments include the implementation of a robust cryptoassets regime and ongoing consultations on next-generation retail payments infrastructure. The regulators have also streamlined supervision processes, introduced joint support units for scale-ups, and updated safeguarding requirements for payment firms. The overall direction of travel emphasizes operational resilience, market integrity, and consumer protection through risk-based approaches and enhanced supervisory coordination.
Financial Conduct Authority
Conduct regulator for payment institutions, e-money issuers, and cryptoasset firms; sets conduct rules and fees.
[1][2][3]Prudential Regulation Authority
Prudential supervisor for banks, building societies, and insurers; co-regulates safeguarding and authorizations.
[2][4][5]Bank of England
Oversees systemic payment infrastructure (CHAPS, RTGS) and monetary policy; coordinates with FCA/PRA on market infrastructure.
[6][7][8]Financial Services and Markets Act 2000 (2000)
The primary legislation governing financial services in the UK, providing the legal basis for the FCA and PRA to regulate payment institutions, e-money issuers, and cryptoasset activities.
[1][8]Payment Services Regulations 2017 (2017)
Transposes PSD2 into UK law, regulating payment institutions and e-money institutions, including safeguarding requirements and consumer protection standards.
[2][3]Payment Institution / E-money Institution
Firms must be authorized by the FCA (and PRA for banks) to provide payment services or issue e-money. The regime includes specific safeguarding requirements for customer funds.
[2][4]Cryptoasset Firm
Firms engaged in cryptoasset activities such as exchange, custodial wallet provision, and staking require FCA authorization under the FSMA 2000 regime as updated by recent policy statements.
[1]Firms must adhere to strict safeguarding rules for customer funds, implement risk-based approaches for payment services, and comply with conduct standards for cryptoassets including stablecoin issuance.
[2][3][1]Contactless payment thresholds are regulated, with single and cumulative limits set by the FCA to balance convenience and security.
[9]Email alerts for United Kingdom updates
New circulars, rules and guidance — a digest in your inbox, same day.