Digital Finance Newsletter July 2025
Welcome to the latest edition of our compliance newsletter. The eagle eyed among you will have noticed that we have had a change of name since the last newsletter to Digital Finance from Payment Services. This is to better reflect the sector the team covers, including EMIs, PIs, AISPs, PISPs and prospective applicant firms.
Content overview
- What's Been Happening
- Risk Management and Wind Down Plans
- Cryptoassets
- Authorisations
- Fraud Landscape
- Consumer Duty
- Conflicts of Interest
- Contactless Payment
- Dealing with Bereaved Customers
- Talking Regulation
- Preparing for a Financial Crime Review
- John Burns
- Finally
Since our last newsletter in March we have had a number of important publications from the FCA. These include their findings from the review of Digital Finance firms’ risk management framework and wind down plans; two important CPs one on Cryptoassets and one on Stablecoin; and, feedback on how firms are managing the APP scam reimbursement requirements.
What we haven’t had yet is final guidance from the FCA on the new safeguarding rules (which we understand should arrive in the Autumn). In our opinion this speaks to the fact that, as promised, CP24/20 was a genuine consultation exercise and the FCA are closely considering the feedback from interested parties. However, in the meantime I had the pleasure of participating in a webinar alongside Max Savoie of Ashhurst LLP and John Gilda of Vixio in which we chatted about the proposals and what they might end up meaning for firms.
The FCA have published their findings of their review of risk management frameworks and wind-down planning of firms in the Payment/Digital Finance and E-money sectors, exposing significant concerns in the sector in respect of their Prudential risk assessments and financial resilience.
Key findings include:
• Inadequate enterprise risk management frameworks
• Poor liquidity risk management and stress testing
• Overlooked group risk and interdependencies
• Wind-down plans disconnected from actual risk frameworks
Given this the FCA expect firms to urgently reassess the adequacy of their risk management frameworks and ensure they hold sufficient capital and liquidity, during normal times, stress, and potential wind-downs. While not yet formalised in PSRs & EMRs, these expectations align with past guidance (e.g., Dear CEO letters, FG20/1, TR22/1). We anticipate a shift toward ICARA-like assessments tailored to firm size and activity.
We would encourage Firms to review their own internal risk management frameworks and seek advice accordingly. Cosegic supports many firms in developing risk management frameworks and wind-down planning.
Our Financial Resilience team have recently wrote an article on this topic, please click here to read.
On 29 April, HM Treasury proposed bringing cryptoassets under the Financial Services and Markets Act 2000 (FSMA), aligning them with traditional financial services regulation. This shift marks a clear post-Brexit divergence from the EU’s MiCA regime and brings further clarity on the definition of cryptoassets, the rules applying to stablecoin issuance, staking, and safeguarding, impacting both UK and overseas firms.
Following this, on May 28, 2025, the FCA published CP25/15 (a prudential regime for cryptoasset firms) and CP25/14 (Stablecoin issuance and cryptoasset custody) laying out proposed regulations and guidance for companies wishing to undertake regulated activities.
Delphine Chen has outlined six key takeaways from the CP25/15 including what the changes might mean for existing firms, overseas firms and has also set out what CP25/14 (the stablecoin proposals might mean in practice).
Additionally, Robert Kochev of Cosegic’s Financial Resilience Team has written this very helpful article about the FCA’s proposals, including new rules on asset backing, liquidity thresholds like the Backing Assets Composition Ratio (BACR), and strict redemption timelines.
The FCA hosted two focused information sessions recently, one in May and one in June for firms seeking authorisation in the Crypto and Digital Finance sectors respectively. This demonstrates a clear commitment by the FCA to supporting applicants and driving higher standards across these industries. The sessions provided valuable guidance on what firms should prioritise, from engaging early with pre-application support to ensuring robust governance, sound financial planning, and operational resilience.
In this article Abou Bangoura shares key insights from the FCA’s messaging and outlines the practical steps firms in the crypto and broader Digital Finance space should take to strengthen their applications.
The UK Finance Annual Fraud Report 2025 paints a complex picture: a record 3.31 million fraud cases were confirmed in 2024, yet total losses held steady at £1.17 billion. This shift highlights how fraudsters are targeting more victims, but with smaller transactions, a trend driven by improved PSP controls.
Abou, breaks down what this means for payment service providers (PSPs). From the surge in remote purchase fraud to the continued rise of high-value investment scams, Abou explores the key risks, the impact of new PSR rules, and where PSPs should focus their defences.
More specifically APP scams have long posed a serious threat to consumers and a challenge for payment service providers. But with the introduction of the UK’s new APP scam reimbursement requirement on 7 October 2024, the PSR has reported encouraging progress. In just the first three months, 86% of money lost in in-scope scams has been successfully reimbursed.
The industrious Mr Bangoura has provided insight into what this is telling us about how firms are adapting to the regulatory shift, what it means for vulnerable customers, and where inconsistencies still need to be addressed.
As Jennifer Cahill our Consumer Duty SME observes firms might think that it has been only a few months since they were knee-deep in preparing their first Consumer Duty Board report and yet the deadline for the next one will come around very quickly. With this in mind Jennifer has shared some tips for preparing your next report based on feedback the FCA has published and her own experience of helping clients prepare last year’s reports. To accompany this she has also recorded this webinar.
Jennifer has also recorded another webinar where she talks about the fair treatment of vulnerable customers. We know that this is a topic many firms struggle with so Jenny’s advice will prove invaluable.
Managing conflicts of interest is a key regulatory expectation for FCA-regulated firms, but navigating the practical realities can be more complex than it first appears. Among the FCA’s 12 Principles of Business, Principle Eight explicitly requires firms to manage conflicts fairly, both between themselves and their clients, and between different clients.
I’ve delved into this issue and outlined how firms can take a practical and structured approach towards conflicts of interest. From clear policies and conflict registers to the “Four Ds” principles (which should definitely not to be confused with the “Five Ds” of Dodgeball).
The FCA’s recent engagement paper has opened up critical dialogue in the payments industry around how contactless payment limits could evolve. With proposals including revised risk-based exemptions, adjustable contactless thresholds, and a more flexible regulatory approach, the FCA is signalling a shift towards innovation and a more frictionless customer experience. For Payment Service Providers, Electronic Money Institutions and Banks, this could mean re-thinking fraud monitoring, revisiting customer profiles, and leaning further into AI-driven solutions. Jaspreet Kaur has looked at the regulator’s proposals and sets out what they could mean for firms navigating compliance, Consumer Duty, and the global payments landscape.
The FCA’s recent review, published on 12 April 2025, explores how banks and building societies handle customer bereavement and Power of Attorney (PoA) arrangements, with key insights that also apply to payment and e-money institutions. The review highlights four key findings which focus on customer vulnerability, service quality, and the need for greater empathy and support.
Jaspreet has the unpacked the FCA’s findings and what they mean for the wider financial services sector. From electronic verification of death to the role of data, training, and accessibility, Jas shares practical reflections on how firms can better support vulnerable customers and improve outcomes with a more human approach.
Since the last newsletter we’ve published three articles in our Talking Regulation series.
The first concerned the FCA reinforcing its “use it or lose it” stance, by cancelling the licence of Fidelity Payment Services inactive for almost a decade! As Jaspreet points out in her article decisive action highlights the regulator’s increasing determination to ensure that licenses don’t lie dormant.
In a second article Delphine Chen pondered what good Operational Resilience really looks like, sharing some thought-provoking reflections on what sets truly a resilient organisations apart. Like Consumer Duty, Operational Resilience is never a finished product, but those who treat it seriously put themselves on the front foot.
Finally, I’ve examined the updated MoU between the FCA, Bank of England, PRA, and PSR which aims to boost coordination and clarify roles, especially ahead of the PSR’s planned integration into the FCA. Sounds a bit dull I know but MoUs matter: they are part of the unglamorous foundations of effective, joined up regulation.
Cosegic’s Head of Financial Crime, Maya Braine has put together a very useful guide
to preparing for a Financial Crime Review. The article covers what regulators expect, and why; common mistakes and risks of outdated assessments; what ‘good’ looks like; and how to keep your risk assessment simple and effective. There is also a webinar that can be accessed.
Finally, we wanted to let readers know that after almost a decade at Cosegic John Burns is retiring this month.
John, long recognised as the UK’s foremost compliance expert in payment services, is currently Senior Advisor for the Digital Finance Team. His storied career has taken him from the FCA - where he wrote the handbook for Payments Institutions - on to Lloyds and then finally to Cosegic.
Everybody at Cosegic will miss his wise counsel, calm presence and wry humour. All the best for a long and happy retirement John.
The Digital Finance Team is pleased to welcome our summer intern Jashan Gawera, a student at the University of Warwick. Jashan will be shadowing members of the team and getting his hands dirty with some research and other activity to support us.
I hope you found this newsletter useful. As ever, if you would like to discuss Digital Finance issues or any other aspect of your compliance, then please contact any member of the team. Additionally, if there is any topic you would like us to cover in future editions of the newsletter, then please let me or one of the team know.
Many thanks for reading,
Ed
Related resources
All resources
UK National Risk Assessment 2025
HMT, FCA & PRA Reviews of the Senior Managers & Certification Regime (SMCR)
The FCA’s PS25/4: Revisiting research bundling in the UK – What fund managers and providers need to know
Tackling non-financial misconduct in financial services (“NFM”). Changes to the FCA's Conduct Rules