A wave of compliance deadlines, intensifying into 2026–2028, is set to create a more costly and competitive operating environment for the payments and digital assets industries. 

But amidst the headwinds lie new opportunities. 2025 promises greater regulatory clarity on new forms of money and payments – from stablecoins to Central Bank Digital Currencies (CBDCs) and open banking enabled payments – enabling firms to (re)assess their role in the future payments landscape.
 

Compliance deadlines loom
 

Retail payments

The European Union (EU) and United Kingdom (UK) are implementing new regulations to strengthen consumer protection, choice, and resilience. Deadlines loom, with operational resilience, UK safeguarding rules and EU Instant Payments Regulation (IPR) slated to take effect in 2025. Broader reviews of regulatory frameworks – EU Payment Services Directive 3 (PSD3) package finalisation and further UK reforms – will lead to further deadlines between 2026 and 2028. 

Implementing payments reforms individually is challenging, but tackling multiple reforms concurrently amplifies the complexity. This presents strategic, operational, and financial questions and challenges for payments firms.¹

In the UK, the multi-year implementation of new safeguarding rules coincides with Consumer Duty and Authorised Push Payment fraud refunds remediations, necessitating substantial upgrades to systems and controls, and Board reporting. 

For example, upgraded systems are essential to support mandatory daily safeguarding reconciliations. Board reporting must evolve to provide a comprehensive view of customer outcomes across products, as required by the Consumer Duty, including fraud metrics related to the customer experience, e.g. time taken to remediate fraud cases. Firms must also embed fraud detection and prevention measures throughout the customer lifecycle, from onboarding to transaction monitoring. 

Creating a single overarching implementation plan can anticipate peak demands on resources – especially risk, compliance, and IT – and identify implementation efficiencies and interdependencies.

The UK Government’s new National Payments Vision acknowledges the industry’s calls for greater coordination of regulatory initiatives and the sector’s vital role in driving economic growth and competitiveness.² A "payments forward plan" should provide much-needed clarity on the sequencing and prioritisation of regulatory initiatives. However, with publication only expected in H2 2025, the plan offers little immediate relief for firms navigating multiple regulatory priorities and reforms.

Meanwhile EU firms face upcoming deadlines for payee verification checks. From October 2025, these checks will be required for euro-denominated credit transfers under IPR. By ~2028, this will likely extend to all EU transfers, regardless of currency, under PSD3 assuming its finalisation by the end of 2025. The introduction of payee verification checks, coupled with the proven success of Strong Customer Authentication (SCA) in reducing fraudulent card payments (Figure 1), will be crucial for protecting revenues and reducing liabilities. This is especially important as PSD3 will likely introduce mandatory fraud refunds. 

Separately, PSD3 will also likely require existing EU non-banks to submit new information to regulators, including details about wind-down and safeguarding arrangements, to demonstrate compliance.
 

Figure 1: fraud rates for SCA vs. non-SCA-authenticated card payments

Source: European Central Bank (ECB) and Europan Banking Authority (EBA)³
 

Beyond meeting compliance deadlines, the window for integrating regulatory considerations into business strategies for initiatives launching from 2026 to 2028 is closing. 

For example, PSD3 proposes that firms must offer payment authentication methods suitable for all users, including those with low digital skills and without smartphones. Firms should use the lead time before PSD3 finalisation to assess the impact on their mobile-only payment strategies and formulate a response. 

Firms should also consider broader digital initiatives affecting payments. For example, by 2027, EU firms must accept EU Digital Identity Wallets for SCA. Additionally, EU firms may capitalise on opportunities presented by the Digital Markets Act, including opening access to Near-Field Communication (NFC) technology on mobile devices provided by certain BigTechs, to create new digital wallets. These wallets could offer consumers alternative options for in-store and online payments, competing with BigTechs, and potentially incorporate open banking-enabled Account-to-Account (A2A) payments.

Overall, looming compliance deadlines, with their associated costs and strategic implications, create a challenging outlook. This appears particularly acute for non-banks, which continue to grapple with profitability pressures, despite rising e-money transaction volumes.⁴

While many individual non-bank payments and e-money firms are highly profitable, the sector as a whole is struggling. 40% of these firms in the UK are unprofitable, with median firm’s net profit standing at a mere £4,200.⁵ This is compounded by shrinking venture capital (Figure 2) and record market exits – 31 payments startups exited Europe in 2023.⁶ Smaller players with fewer resources and less diversified portfolios and revenue streams will feel the pressure.

Non-banks should reassess their strategic positioning in 2025. Larger players may pursue banking licences to unlock revenues, although the costs and lengthy process are likely prohibitive for smaller firms. Alternatively, regulated firms could diversify their offerings, adding services such as credit, digital assets, or Buy Now Pay Later to boost revenues.
 

Figure 2: venture capital investment in the payments industry (in USD bn) 

Source: Dealroom⁷
 

Unbacked digital assets

2025 marks the arrival of EU Markets in Crypto Assets Regulation (MiCAR) compliance deadlines for most custodians, exchanges, and other intermediaries. While roughly 2000 firms are registered under existing national regimes, markets are concentrated.⁸ Ten exchanges handle ~90% of trades.⁹ The rise in operating costs due to MiCAR implementation may result in some EU market exits, beginning in 2025. Lithuania offers a telling early example. In November, 300 locally registered firms were removed from the Lithuanian register for failing to meet new capital requirements.¹⁰

In our experience, most firms committed to the EU have decided their EU head office location and are focussed on securing licences. In licensing processes, regulators are intensifying scrutiny of group structures. We expect firms to be challenged by supervisors if they systematically only route trades to intragroup exchanges outside the EU, necessitating a review of booking models.¹¹ Firms must also demonstrate substance and autonomy, robust client asset control and segregation from the firm’s assets, and financial resilience as standalone EU entities. 

The UK’s regime remains less developed. While draft details will emerge in 2025, final rules are not expected until 2026. It is already clear, however, that compliance with operational resilience and Consumer Duty rules will be a priority for the Financial Conduct Authority (FCA). Although not yet mandatory, firms with ambitious growth plans may benefit from starting preparations for these regimes in 2025, freeing up resources to implement digital assets-specific rules later.

For an industry that has largely operated under lighter touch regulation, the Consumer Duty’s emphasis on ensuring good customer outcomes represents a substantial cultural and strategic shift. Initial steps towards Consumer Duty compliance include developing a granular understanding of your customer base and defining a target market and distribution strategy.

Compliance with operational resilience rules also demands significant resources, as underscored by the three-year implementation timeline for firms already in-scope. Identifying and addressing third-party vulnerabilities will be a key challenge, especially those related to Distributed Ledger Technology beyond firms’ direct control. A helpful starting point is mapping the systems, processes and third parties underpinning services.

We expect European banks and investment managers to remain focussed on securities tokenisation in digital assets strategies. However, Bitcoin’s price surge post-US election and a maturing EU regulatory landscape under MiCAR may prompt some EU firms to re-evaluate building an unbacked digital assets offering in 2025. Existing regulatory permissions could offer incumbents an advantage. For example, banks can provide services governed by MiCAR such as custody of unbacked digital assets via a simpler regulatory notification.
 

The regulatory fog around new forms of money and payments starts to lift 
 

2025 promises increasing regulatory clarity on new forms of money and payments. Five forms are emerging – stablecoins, retail and wholesale CBDCs, tokenised bank deposits and open banking enabled A2A payments – although the level of clarity varies (Figure 3).
 

Figure 3: emerging regulatory clarity for new forms of money and payments

Source: Deloitte analysis

Increasing regulatory clarity will enable firms to (re)assess their strategic approach to new forms of money and payments in 2025. This includes where to focus efforts, when to build capabilities, and the jurisdiction(s) to focus on.

2025 is expected to provide greater clarity on political commitment to retail CBDCs in the EU and UK. Key questions regarding costs, revenue models, and the potential need for mandatory investment in retail CBDC capabilities by banks are also expected to be addressed. 

This comes at a time when firms are facing mounting pressure to invest in compliance, putting a strain on their budgets. This pressure stems from regulations such as the EU's IPR and PSD3, and UK payments reforms, even though these reforms may encourage the adoption of open banking A2A payments. 

Firms with more financial headroom may have capacity to pursue optional investments. One such option is stablecoins. While we expect no significant uptake in the use of stablecoins in European retail payments in 2025 – the primary use case remains digital assets trading – some payments applications are emerging. These include remittances and cross-border payments.¹² European firms seeking market leadership may issue one for brand recognition, potentially gaining an edge if retail use cases emerge. Simplified MiCAR issuances may encourage EU banks and e-money firms.

Optional UK Bank of England (BoE) wholesale CBDC pilots may encourage banks and investment managers to explore instant settlement of digital securities using central bank money in 2025, potentially partnering with trading and settlement platforms in the BoE/Financial Conduct Authority (FCA) Digital Securities Sandbox.

While regulatory clarity is emerging, firms will continue to navigate uncertain commercial models for many new forms of money and payments when making strategic infrastructure investment decisions in 2025. Nevertheless, in the long-term, interaction with DLT-based forms of money appears inevitable. Stablecoins are gaining traction, and CBDCs may leverage DLT. As firms prioritise enhancing technological capabilities (Figure 4), preparing for DLT interaction is paramount. Cloud infrastructure offers a flexible solution for enabling integrating new forms of money and payments alongside traditional methods, mitigating future infrastructure overhauls, and offering scalability as payment processing demands fluctuate. 
 

Figure 4: payments industry investment focus areas

Source: Payments Association & Pay360¹³
 

Regulatory divergence intensifies
 

EU-UK divergence will likely intensify in 2025, adding complexity to firms’ operating environment. 

Firms operating in unbacked digital assets markets already navigate a patchwork of regulations. The EU’s regime is more developed than the UK’s. We see a similar pattern of regulatory divergence emerging in areas such as stablecoins and safeguarding for e-money firms. This year will unveil further detail and potential additional divergence as UK and EU payments regulatory reforms – such as PSD3 – and the UK digital assets framework take shape. 

By end-2025, greater clarity on UK-EU divergence will reveal the long-term costs of offering products in each jurisdiction and enable firms to assess the feasibility of unified risk and compliance systems, policies, and procedures, versus local tailoring.
 

Conclusion
 

Regulatory deadlines loom large, demanding significant skilled staff and financial resources. But firms should not lose sight of the new business model opportunities posed by new forms of money and payments.

Read the full report