FCA pulled 95 PSP authorisations, opened 9 enforcements

The UK’s Financial Conduct Authority (FCA) pulled permissions or revoked authorisations for 95 payment services providers (PSP) in 2024, according to its own data. In the UK, there are about 1,193 authorised PSPs, comprising 266 electronic money institutions (EMI), and 927 payment institutions (PI) and small payment institutions (SPI), according to data available on the FCA register.

The FCA opened nine enforcement operations between January 2020 and October 14, 2024. It has also subjected a minority of PSPs to own-initiative actions (OIREQ), voluntary requirements (VREQ) and section 166 skilled person reviews in the past five years, according to a Freedom of Information Act (FOIA) response.

The FCA pulled PSP licences for a variety of reasons. In many cases, the reasons for cancellation were unclear, because no decision notice was available.

Some PSPs were found to have client money safeguarding failures, including no client safeguarding whatsoever. Other PSPs lost authorisation or permissions as part of the FCA’s “use it or lose it” programme, which aims, much as described, to cancel permissions at firms that are not using them. Some firms lost their permissions for failing to submit regulatory returns, and some may have been reauthorised under a different brand name.

For instance, the FCA cancelled Transactive Systems’ authorisation in April 2024, almost a year after the Bank of Lithuania shut down the companyʼs business in that country, having found it “seriously and systematically infringed anti-money laundering and counter-terrorist financing (AML/CTF) requirements”.

Supervisory interventions

The FCA subjected 52 PSPs to s166 skilled persons reviews between January 2020 and October 14, 2024, according to FOI11727. Some 20 PSPs have been hit with OIREQs, whereby the regulator imposes restrictions upon a firm, such as forbidding them to take on new customers. Another 23 were subject to VREQs, which can be much the same as OIREQs, but are initiated by the firm.

The FCA and the UK government have also stepped up their responses to authorised push payment (APP) fraud, which has ballooned since 2017 on the back of faster payments and a proliferation of non-bank PSPs. APP fraud losses totalled an estimated £459.7 million last year, £376.4 million of this in personal losses and the remaining £83.3 million in losses to businesses, according to UK Finance data.

The FCA’s focus on financial crime will also have inspired some of its supervisory and enforcement work at PSPs. Four PSPs have been fined by the UK’s Office of Financial Sanctions Implementation (OFSI) since 2019. CB Payments, the UK EMI owned by Coinbase, received a £3.5 million FCA penalty for “significant” weaknesses in its financial crime control framework. The firm then failed to implement and comply with an FCA-imposed VREQ prohibiting it from onboarding high-risk customers.