With the mandatory reimbursement regime now established, the Payments Systems Regulator (PSR) is proactively publishing data on firms with the highest rates of Authorised Push Payment (APP) fraud. Moreover, the volume of FCA-appointed Skilled Person (section 166) reviews continues to rise for this sector, and the 2025 UK National Risk Assessment has upgraded the risk from Medium to High. These developments are not just coincidental, but mark a decisive push from the regulator for payments and e-money firms to raise their financial crime compliance standards and apply effective controls to manage the unique risks specific to this sector.
The e-money and payments sector carries a range of inherent vulnerabilities that make it especially exposed to financial crime. High volumes of cross-border transactions, particularly those that involve High Risk Third Countries, make it difficult to trace where funds truly come from and their destinations. This challenge is made greater by products that allow high transaction and wallet limits, which make it easy for large amounts of money to move quickly with limited scrutiny.
The structure of many business models in the sector can also create blind spots. Arrangements such as white-label products offered overseas can make it harder for firms to maintain clear oversight of customer activity. Working with merchants in higher risk industries, including gambling or businesses connected to crypto assets, raises the overall risk level further and demands stronger controls than many firms initially anticipate.
Operational factors also contribute to the risks. The low barriers to entry encourage rapid market growth, but many new firms begin with small compliance teams and controls that are still developing. Heavy reliance on automated or outsourced solutions can leave gaps in monitoring and accountability if those solutions are not properly managed. Products and channels that provide a degree of anonymity, for example prepaid cards and digital wallets, are well known for being misused by criminals looking to hide their activity.
Smaller firms are often targeted specifically because their financial crime frameworks are less mature. At the same time, the fast pace of growth across the sector means compliance functions do not always expand quickly enough to keep up with demand. When this happens, firms can find themselves exposed to operational weaknesses and regulatory failings that could have been avoided with more robust oversight.
In managing these risks, firms must ensure their financial crime risk assessments are tailored to their specific products, services and delivery channels. Financial crime issues often intersect with other regulatory challenges, such as safeguarding and broader compliance obligations, which can compound the complexity.
The United Kingdom’s 2025 National Risk Assessment has reclassified the e-money and payments sector from Medium to High risk. This reflects growing concerns about the sector’s exposure to financial crime, including:
This reclassification sends a clear message. Regulators expect firms to enhance their controls and demonstrate robust financial crime risk management.
Regulatory scrutiny is intensifying. Between the years 2022-2023 and 2023-2024, the number of Skilled Person reviews issued to retail banks and payment firms more than doubled, rising from nine to twenty. These reviews are triggered by a range of factors, including:
The consequences are significant. Firms may lose their licences, face costly remediation programmes and suffer reputational damage. The key takeaway is that proactive compliance is no longer optional, and treating compliance as a “reactive” process is not acceptable.
As a starting point, firms should ensure they have strong oversight of any automated solutions they use, including tools for eKYC, transaction monitoring and screening. This oversight should involve properly tuning and calibrating these systems rather than relying on default vendor settings. Tuning should take place on a regular basis and also whenever there are material changes to the firm’s risk profile.
Product risk assessments are also essential for managing the risks associated with higher risk e‑money products such as prepaid cards and e‑wallets. These assessments should consider the complexity of the product, the level of anonymity permitted, the types of merchants or business partners connected to the product, and the way the product is distributed across different markets, jurisdictions, agents and intermediaries.
For e-money and payment firms experiencing rapid growth, resourcing needs must be regularly assessed and incorporated into strategic planning. In addition, financial crime management information should include metrics on the completion of reviews, as well as any backlogs in financial crime reviews and the handling of alerts.
Leveraging the global Forvis Mazars network, we are well positioned to support the largest firms with cross-border operations but also small, independent firms needing tailored support. We can draw upon local expertise to address jurisdiction-specific challenges.
We are particularly well positioned to deliver financial crime compliance services for international payment and e-money firms operating across multiple jurisdictions. Our global financial crime offering enables you to maintain a consistent reporting framework whilst still meeting local regulatory requirements. This ensures you gain maximum value and achieve greater efficiency by working with a single provider.
Our strong relationships with regulators enable us to assist firms during periods of regulatory intervention, including support with regulatory reporting submissions.
Our services include:
Article written by Mikey Addison
Speak to one of our financial crime experts
|
With technology evolving at a rapid pace, an ever changing geopolitical and macro-economic environment, and evolving regulatory requirements, it is essential that firms are aware of the key risks posed by financial crime.
This website uses cookies.
Some of these cookies are necessary, while others help us analyse our traffic, serve advertising and deliver customised experiences for you.
For more information on the cookies we use, please refer to our Privacy Policy.
This website cannot function properly without these cookies.
Analytical cookies help us enhance our website by collecting information on its usage.
We use marketing cookies to increase the relevancy of our advertising campaigns.