Regulations & Standards

Payments Hub

What are payments regulations and standards?

Payment regulations refer to the rules, laws, and guidelines established by regulatory authorities or governing bodies to govern and oversee payment activities within a specific jurisdiction.

These regulations are typically imposed by government agencies or central banks and are designed to protect consumers, prevent financial crimes, promote fair competition, and maintain stability in the financial system. They specify legal requirements, licensing procedures, reporting obligations, and consumer protection measures that payment service providers and financial institutions must comply with.

Payment standards, on the other hand, are industry-developed frameworks or guidelines that aim to establish uniform practices, protocols, and technical specifications for payment systems and processes.

These standards are typically developed by international or regional payment industry organisations, such as the International Organization for Standardization (ISO) or the Payment Card Industry Security Standards Council (PCI SSC).

Payment standards provide a common framework that facilitates interoperability, compatibility, and harmonisation among various payment stakeholders, including payment service providers, merchants, financial institutions, and technology vendors.

Payment regulations and standards are put in place to ensure the safety, security, and efficiency of payment systems while also protecting consumers from fraud and financial crime.

Why are payments regulations and standards important?

Payment regulations and standards are important for several reasons.

For one, they ensure that payment systems are secure and protect against fraud, data breaches, and other types of cybercrime. By adhering to their rules and guidelines, financial institutions and payment processors can minimise the risk of security breaches and protect customer data.

From the consumer perspective, regulations and standards also help to provide dispute resolution mechanisms and ensure transparency by having providers disclose their fees and charges. This helps to prevent abuse or other forms of fraud and ensures that consumers are treated fairly.

Regulations and standards can also help to make payment systems more efficient by promoting interoperability and standardisation – even on an international level – making it easier for different payment systems to work together.

This is important because payment systems are increasingly global, and cross-border transactions require standardised processes to ensure they are efficient, secure, and compliant with local regulations.

At the end of the day, regulations and standards are essential for ensuring payment systems’ safety, security, and efficiency while protecting consumers and promoting innovation and international cooperation.

payment regulations rules standards checklist documentation

Payments regulations and standards around the world

Payments regulations and standards vary worldwide, with different countries and regions having their own regulatory frameworks. Let’s walk through some of the most well-known regulations.

Payment Card Industry Data Security Standards (PCI DSS)

The Payment Card Industry Data Security Standards (PCI DSS) are a set of security standards established by the major credit card companies to protect sensitive information associated with credit and debit card transactions.

PCI DSS, which includes a set of 12 requirements that cover various aspects of data security, ensures that all companies that accept, process, store, or transmit credit card information maintain a secure environment.

It applies to all organisations that process credit card transactions, regardless of their size or the number of transactions and non-compliance can result in significant fines and damage to an organisation’s reputation.

Compliance with PCI DSS requires ongoing effort and resources, but it is an essential component of maintaining the security of cardholder data and protecting against fraud and other types of cybercrime.

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a comprehensive data protection regulation introduced by the European Union in 2018. It is designed to give EU citizens more control over their personal data and applies to all companies that process the personal data of EU citizens, regardless of where the company is located.

This means that even companies outside the EU that process the personal data of EU citizens – defined as any information relating to an identified or identifiable natural person, such as a name, an ID number, location data, or an online identifier – must comply with the GDPR.

Under the regulation, individuals have the right to access their personal data, to have their personal data erased, and to data portability. It also requires companies to obtain clear and explicit consent from individuals before collecting their personal data and provide them with clear and transparent information about how their data will be processed.

Non-compliance with the GDPR can result in significant fines, with penalties of up to €20 million or 4% of a company’s global annual revenue.

Anti-Money Laundering (AML) regulations

Anti-Money Laundering (AML) regulations prevent criminals from disguising illegally obtained funds as legitimate income.

AML regulations are designed to detect and prevent money laundering by requiring financial institutions, including banks, money service businesses, and securities dealers, to implement certain policies, procedures, and controls.

These regulations require institutions to identify customers, monitor their transactions, and report suspicious activity to the relevant authorities.

The AML regulations are intended to prevent various criminal activities, including drug trafficking, terrorist financing, corruption, and fraud. By preventing money laundering, these regulations help to reduce the profits criminals can earn from their illegal activities and make it more difficult for them to fund further criminal activities.

In many countries, non-compliance with AML regulations can result in significant fines, criminal charges, and the loss of the institution’s license to operate. As a result, institutions subject to AML regulations must take these requirements seriously and ensure that they have robust compliance programs in place.

Know Your Customer (KYC) regulations

Know Your Customer (KYC) regulations require financial institutions to verify and identify their customers before conducting business with them and are designed to ensure that financial institutions are not used to facilitate criminal activities.

Under KYC regulations, financial institutions must collect and maintain accurate and up-to-date customer information, including name, address, date of birth, and government-issued identification. They must also perform due diligence on their customers to determine their risk level and identify potential red flags or suspicious activities.

KYC regulations are enforced by regulatory bodies such as central banks, financial intelligence units, and other government agencies, and non-compliance can result in significant fines and legal penalties for financial institutions.

Payment Services Directive 2 (PSD2)

The Payment Services Directive 2 (PSD2) is a set of regulations introduced by the European Union (EU) to increase competition, innovation, and security in the payments industry.

The legislation applies to all payment service providers operating within the EU, including banks, fintech companies, and other payment institutions.

It is designed to create a more competitive, innovative, and secure payments industry by promoting open banking and enabling new fintech companies to offer innovative payment services.

PSD2 also enhances consumer protection and strengthens the security of electronic payments by requiring strong customer authentication and refunding unauthorised transactions.

Cross-border payments regulations

Cross-border payment regulations refer to the laws and guidelines that govern the transfer of funds between countries.

These regulations promote transparency, security, and efficiency in cross-border payment transactions while preventing illicit activities such as money laundering and terrorist financing.

One of the key regulatory bodies in cross-border payments is the Financial Action Task Force (FATF), an intergovernmental organisation that sets global standards for anti-money laundering and counter-terrorism financing.

FATF works closely with national governments and financial institutions to develop and implement effective cross-border payment regulations.

Some other notable cross-border payment regulations include:

  • Foreign Account Tax Compliance Act (FATCA): This US regulation requires foreign financial institutions to report financial information about their American account holders to the Internal Revenue Service (IRS) in an effort to combat tax evasion.
  • Common Reporting Standard (CRS): This international standard developed by the Organisation for Economic Co-operation and Development (OECD) requires financial institutions to report financial information about their foreign account holders to their home country’s tax authority.
  • Basel III: This international banking regulation aims to improve the resilience of banks and the stability of the global financial system by strengthening capital requirements, enhancing risk management practices, and improving liquidity management.

Consumer protection in payments

Consumer protection in payments refers to regulations and practices to protect consumers who make payments through various payment methods, to ensure that consumers have a safe and secure payment experience and to provide them with remedies in case something goes wrong.

Legislation in this category can be widespread, and the specifics vary greatly from jurisdiction to jurisdiction. Looking just at the USA, some notable examples of consumer protection regulations in payments include:

  • The Electronic Fund Transfer Act (EFTA): This law outlines the rights and liabilities of consumers who use electronic payment methods, such as debit cards, ATMs, and electronic checks. Under the EFTA, consumers can dispute unauthorised transactions and errors in electronic funds transfers.
  • The Fair Credit Billing Act (FCBA): This law protects consumers who use credit cards. Under the FCBA, consumers can dispute unauthorised charges, bill errors, and defective or misrepresented goods or services.
  • The Consumer Financial Protection Bureau (CFPB): This federal agency enforces consumer protection laws related to financial products and services. The CFPB provides information and resources for consumers to help them make informed payment decisions.

Other regional legislation

United States: In the US, payments are regulated by several bodies, including the Federal Reserve and the Office of the Comptroller of the Currency. Some key regulations include the Electronic Funds Transfer Act and the Dodd-Frank Wall Street Reform and Consumer Protection Act.

United Kingdom: In the UK, the Financial Conduct Authority (FCA) is the primary regulator of payments and is responsible for implementing various regulations, including the Payment Services Regulations and the Interchange Fee Regulations.

China: The People’s Bank of China (PBOC) regulates payments in China and has implemented several regulations, including the Measures for the Administration of Online Payment Services and the Measures for the Administration of Payment Services Provided by Non-bank Payment Institutions.

Australia: In Australia, payments are regulated by the Australian Prudential Regulation Authority (APRA) and the Australian Securities and Investments Commission (ASIC), among others.

Canada: In Canada, payments are regulated by the Office of the Superintendent of Financial Institutions (OSFI) and the Financial Consumer Agency of Canada (FCAC). Key regulations include the Payment Card Networks Act and the Proceeds of Crime (Money Laundering) and Terrorist Financing Act.

Compliance with payments regulations and standards

Compliance with payment regulations and standards requires firms to first have a solid understanding of the laws and regulations that apply to their operations.

This requires regular monitoring of regulatory developments, as well as ongoing training and education to stay up to date on compliance requirements.

Firms must then invest the time to establish and implement policies and procedures to ensure compliance with these relevant laws and regulations. This may involve developing internal controls, conducting risk assessments, and establishing reporting mechanisms to ensure that potential compliance issues are identified and addressed in a timely manner.

It’s important to remember that a policy that only exists in a dusty binder on the top shelf in the back corner of an off-site storage unit, behind a precariously stacked pile of customer records from the 80s, doesn’t do anyone any good!

Compliance with these regulations and standards requires ongoing monitoring and testing to ensure that any issues are identified. If a compliance issue is identified, firms must take appropriate action and report the issue to the relevant authorities as required by law.

Failure to comply with payment regulations and standards can result in significant financial penalties, legal liability, reputational damage, and loss of business.

Therefore, it is essential that industry participants take compliance seriously and make it a priority in their operations.


Latest News


Geopolitical risk and financial crime risk are interwoven, and data is key to managing both


Learn why data is crucial in navigating geopolitical & sanctions risks within the payments space, ensuring compliance & financial integrity…. Read More →


Trade finance and ISO 20022: A matter of when, not if?


Discover how ISO 20022 can reshape the world of trade finance and what banks need to do to prepare for… Read More →


Oman’s economic diversification: A closer look at non-oil exports and trade partnerships in 2022


Non-oil exports drove economic growth in Oman in 2022. Learn how the government is promoting & supporting the export sector…. Read More →


The new language of payments: BAFT releases whitepaper on navigating the ISO 20022 transition


The Bankers Association for Finance and Trade (BAFT), a global industry association for international transaction banking, has released a whitepaper,… Read More →


Six payments predictions that will influence 2024


The last couple of years have been rough for the economy as a whole and payments in particular. But recovery… Read More →


PODCAST | Year ahead: Swift CIO on balancing uneven payments regulation and advancing CBDC


2024 is set to bring about significant changes in finance and banking. Driven by a convergence of cutting-edge technologies, the… Read More →


BAFT releases White Paper on “ISO 20022 Migration Lessons Learned”


BAFT, the leading global financial services association for international transaction banking, has published a new white paper titled “ISO 20022… Read More →


Switching the Pound for the Peso: Three reasons why you should consider settling invoices in local currencies


While it comes with many business benefits, engaging in trade with nations around the world can be a complex process…. Read More →


Open finance in trade facilitation: The impact of UN/CEFACT’s digital initiatives


Over the past years, international trade has been challenged by various factors. According to the 2023 Digital and Sustainable Trade… Read More →


BAFT to host 2024 International Trade and Payments Conference


BAFT has announced the 2024 International Trade and Payments Conference, set to take place from 27-29 February 2024, in Washington,… Read More →


Assessing the state of the cross-border payments ecosystem in 2023


According to Mastercard’s 2023 Borderless Payments Report millions of consumers and SMEs worldwide are increasingly dependent on both intra and… Read More →


Video | ITFA Christmas Party: Unwrapping the EU Late Payments Regulation


Businesses and public authorities across the EU may be facing tougher laws on late payments, with the European Commission proposing… Read More →


The 9 key events that shaped trade, treasury, and payments in 2023


At TFG, we took the time to reflect back on the happenings across trade, treasury, and payments in 2023. After… Read More →


Global remittances continue to grow despite economic challenges


Remittances to countries with low and middle incomes experienced a growth of 3.8% in 2023, showing a slowdown compared to… Read More →


Allianz Trade: How BNPL is revolutionising B2B e-commerce 


Buy-now-pay-later solutions will turbocharge growth in B2B e-commerce, combining trade credit insurance with a seamless digital purchasing experience…. Read More →

About the Author

Carter is a Research Associate at Trade Finance Global focusing on the impact of macroeconomic trends and emerging technologies on international trade.

He holds international business and science degrees from the European Business School in Germany as well as Brock University and Queen’s University in Canada where he served as the director of operations and finance for the student executive council and as an operations associate for the Queen’s University Alternative Asset Fund. Carter’s work has been featured in publications and articles supported by the SME Finance Forum, managed by the International Finance Corporation, World Trade Organization, and International Chamber of Commerce.

Carter is a graduate of the Trade Accelerator Program (TAP) through the Toronto Board of Trade and the head of international business development at the Canadian-based building supply exporting firm, The Great Egress Co. He is also a Certified International Trade Professional (CITP) and a member of the exam development panel for the Forum for International Trade Training (FITT) where he developed exam questions for the update of the CITP Professional Exam as part of FITT’s application for ISO 17024 Accreditation.

Back to Top