The case for payment regulations in the Crown Dependencies

This article was drafted by Chris Hutley-Hurst of Walkers and Paul Gorman of Bank Aston.

Payments was historically a hidden component of financial services only fully understood by specialists. In the last 20 years, however, it has become a strategic differentiator not just between banks but also between jurisdictions. The EU and UK have payments regulatory frameworks that are already ahead of those in the Crown Dependencies (CDs). Both are in the process of making further improvements to those frameworks.

In the first part of this article, we describe the main commercial gaps and consumer protection differences. That is, what products and services exist in the UK and/or EU (due to superior regulations) but either do not exist or are materially worse in the CDs.

We also set out the risks of regulatory divergence. In short, if a UK bank has 20 million current accounts in the UK and (say) 40 thousand current accounts across the CDs, (hypothetically) why would that bank maintain infrastructure for the 0.2% of its users needing inferior functionality?

After that, we set out the regulatory changes coming in the EU and UK that will increase regulatory divergence and make the service gaps and divergence risks materially worse. We explain the nature of the coming changes and, in doing so, what ‘good’ looks like. Spoiler alert: the UK’s position is already good (and improving); and the EU is making changes that align with the UK’s regulatory approach.

We finish by summarising the commercial, protection and risk cases for payments regulations in the CDs. The rationale for each is strong and together they create a strategic imperative. The islands must collaborate to deliver payment regulations and achieve good outcomes in a reasonable timeframe. There are a number of ways to collaborate but the first things to be done are to recognise the gaps and open-up the lines of communication.

Existing differences

The CDs have historically benefitted from being able to use UK banking functionality due to factors such as a common currency and the same sort code / account number structure. However, there are already some jurisdictional differences and over time these have gone from minor to major. 

To decide whether we should be concerned about this, and whether there’s a business case for new legislation in the CDs, it helps to look at some examples of where the current lack of regulation already affects people day-to-day:

• Card acquiring: This is how a merchant gets paid with a card. It could be a contactless card reader in a small shop or taxi; through to a web-based payments gateway in an online shop. Card acquiring companies have been able to set up in the UK because of payments regulations. Small businesses in the CDs typically source card readers from UK (directly or indirectly), but a lack of both competition and choice of providers willing to service the CDs makes them expensive. The higher costs are absorbed by the merchant and/or passed on to the (unwitting) consumer.
  
  
• Card issuing: This involves issuing either a physical card and / or a virtual card for a smartphone wallet. However, it is not always straightforward - cards come in a variety of flavours (e.g. Credit, Debit, pre-paid), and a number of UK card issuers do not issue cards (especially credit cards) to CD residents. Each type of card makes use of a variety of regulations, including those for payments services and/or e-money as well as cross-border card-based transactions, interchange fees, etc. The lack of truly CD-native debit and credit cards undoubtedly leads to a lack of choice and competition.
  
  
• Open Banking: CD-based accounts (with CD sort codes) are not included in Open Banking and so CD residents miss out on the benefits. These include Payments Initiation (PI) and Confirmation of Payee (COP). PI allows a person to make payments directly from their bank account within a third-party website, bypassing the need to enter card details or log into their bank's online portal. COP helps ensure that payments are sent to the correct recipient by verifying the account name against the details held by the payee's bank. The absence of these benefits may not be apparent day-to-day. However, these functionalities reduce transactional friction, prevent fraud and payment errors, and increase competition. A CD resident may not notice the extra friction or lack of competition if they have nothing to compare with. However, they are undoubtedly less safe from fraud and error compared with a UK resident.
  
  
• Non-native banks and payments companies: UK payments firms regularly travel into the CDs to conduct business, often providing services which can’t be supplied locally (e.g. pre-paid cards). The accounts they provide, and the payments flow, are in / via the UK. This means capital leaving the CDs and a reduction in local income. There have also been examples of large UK payments institutions failing. This includes one notable example in 2025 which was active in the CDs but which has now gone into liquidation due to excessive risk-taking. Arguably, if the regulation existed to enable these products natively, there would be less need to ‘import’ them and better controls could be put in place around each island’s regulatory perimeter.

Divergence

All across the CDs we hear concerns about the risk of being left behind. Unhappily, the risks are far greater than that:

• The UK Banking infrastructure that CD residents use day-to-day is largely paid-for by the UK banks. The Bank of England and its approved schemes (such as Faster Payments, BACS etc.) also provide crucial but less visible support in the background. The high street UK banks each serve many millions of UK clients and only a few tens-of-thousands in the CDs. The UK banks therefore have to maintain different functionality for a very small subset of its user-base (substantially less than 1%). As regulatory divergence accelerates, there is a clear danger that some of the individual UK banks will be reticent to maintain a two-tier banking platform for a tiny fraction of users. The biggest risk, of not tracking or catching up, is therefore that a UK high street bank could decide not to maintain differential functionality and instead could choose to exit their retail business in the islands.
  
  
• The absence of COP also affects the introduction of consumer protections such as determining liability for Authorised Push Payment (APP) fraud. To remain aligned with the UK (see above) the CDs’ regulators could introduce legislation making banks and payment firms liable for APP fraud. In our view, it’s a fair assumption that they are already looking at it. However, without COP's ability to mitigate APP fraud, such a move could have a disproportionate impact on CD banks. If a bank or payments firm is to be liable for APP fraud as they are in the UK then they surely also need the tools that UK banks have available to mitigate that fraud.
  
  
• Pay.uk, which is the industry body that provides and administers payments infrastructure in the UK, has made APP fraud protection the centrepiece of its strategy and roadmap over the last 2 years. Without the ability to stay aligned, or a long-term strategy, the CDs risk loss of influence over regulatory development and an inexorable drift into obscurity and irrelevance.

Regulatory divergence is increasing

The EU is bringing-forward two sets of related legislation: the Payment Services Directive 3 and the Payment Services Regulation. These are likely to come into effect in the EU at around the same time.

As a (post-Brexit) reminder, an EU Directive tells each member country what must be done but gives them a certain amount of latitude in how those changes may be implemented; a Regulation, on the other hand, applies as law automatically and directly to the whole bloc as published. The new Directive will deal with issues such as licensing and supervision, which are country-specific matters. However, the new Regulation will address issues where standardisation is critical such as in matters of trust, payment schemes and technology security.

The unacknowledged truth is that the EU is amending its payments legislation to align it to the UK’s already existing approach, belatedly and tacitly acknowledging the inferiority of its previous implementation and thus the criticality of standards-based regulation. For example:

• The new PSRs will enable “Verification of Payee” to be introduced across the Single Euro Payments Area (SEPA) zone. This requires common standards (and thus bloc-wide regulation). The UK already has Confirmation of Payee which uses its Open Banking standards-based legislation and infrastructure.
  
  
• Other security and fraud prevention measures will be standardised such as multi-factor authentication. The UK already uses common regulatory technical standards.
  
  
• Instant payments (SEPA-Instant) must have commonality of implementation, achieving a similar outcome to the UK’s Faster Payments scheme. Of course, the advent of instant payments is required to make a Payment Initiation Service meaningful, but it also makes fraud protections all-the-more critical.
  
  
• Non-bank payments companies will be able to join the SEPA payment schemes directly as a member without having to use a bank member as a "go-between". The UK’s regulations already allow this.
  
  
• An Open Banking equivalent solution will be implemented in the EU using common regulation. The UK’s native Open Banking solution already has a single set of legal and technical requirements that ensure a standards-driven approach to establishing consent and trust.

The UK is not resting on its laurels and in its update, amongst other things, it will be addressing the protection of clients’ funds by payments companies. Other (separate) changes in the UK could also lead to divergence from the CDs including:

• A Data (Use and Access) bill passing through UK parliament in 2025 that has the potential to extend ‘Open Banking’ to ‘Open Finance’ and other “Open” services.
  
  
• The UK government’s National Payments Vision (2024) provides the Bank of England’s vision of its payment schemes and a high-level design and roadmap of the required changes and upgrades.
  
  
• Variable Recurring Payments (VRP). This extends Open Banking functionality and is being funded (via Open Banking Limited) by a group of 31 banks and payment firms.

The rationale for payment regulation in the CDs

As should be clear from the above, the rationale for payment regulation includes commercial benefits, consumer protection and risk avoidance for the CDs and their residents. In summary:

• Card acquiring. Increased competition from providers and cheaper for merchants and ultimately for consumers.
  
  
• Native card issuing. Enables access, consumer choice and innovation as well as mitigating the lack of choice in cards.
  
  
• COP. Protect consumers from fraud and error as well as reducing friction.
  
  
• Open Banking functionality that reduces friction and execution risk.
  
  
• Shoring-up each CD’s regulatory perimeter. Consumers and businesses can use locally regulated providers. This protects users from poor standards and local businesses from unfair competition. It also keeps transactions and balances on-island.
  
  
• Preventing regulatory divergence from UK, mitigating many risks including of UK banks exiting the CDs.
  
  
• Enabling innovation in a safe, secure and controlled manner.

Conclusion

The CDs have a fantastic heritage as international financial centres. This heritage must not be held back or damaged by legacy infrastructure or legacy regulations. Unlike in other cases, this decision is in our own hands and we need to work together. For some of the changes, a well-coordinated universal regulatory change is needed across the islands. A lot of the regulation (particularly the standards pieces) can be replicated from the UK’s legislature, but the imperative for change must come from the local markets.

Whether this change is viewed as ‘fixing the roof while the sun is shining’ or ‘getting the foundations right from the outset’, there is an undeniable business case and need for the CDs to come together on updating payments regulations. Not only do the CDs’ residents and institutions need and deserve this upgrade, but they also should not have to live with the risk of further legislative divergence.