Europe’s payments market remains fragmented despite ongoing efforts to harmonise rules across the bloc, creating persistent challenges for FinTechs looking to scale cross-border. Divergent national rules and priorities result in higher operational costs, slower scaling and increased regulatory risk for firms navigating Europe’s patchwork compliance landscape.
According to Corlytics, frameworks like PSD3 and DORA are designed to enhance resilience and promote innovation within the financial sector, but they are unlikely to eliminate fragmentation entirely. Member states retain discretion in how they enforce these regulations, leading to uncertainty that pushes up compliance costs and risks. Under PSD3, payment institutions and e-money institutions will face stricter requirements, including winding-up plans and pre-emptive ICT/data-sharing protocols.
Capital thresholds will rise to adjust for inflation, and own-funds calculations will tighten under ‘Method B’ by default. While intended to improve operational soundness, these changes add pressure on firms to comply upfront.
The challenge for FinTechs lies in building resilient systems without clear guidance on local rule enforcement. Whether managing KYC remediation, customer onboarding, fraud prevention or incident response, agility is now a compliance requirement. Yet, achieving that agility is difficult when regulatory certainty remains out of reach.
Moving quickly while maintaining compliance is a delicate balancing act. A speaker at the recent Future of Payments and Compliance Forum in Barcelona remarked, “100% compliance at all times is close to impossible. However, we need to deal with that.” This was reflected in recent enforcement activity, with the UK’s FCA fining HSBC for customer treatment failings, while in the US, the CFPB penalised Sutherland Global and Chime. Governance issues also saw cross-border action against Citi.
Part of the complexity stems from the disconnect between EU directives and national enforcement. A suspicious transaction may prompt different reporting obligations in Spain compared with Germany. BaFin, Germany’s financial regulator, recently reprimanded a payment firm for filing excessive suspicious transaction reports with vague evidence, while Spain’s FIU, SEPBLAC, demands immediate and detailed structured reporting for all suspicious transactions under Article 18 of Law 10/2010.
For cross-border FinTechs, this landscape can feel like “regulatory death by a thousand cuts”. The more firms adapt platforms to local differences, the harder it becomes to scale and operate efficiently. Yet, non-compliance is not an option, and firms often struggle with training frontline staff to identify compliance triggers within live workflows, risking regulatory breaches even during routine processes like customer refunds.
The best-prepared firms are embedding compliance across all teams, from legal to product and engineering. Compliance must become part of every transaction, API call and customer interaction. Following DORA’s enforcement in January 2025, firms must demonstrate operational readiness, incident response, and resilience testing across ICT systems. The European Banking Authority has clarified that DORA applies to regulated entities, including credit institutions, EMIs and AISPs, while others remain under PSD2.
Despite this, the European Court of Auditors recently flagged that key payment infrastructure players like gateways and processors fall outside DORA’s scope, creating potential blind spots in real-time payments oversight.
The launch of AMLA (Anti-Money Laundering Authority) on 1 July 2025 promises greater consistency, but caution remains. “I’m confident and scared at the same time,” one executive noted, reflecting the wider sentiment in the payments compliance space.
Fixing compliance challenges requires building dynamic, compliance-ready systems from the ground up. Forward-thinking firms are leveraging upcoming regulations as catalysts for growth, reviewing gap analyses, reworking risk frameworks and embedding resilience testing into product lifecycles. In the era of instant payments, compliance must move just as fast.
Corlytics offers a critical advantage here, enabling payments firms to simplify compliance, maintain agility and accelerate market expansion while staying ahead of regulatory changes. The company’s regulatory intelligence and compliance automation solutions help firms transform compliance into a growth driver, providing confidence and control in a shifting regulatory landscape.
Copyright © 2025 RegTech Analyst
Copyright © 2018 RegTech Analyst
