The payments industry is evolving in response to shifting compliance demands, regulatory change, and the widespread adoption of data standards like ISO 20022. Recent moves by the Federal Reserve and other agencies are reshaping how financial institutions manage transparency, risk, and data integrity.
We explore the latest regulatory trends, outline practical steps for staying compliant, and examine the growing importance of ISO 20022 in modern payment systems.
New Regulations from the Federal Reserve and Regulatory Agencies
FedNow and Real-Time Payments Oversight
The launch of the FedNow Service by the Federal Reserve in July 2023 marked a significant milestone in U.S. payments modernization. This real-time payments system enables instant settlement between banks around the clock. While offering speed and convenience, real-time payments also introduce new compliance responsibilities.
Financial institutions using FedNow are expected to implement stronger controls for fraud detection, anti-money laundering (AML) and transaction monitoring. The Federal Reserve has emphasized the need for end-to-end transparency and traceability of transactions. Real-time payments reduce the window for intervention, making it essential to invest in automated monitoring tools and robust Know Your Customer (KYC) processes.
The Federal Reserve has revised the timeline for Fedwire’s ISO 20022 migration, now scheduled for 14 July 2025, rather than the previously announced 10 March 2025. This update will involve a shift from the current FAIM protocol to ISO 20022-based messaging.
Revisions to the Durbin Amendment
The Federal Reserve has also proposed updates to the Durbin Amendment, which regulates debit card interchange fees and routing. The proposed changes include a lower cap on interchange fees and a requirement that issuers provide access to more unaffiliated networks for transaction routing.
If adopted, these changes could reduce revenues for card issuers and require technical updates to accommodate multiple network options. Financial institutions should assess how these proposals might impact their card programs and prepare for increased regulatory scrutiny around routing compliance.
CFPB scrutiny of digital wallets and BNPL
The Consumer Financial Protection Bureau (CFPB) has intensified its oversight of emerging fintech services, with particular focus on digital wallets and Buy Now, Pay Later (BNPL) platforms. These products are widely adopted but often operate outside many of the regulatory frameworks that apply to traditional financial institutions, raising concerns around consumer protection, transparency, and systemic risk.
In recent reports, the CFPB has flagged multiple issues, including:
- Data privacy risks, stemming from unclear data-sharing practices and minimal user consent mechanisms.
- Inconsistent consumer disclosures, especially regarding repayment terms, fees, and default consequences in BNPL agreements.
- Lack of standardised credit reporting, which makes it difficult to assess a consumer’s full financial obligations and can lead to overextension.
- Potential gaps in fraud prevention and customer identity verification, particularly in digital wallet services offering peer-to-peer transfers or stored-value accounts.
As regulatory pressure increases, both BNPL and digital wallet providers will need to prepare for a more rigorous compliance landscape. This may include:
- Enhanced licensing requirements, similar to those applied to payment institutions or e-money providers.
- More comprehensive and standardised reporting obligations, particularly around credit usage, consumer complaints, and transaction data.
- Auditing and supervisory expectations, requiring better internal controls and risk management frameworks.
- Obligations to improve user transparency, such as clearer terms of service, repayment calculators, and opt-in mechanisms for data use.
Fintechs operating in this space would be prudent to invest in compliance infrastructure now. This includes adopting RegTech tools, strengthening KYC and AML systems, and seeking legal guidance to anticipate changes in regulation and maintain consumer trust.
5 Best Practices for Payment Compliance
1. Implement Real-Time Risk Monitoring
The shift to real-time payments means compliance systems must operate in real time as well. Institutions should deploy automated fraud detection and transaction screening tools that integrate with both core systems and customer interfaces.
2. Strengthen KYC and Ongoing Due Diligence
A robust KYC process remains the foundation of compliance. This includes not just onboarding checks but also ongoing monitoring. Use risk-based approaches to evaluate customer behavior patterns, flag anomalies, and regularly update customer profiles.
3. Integrate AI into Compliance Processes
Artificial intelligence and machine learning can dramatically improve the accuracy of AML and fraud detection. These tools can identify suspicious activity patterns across vast datasets and adapt to evolving typologies, reducing false positives and compliance costs.
4. Maintain a Global Compliance Map
For companies operating across jurisdictions, maintaining a real-time map of global compliance obligations is essential. This includes understanding the nuances of different regulators, licensing requirements, and local reporting frameworks. Regulatory technology (RegTech) platforms can help centralize this information and ensure ongoing adherence.
5. Encourage cross-departmental collaboration
Cross-functional teams spanning legal, operations, IT, and risk management should collaborate on compliance planning. Aligning goals and integrating compliance into product development and customer service workflows enhances overall resilience.
ISO 20022 and the Push for Standardized Data
ISO 20022 is a global messaging standard designed to streamline financial communications across banks, payment systems, and fintech platforms. It provides richer, structured, and more consistent data fields, enabling clearer transaction details and better interoperability.
Unlike legacy formats like SWIFT MT or proprietary messaging, ISO 20022 uses XML-based syntax to support complex data structures. It includes fields for remittance information, purpose codes, and legal entity identifiers making it ideal for compliance, reconciliation, and automation.
ISO 20022 supports compliance in several ways. The structured data fields make it easier to screen transactions, generate audit trails, and meet AML requirements. It also improves reconciliation and reduces errors, which is especially valuable in a real-time environment.
Migrating to ISO 20022 is not without challenges. Legacy systems may not support the new standard, and partial adoption can lead to data truncation. To mitigate these risks:
- Invest in middleware and APIs that translate between formats
- Conduct data mapping exercises to align internal data structures
- Run parallel systems during the transition phase
- Work with third-party service providers for managed implementation
As the Fedwire migration deadline nears, US banks must accelerate their ISO 20022 strategies to stay aligned with evolving financial standards.
