Latest Payments News: Colombia Becomes Latest Country To Implement AI Framework, and more

Catch up on six of the stories our payments compliance analysts have covered lately, and stay up-to-date on the latest news.

Colombia Becomes Latest Country To Implement AI Framework

Colombia has followed jurisdictions such as its neighbour Chile and the EU in implementing a new policy framework for artificial intelligence (AI).

The policy, which takes effect on June 1, 2025, outlines 106 specific actions across six pillars, including AI governance, digital infrastructure, research and innovation, workforce development and risk management.

It aims to bolster Colombia’s AI capabilities while addressing ethical concerns and cybersecurity risks.

The government will track progress through semi-annual reports, with the policy scheduled to run until December 2030.

Officials say this initiative will position Colombia as a leader in responsible AI development in Latin America.

“This is a historic moment for the technological development of the country, which will be able to continue betting on AI as an engine of growth and generation of well-being for Colombians,” said Belfor Fabio García, Colombia’s ICT minister.

Finland And Latvia Face Up To Rising Fraud Rates

Financial fraud surged in both Finland and Latvia in 2024, with banks preventing millions in losses but cybercriminals still managing to defraud significant sums, according to industry reports.

In Finland, fraudsters attempted to steal €107.2m from victims last year, a 39 percent increase from 2023, when the total stood at €76.9m.

According to the Finnish Financial Services Association, the country’s banks successfully stopped and returned €44.3m in fraudulent transactions, which is 35 percent more than the previous year.

However, cybercriminals still managed to steal €62.9m, with phishing scams emerging as the most common and costly form of fraud, up 161 percent from the previous year.

Investment scams also took a heavy toll, with victims in Finland losing €20.1m, the trade association warned.

Although the figures suggest that the number of romance scams declined last year, they were often reclassified as investment frauds, as scammers lured victims into fake investment schemes.

In Latvia, in contrast, authorities noted a rise in romance scams. Although only 19 cases were officially recorded, the total amount stolen exceeded €260,000, and each victim lost an average of €14,000, with women aged between 40 and 60 the most common targets.

The Financial Industry Association (FNA) highlighted how romance scammers maintain long-term contact to build trust before defrauding victims over several months.

Small, repeated transactions make it harder for bank security systems to detect fraud, contributing to significant overall losses.

There were positive signs in early 2025, however, and the trade association says that Latvian banks prevented €646,283 in fraudulent transactions in January alone — narrowly exceeding the €636,158 that scammers managed to steal.

ESAs Unveil Roadmap For Critical ICT Third-Party Oversight Under DORA

The European Supervisory Authorities (EBA, EIOPA, and ESMA) have published their roadmap for designating critical ICT third-party service providers (CTPPs) under the Digital Operational Resilience Act (DORA).

Once designated, CTPPs are likely to be major ICT service providers, such as cloud computing, data analytics and cybersecurity firms. This could include the likes of Microsoft and Amazon Web Services.

The process, set to conclude this year, will mark the start of active oversight, and national competent authorities will be required to submit their registers of information on ICT third-party arrangements by April 30, 2025.

The ESAs will then conduct criticality assessments, notifying designated providers by July, with a six-week objection period following before final designation and oversight engagement.

To support the transition, the ESAs have also announced plans to hold an online workshop in Q2 2025, with further details to come.

Troubled E-Money Firm Nvayo Enters Special Administration

Nvayo Limited, an e-money institution regulated by the UK’s Financial Conduct Authority (FCA), has entered special administration after months of regulatory scrutiny and legal battles over compliance concerns.

Dane O’Hara, Alex Cadwallader and Andrew Poxon of Leonard Curtis Limited have been appointed as administrators to manage the company’s affairs.

Before its recent troubles, Nvayo was authorised to issue e-money and provide payment services, operating through e-wallets and prepaid cards under the brands Aurae Lifestyle and ClubSwan.

As covered by Vixio, the firm’s troubles began in August 2023 when the FCA imposed restrictions preventing Nvayo from carrying out any e-money services without consent from the regulator.

The watchdog cited serious concerns about the company’s compliance with anti-money laundering (AML) regulations.

Nvayo challenged these restrictions, but in February 2024, the Upper Tribunal upheld the FCA’s decision, dismissing the firm's application to lift the restrictions.

Following the tribunal ruling, Nvayo's directors determined that the company was insolvent and applied for special administration.

The administrators will now assess the safeguarded funds held by Nvayo and oversee the process of returning customer funds where possible. Customers should receive further information regarding their claims and next steps within eight weeks.

Adding to Nvayo's legal troubles, in October 2024, its founder and CEO, Christopher James Scanlon, was charged by the District of New Jersey with conspiring to control and own an unlicensed money transmitting business.

According to US prosecutors, Scanlon provided fiat and cryptocurrency financial services without proper registration, facilitated transactions between customers' accounts and executed at least one "off the books" transaction for a customer later indicted in a cryptocurrency mining scheme.

Federal Reserve Delays ISO 20022 Implementation Until Summer

The US Federal Reserve has postponed the planned implementation of the ISO 20022 message format for the Fedwire® Funds Service from March 10 to July 14, 2025, with a final "go" or "no go" decision to be announced by June 27.

The Federal Reserve has pushed back its ISO 20022 deadline “after careful consideration of industry requests and assessment of customer readiness”.

Despite saying that “the industry has made significant progress and accomplished many key milestones”, the US regulator has allowed firms additional time to prepare for the transition.

The Fedwire Funds Service will continue using the existing FAIM 3.0.7 message format until July.

Several regulators worldwide have adopted or are in the process of implementing ISO 20022.

For example, Swift began its migration for cross-border payments and reporting (CBPR+) in March 2023, with full implementation expected by November 2025.

The European Central Bank (ECB), meanwhile, transitioned its TARGET2 system to ISO 20022 in March 2023 and the Bank of England plans to implement ISO 20022 for the CHAPS payment system by November 2025.

AI And Crypto Among Priorities At UK-EU Regulatory Forum

The EU and the UK reaffirmed their commitment to regulatory cooperation in financial services during the third meeting of the Joint EU-UK Financial Regulatory Forum, held in London on February 12.

Senior officials from HM Treasury, the European Commission, the Bank of England (BoE), the Financial Conduct Authority (FCA) and other regulatory bodies participated in discussions covering issues such as banking regulation, sustainability and digitisation.

A significant emphasis was placed on AI, and the two jurisdictions “agreed to continue working together and with the wider international community to develop a common understanding of its benefits and risks, particularly in relation to the rapid innovation of financial services, to financial stability, and to public trust and safety”.

In addition, the UK outlined its plans for new legislation on crypto regulation, the EU highlighted the recent full implementation of its Markets in Crypto-Assets Regulation (MiCA), and both sides emphasised the need for global regulatory alignment.

Sustainable finance was another major topic, with discussions on disclosure requirements, green taxonomies and international cooperation to streamline reporting standards.

The EU outlined plans to simplify reporting burdens, and the UK shared insights from its recent green taxonomy consultation.

The forum concluded with a commitment to continued dialogue and collaboration ahead of the next meeting.

‍

Want to know more?

‍Request a demo with one of our experts today to gain full access to the stories we cover - and much more - and start learning how you can make compliance a competitive advantage for your organisation.