Summer Regulatory Round-up: August 2020

Another traditional holiday month proved to be anything but for payment regulation — we reported on dozens of developments throughout August.

Here are the most important moves you need to know about when you return to work.


On August 3, the European Council issued its first sanctions in response to cyberattacks, targeting entities associated with the global WannaCry attack.

The Wirecard saga continued, with VIXIO PaymentsCompliance uncovering the imploded company’s fresh links with the Italian mafia.

European regulatory bodies said that the European Commission should scrap the Electronic Money Directive in favour of a broadened Payment Services Directive (PSD2).

Malta stripped an FX and remittance companies of their licences in August for a litany of regulatory failures, and the regulator told VIXIO PaymentsCompliance that more licences will be shredded.

Experts argued that the proposal to impose financial crime obligations for open banking firms in Europe runs the risk of stifling businesses’ ability to build cross-border operations.

Payment service providers in Europe edged closer to clinching access to Apple’s payment technology amid swelling support for a law to grant firms “equal access” and a European Commission antitrust investigation.

VIXIO PaymentsCompliance looked at a number of competition authorities investigating fintech markets and what it may herald for the payments industry.

Experts told VIXIO PaymentsCompliance of huge AML risks posed by unregulated cryptoassets.


In one of the first public announcements indicating an intention to diverge from EU rules, the UK Competition and Markets Authority (CMA) suggested that Brexit could present an opportunity for the country to cast off “burdensome” aspects of the EU’s open banking regime.

Another Brexit crack showed in the application of strong customer authentication — divergent enforcement in the UK and the EU will result in the UK being deemed a third country under the regime, lawyers told VIXIO PaymentsCompliance.

UK and EU businesses are on course for data transfer friction once the transition period ends in January 2021, Downing Street and several lawyers told VIXIO PaymentsCompliance.


The UK  government launched a Document Checking Service pilot, marking the country’s second foray into digital identity.

As open banking matures, banks called on regulators to draw clear lines of liability between the different parties involved in open banking, or face traditional financial institutions being left to pick up the pieces.

report on open data issues commissioned by the UK government suggested that stronger penalties may be needed for banks that fail to provide a satisfactory interface for third parties.

Then, on August 18, HM Treasury approved JMLSG guidance on crypto exchanges and custodian wallet providers.


Two big deals in the payments sector were approved by competition authorities, despite some reservations from the industry.

First, the European Commission conditionally approved Mastercard’s acquisition of Nets’ account-to-account payment business.

Just two days later, the UK’s CMA approved Visa’s £4bn anticipated acquisition of fintech firm Plaid.


On August 2, the US Consumer Financial Protection Bureau opened the gates to regulated open banking, announcing that it will begin developing a new rule on third-party access to consumer financial data.

Following a July announcement regarding creating a federal payments licence, a consortium of U.S. banks wrote to the Office of the Comptroller of the Currency to voice their opposition to the proposed payments charter.

A few days later, the Federal Reserve announced it is assessing opportunities associated with central bank digital currencies as part of a wider set of payments-related innovation projects.

On August 18, California approved final regulations under the California Consumer Privacy Act.

Further afield 

On August 3, Russia banned anonymous e-wallet top-ups.

Throughout August, Facebook has been active in many jurisdictions in the payments area, with various degrees of success. In Brazil, the central bank confirmed that Visa and Mastercard can conduct tests for a planned WhatsApp-based payment service, which had been put on ice by the regulator.

In India, the Competition Commission rejected a complaint against Facebook that accused the social media giant of abusing its market dominance through a payments feature on WhatsApp.

India also proposed a data protection regime that would make payment firms, including foreign companies, share data with the government.

Meanwhile, in Australia, screen-scraping resurfaced, with the country’s competition authority confirming that banks’ warnings against allowing open banking providers use screen-scraping is not anti-competitive.

Finally, New Zealand launched a consultation on Australian-style consumer data rights.

If you would like to catch up on key regulatory events of July, please click here.

We use cookies on this site to enhance your user experience.