UK Finance’s latest must–read blogs

How to create a platform for innovation in payments??

The UK payments industry has transformed over the last decade, giving greater choice and convenience than ever before.?

As our latest Payments Markets Report shows, the 45 billion payments made in the UK touch everyone’s lives, supporting customer experiences and delivering value to businesses.??

There is also a huge amount of innovation taking place within money and payments. For example, industry came together through the UK Regulated Liability Network Experimentation Phase to explore the value of tokenized commercial bank money.?

As these new technologies develop, the industry will continue to innovate and invest in our payments infrastructure. This investment will underpin greater resilience and also unlock new capabilities that have the potential to further enhance customer experiences and deliver tangible business benefits.?

But the industry is facing challenges. Last year UK Finance surveyed its payment members in responding to the Future of Payments Review. We found that over 90 per cent of change budget was being spent on mandatory regulatory changes. This creates a congested regulatory landscape, with multiple and uncoordinated major infrastructure initiatives and policy developments. This ultimately impacts what the industry is able to do in terms of developing innovative consumer and market-led solutions.?

The industry needs clarity on how different infrastructure requirements will work alongside each other. We therefore strongly welcome the Bank of England’s leadership in delivering an ambitious agenda for UK payments. The discussion paper they published today highlights a number of key issues that need to be addressed to support further innovation and help bring new capabilities like tokenization to life. We are ready and willing to respond to the call to action from Governor Andrew Bailey?

Read the full blog post from Jana Mackintosh, Managing Director, Payments, Innovation & resilience, UK Finance??

?

UK national payment API framework standards and best practice?

Application Programming Interfaces (“APIs”) have seen an enormous uptick in usage in the last several years, globally, driven by regulatory directives and opportunities from Payment Services Directive Two (PSD2) onwards and the desire for Open Banking, moving towards Open Finance and beyond.?

They are a powerful tool for driving innovation, enabling businesses in the financial services industry to develop new products and services whilst providing a secure and standardised way to exchange pertinent data quickly and efficiently between both users and organisations. ?

The Standard’s Advisory Panel (“SAP”) was established by the Bank of England and Pay.UK to provide industry insights and advice on the development and adoption of new payment standards in the UK and includes members from across the payments ecosystem, standards setters, providers and users. ?

Given the opportunities and pace of innovation, to address the risks of divergence, fragmentation and discrepancies in the ecosystem when designing and implementing APIs, the Standards Advisory Panel commissioned a new best practice framework. This framework includes recommendations, covering aspects such as versioning and security when designing and implementing payment APIs in the UK.??

An industry-led group coalition, using its experience and awareness of payment API implementations, built on its knowledge of ISO-led standardisation work effort. It has now defined the Framework with both SAP and UK Finance’s Standards Engagement Forum (“SEF”) support. APIs are the norm now in the Payments industry, UK Finance, via the SEF are delighted to support the development and awareness of best practices in this space.?

We are seeking wider interest in and feedback to the Framework.???

Read the full blog post from Fiona Hamilton Standards Director, Open Banking? ?

What does rising compliance costs mean for the UK Banking sector? ?

UK financial services firms are spending ￡21.4k per hour fighting financial crime and fraud – so what happened to the promise of automation delivering greater efficiencies??

The UK’s financial crime compliance bill continues to grow, despite the strong push towards digitalisation. This could be taken as a worrying sign that automation is not delivering on its promises.??

According to the latest?True Cost of Compliance Report?from LexisNexis? Risk Solutions, spend on screening activities has risen by a third (33%) since 2021. That puts the collective annual price tag for UK banks and fintechs to comply with regulation at a staggering ￡38.4billion – equivalent to around three quarters of the UK government’s spend on defence, or put another way, the gross domestic product of Estonia.?

A closer look however, reveals a more nuanced picture.?Firm-level financial crime compliance (FCC) cost increases were largely driven by investment in technology, growing at more than twice the rate of employee-related, or other costs. Technology-related roles, for the first time, make up over half (52.4%) of all FCC recruitment and training costs, up from a third (34.1%) since 2022, as firms build teams of technologists capable of operating the technology and interpreting the outputs.?

This is clearly reflected in the levels of automation now seen across the customer due diligence (CDD) workflow.?All CDD processes in 2024 are at least two-thirds automated, with the average level at 80% and the biggest jump seen in internal investigations. This is a far cry from just two years ago when the FCA sent a warning to firms about a systemic?over-reliance on?labour-intensive manual processes and spreadsheets.??

So, where are the promised efficiency gains? Well, despite?over half (52%) of firms reporting an increase in customer numbers in 2023, leading to a big spike in onboarding activity, there was a 7% drop in KYC and IDV process costs as a share of overall FCC costs over the same period. This suggests that automation is delivering process efficiency gains at the most volume-intensive end of the CDD journey. Similar benefits were realised elsewhere in the journey too.?

Read the full blog post from Mike Normansell, Senior Manager PR and Communications, LexisNexis Risk Solutions?

?

Securing Trust: The Cornerstone of Customer Confidence in Financial Services?

For financial institutions, trust is as critical a currency as the money they manage. Clients entrust their personal and financial data to banks, investment firms, and insurance companies, expecting it not only to grow but also to be safeguarded against all forms of cyber threats.?

When it comes to cyber risk management, the financial services sector faces stringent regulations and standards. Laws such as FFIEC IT and GDPR, the SEC requirements, standards like NIS2 or DORA, and frameworks like NIST, ISO, PCI, SIG, or SOC2 have made robust security postures a mandate—and cybersecurity programmes are synonymous with nurturing customer relationships to build and maintain trust, as well as increasing accountability and transparency to executive boards, audit committees, regulators, and investors.?

Every breach is a crack in customer confidence? ?

Financial institutions face not just direct losses from theft, but also long-term reputational damage that can hinder customer acquisition, loyalty, and retention.??

Cyberattacks can also have longer lasting impacts such as damage to the organisation’s share value, increased insurance premiums, and increased audit requirements from regulators, investors, or credit lending agencies. According to the?IBM Cost of a Data Breach Report, the financial sector has one of the highest churn rates following a breach, underscoring the direct link between trust and customer loyalty. The average cost of a data breach in the financial sector is $5.9 million per incident, the second highest after healthcare.?

Proactive measures for enhanced security: prevention is better than cure?

Stepping beyond mere threat response, the cornerstone of modern cybersecurity in finance is anticipation and prevention. Cybersecurity leaders in the financial services sector must consider the following best practices:?

1. Foster transparency with stakeholders?
2. Implement rigorous access controls?
3. Regularly update and patch systems?
4. Educate and train your team?
5. Leverage audits and advanced cybersecurity analytics?

Read the full blog post from Tim Grieveson, Senior Vice President, Global Cyber Risk Advisor, Bitsight ?