.png)
Our monthly regulatory updates spotlight the latest global changes shaping merchant onboarding. See how new rules impact onboarding flows, risk checks, and growth opportunities.
Global
Industry Partnership: Solidgate & Salv Partnership for Real-Time Payment Compliance
Effective Date: August 2025
Issued By: FinTech Global (Industry News Insight)
Summary:
Solidgate has teamed up with European RegTech platform Salv to strengthen security and compliance across its Treasury product as the company grows its global payments infrastructure. The partnership ensures every transaction is monitored and screened in real time, giving both regulators and customers confidence.
Key Changes:
- Real-time compliance monitoring now embedded into all Treasury transactions.
- Support for multi-currency accounts, instant transfers, virtual corporate cards, and mass payouts under enhanced oversight.
- Dedicated testing environment from Salv allows phased rollouts and close collaboration.
- Solidgate’s CFO emphasises that this partnership is critical for growing with integrity and operational security.
- Salv delivers dynamic fraud detection, risk management, and regulatory alignment for global payments.
What This Means for Merchant Onboarding:
Onboarding teams are moving toward stricter compliance and real-time transaction monitoring as industry standards evolve. This shift requires modernising fraud detection, risk scoring, and due diligence processes to meet multi-jurisdictional regulations while ensuring the merchant onboarding journey remains seamless and client-friendly.
Recommended Actions:
- Integrate Compliance: Embed real-time monitoring and fraud detection into onboarding workflows.
- Revise Risk Assessments: Use dynamic compliance and fraud tools to strengthen underwriting decisions.
- Scale Systems: Ensure IT infrastructure can handle high-volume, multi-currency, global payments.
- Stay Ahead of Regulation: Keep onboarding processes aligned with evolving regional and international rules.
How OnBoard Can Help: OnBoard delivers the same real-time compliance and transaction monitoring as Salv, but goes further by automating approvals, risk checks, and exception handling. With added features like smart forms, offer generator, and connected dashboards, it transforms onboarding into a seamless, scalable growth engine.
Source: FinTech Global
Industry Initiative: Google App Store Licensing Requirements for Crypto Wallet Providers
Effective Date: October 2025
Issued By: Google
Summary:
Google Play is introducing new requirements for crypto wallet providers in multiple regions, including the U.S., U.K., and EU. Providers must hold domestic licenses and adhere to regulatory standards to list their wallets. Non-custodial wallets are explicitly excluded from these rules.
Key Changes:
- Licensing requirement for custodial crypto wallets in the U.S., U.K., and EU.
- Clarification that non-custodial/self-custodial wallets are not impacted.
- Alignment with regional regulatory frameworks: FinCEN/MSB rules in the U.S., FCA oversight in the U.K., and MiCA registration in the EU.
- Policy effective October 2025.
What This Means for Crypto PSPs:
Custodial wallet providers must prove they are licensed in each region (FinCEN in the U.S., FCA in the U.K., MiCA in the EU), while non-custodial wallets are exempt. For crypto PSPs, this forces merchant onboarding flows to include license validation and jurisdiction-specific KYC/AML checks, adding extra steps that must be automated to prevent delays and merchant drop-off.
Recommended Actions:
- Licensing Readiness: Initiate or review processes for obtaining FinCEN/MSB, state, FCA, or CASP approvals.
- Compliance Framework: Establish robust KYC, AML, and SAR reporting systems to meet regulatory standards.
- Product Strategy: Evaluate whether integration with Google Play justifies compliance efforts, especially for decentralized wallet models.
- Ongoing Monitoring: Track updates to regional regulations, including MiCA implementation and the GENIUS Act, to maintain compliance and market access.
How OnBoard Can Help: OnBoard helps crypto wallet providers stay compliant with Google’s new licensing rules by automating KYC, AML, and KYB checks. Its reporting tools produce audit-ready reports, and dashboards give PSPs clear oversight of onboarding, reducing manual work and keeping merchants moving quickly. Book a demo today.
Source: Payments Journal
EMEA
United Kingdom
Industry Initiative: FCA Payment Safeguarding Rules Update
Effective Date: 7 May 2026 (preparatory period starts 9 months prior)
Issued By: Financial Conduct Authority (FCA)
Summary:
The FCA is strengthening protections for consumers using payment and e-money firms, introducing updated safeguarding rules to ensure customer funds are properly separated and accessible if a firm fails. These changes follow regulatory reviews of previous failures, where average shortfalls reached 65% of customer funds, and aim to increase transparency, reduce delays, and improve trust in the payments ecosystem. Smaller firms benefit from proportional requirements, including exemptions from full audits when holding less than £100,000 in client funds.
Key Changes:
- Annual audits by qualified auditors mandatory for most firms.
- Monthly reporting required to maintain oversight of safeguarded funds.
- Daily reconciliations to ensure the correct amounts are held for customers.
- Enhanced planning for potential firm failures to speed up customer reimbursements.
- Proportional measures for smaller firms, reducing regulatory burden.
What This Means for Merchant Onboarding:
Merchant onboarding processes must now include enhanced due diligence to confirm that merchants’ transaction flows support daily fund checks and compliance with the FCA’s safeguarding rules. Onboarding teams also need to assess merchant risk profiles and ensure data is integrated into compliance systems for accurate reconciliations and reporting.
Recommended Actions:
- Process Audit: Review onboarding and fund management workflows to meet FCA safeguarding standards.
- Compliance Systems: Implement automated checks for daily reconciliations and reporting accuracy.
- Risk Mitigation: Apply risk-based checks during onboarding and document contingency measures for each merchant.
- Staff Training: Ensure teams are equipped to handle updated safeguarding responsibilities.
How OnBoard Can Help: OnBoard supports merchant onboarding in line with the FCA’s safeguarding rules by enabling daily reconciliations and monthly reporting. Data is fully integrated and stored to stay audit-ready, with real-time, FCA-compliant reports that include integrity stamps, full findings, automated alerts, and seamless export to PDFs or business systems. Book a demo today to see it in action.
Source: Financial Conduct Authority
European Union
Industry Initiative: AML/CFT SupTech Adoption in EU Banking (EBA Report 2025)
Effective Date: Ongoing (progress expected throughout 2025–2026)
Issued By: European Banking Authority (industry research insight)
Summary:
European banks and supervisory authorities are increasingly using technology to strengthen AML and CFT supervision. The EBA’s 2025 SupTech Report shows nearly half of AML/CFT initiatives across EU competent authorities are already live, with 38% under development.
Key Changes:
- 47% of SupTech tools are already operational; 38% under development; 15% exploratory.
- Benefits reported include improved data quality, enhanced collaboration, and more efficient risk identification.
- Main challenges include resource constraints, legal uncertainty, and data governance limitations.
- Authorities are prioritising change management, supervisory strategy modernisation, and technology alignment to scale oversight effectively.
- SupTech adoption is positioning EU banks and regulators to implement the new AML/CFT framework more efficiently and consistently.
What This Means for Financial Institutions and Onboarding Teams:
Onboarding processes must align with evolving supervisory expectations. Institutions will need systems capable of supporting automated risk assessments, ongoing customer due diligence (OCDD), and regulatory reporting requirements. Real-time access to accurate customer and transaction data will be essential for compliance and for maintaining seamless onboarding experiences while mitigating financial crime risk.
Recommended Actions:
- Compliance Audit: Review onboarding workflows to ensure alignment with AML/CFT SupTech capabilities and regulatory reporting requirements.
- Technology Readiness: Assess internal systems for integration with supervisory technology tools and data analytics platforms.
- Process Optimisation: Embed automated KYC, KYB, and risk assessments to reduce manual errors and speed onboarding.
- Governance Alignment: Ensure data handling, monitoring, and reporting practices comply with EU AML/CFT standards and upcoming AMLA coordination.
How OnBoard Can Help: OnBoard supports financial institutions in meeting evolving AML/CFT supervisory expectations by automating KYC, KYB, and ongoing due diligence while centralising onboarding workflows. Its real-time risk engine and automated decisioning reduce manual errors, speed up merchant onboarding, and ensure accurate data is available for reporting.
Source: European Banking Authority
Industry Initiative: Digital Operational Resilience Act (DORA) Implementation 2025
Effective Date: 17 January 2025
Issued By: European Union (regulatory framework)
Summary:
DORA, effective January 2025, establishes EU-wide standards for digital operational resilience across financial services. Banks, insurers, investment firms, and other financial entities must be able to withstand, respond to, and recover from ICT disruptions, including cyberattacks and system failures. The regulation harmonises ICT risk management, third-party oversight, incident reporting, and resilience testing, ensuring a consistent approach across the sector and reducing operational vulnerabilities.
Key Changes:
- All financial entities must implement robust ICT risk frameworks and conduct regular resilience testing.
- Critical third-party providers are subject to oversight, with contractual, reporting, and monitoring requirements.
- ICT-related incidents must be classified, reported, and shared with authorities to maintain sector-wide awareness.
- DORA’s implementation spans three levels: Regulation/Directive (Level 1), regulatory and delegated acts (Level 2), and guidance on oversight and reporting (Level 3).
- Focus areas include digital operational resilience testing, ICT incident management, and oversight of third-party ICT providers (CTPPs).
What This Means for Merchant Onboarding:
Onboarding teams need to ensure processes and systems comply with DORA’s operational resilience requirements. This includes monitoring the reliability of third-party vendors, adapting workflows for robust incident response, and ensuring availability, integrity, and traceability of customer/onboarding data.
Recommended Actions:
- System Resilience Audit: Evaluate onboarding systems and workflows for ICT risks and resilience gaps.
- Third-Party Oversight: Ensure all vendors, particularly those supporting KYC, AML, and payment processing, meet DORA standards.
- Incident Management: Establish clear procedures for classifying, reporting, and responding to ICT-related incidents.
- Ongoing Compliance: Keep up with guidance and supervisory requirements, including joint testing exercises.
How OnBoard Can Help: OnBoard supports DORA compliance by providing end-to-end onboarding with centralised workflows that strengthen system reliability and audit readiness. Its workflow automation, real-time risk assessment, and integrated vendor management simplify third-party oversight, reduce errors, and ensure onboarding processes remain resilient and compliant with ICT risk standards. See this in action today.
Source: European Insurance and Occupational Pensions Authority
Industry Initiative: European Accessibility Act Implementation (EU Commission Update 2025)
Effective Date: June 2025
Issued By: European Commission (Directorate-General for Communication)
Summary:
The European Accessibility Act (EAA) harmonises accessibility requirements for products and services across the EU, removing barriers created by divergent national rules. It aims to make the single market more efficient for accessible goods while giving people with disabilities and the elderly better access to everyday services.
Key Changes:
- Standardised rules reduce compliance costs and simplify cross-border trade.
- People with disabilities and elderly users gain better access to transport, banking, education, and digital services.
- Products and services covered include computers, ATMs, ticketing machines, smartphones, TV and audiovisual equipment, telephony, e-commerce, e-books, and passenger transport.
- Preparatory documents include impact assessments, stakeholder consultations, and socio-economic studies.
What This Means for Businesses and Service Providers:
Organisations will need to adapt their products, services, and customer-facing processes to meet the standardised accessibility requirements. This involves auditing current systems, integrating accessibility features, and ensuring that both digital and physical services comply with EU-wide standards. Early preparation will be crucial for avoiding regulatory disruption and seizing competitive advantage in accessible markets.
Recommended Actions:
- System Review: Audit existing products and services for compliance with accessibility standards.
- Process Adaptation: Update customer-facing interfaces, websites, and service channels for accessibility.
- Training & Expertise: Equip teams with accessibility knowledge to manage compliance and innovation.
- Stakeholder Engagement: Consult with end-users and advocacy groups to ensure practical accessibility improvements.
How OnBoard Can Help: OnBoard helps businesses comply with the European Accessibility Act by streamlining onboarding workflows and adapting customer-facing processes for accessibility. Its smart forms, white-label design, and API-first architecture make digital applications more inclusive while automated reporting keeps firms audit-ready. Book a demo today.
Source: European Commission
America
United States
Industry Initiative: PayPal Launches Crypto Payments at Checkout
Effective Date: July 29, 2025
Issued By: PayPal
Summary:
PayPal is rolling out “Pay with Crypto” on July 29, 2025, starting in the U.S. (excluding New York). The service connects wallets from Coinbase, MetaMask, Kraken, and OKX, tapping into an estimated 650 million global crypto users. At launch, it highlights a 0.99% fee, which is about 90% lower than standard credit card charges, while positioning itself as a step toward more efficient cross-border payments.
Key Changes:
- Introduction of “Pay with Crypto,” supporting 100+ cryptocurrencies.
- Instant conversion of crypto transactions into PYUSD stablecoin or fiat at checkout.
- Merchants gain near-instant access to funds and potential yields on PYUSD balances (4% when held on PayPal).
- Complementary expansion via PayPal World, enabling cross-border payments with global wallets like UPI, WeChat Pay, and Mercado Pago.
- Strategic positioning toward inclusive, borderless commerce.
What This Means for Merchants and Payment Providers:
PayPal’s launch of “Pay with Crypto” is expected to accelerate merchant demand for crypto acceptance. For payment providers, this means onboarding flows must now support merchants who want to enable PayPal’s crypto checkout, verify wallet integrations, and adapt KYC/AML processes to cover crypto transactions. Risk assessments will also need to expand, ensuring merchants handling crypto are evaluated for fraud and volatility exposure.
Recommended Actions:
- Payment Integration: Evaluate POS and online systems for compatibility with PayPal’s crypto checkout.
- Treasury Strategy: Consider holding PYUSD balances to take advantage of yield opportunities while minimizing crypto volatility exposure.
- Cross-Border Planning: Leverage PayPal World to expand into international markets and streamline multi-currency transactions.
- Risk Management: Monitor crypto transaction volumes, conversion rates, and wallet interoperability to ensure operational and financial efficiency.
How OnBoard Can Help: OnBoard supports payment providers in onboarding crypto merchants by automating KYC/AML checks, managing risk through real-time decisioning, and using configurable workflows that adapt to any merchant profile. Its dashboards, reporting tools, and ongoing customer due diligence (OCDD) capabilities give providers continuous oversight, reducing friction and maintaining compliance as the future of crypto takes shape.
Source: Payments Journal
Industry Initiative: FinCEN Public-Private Partnership on Digital Assets Innovation & Fraud Prevention
Effective Date: Ongoing (key insights from July 15, 2025 event)
Issued By: U.S. Department of the Treasury, Financial Crimes Enforcement Network (FinCEN)
Summary:
FinCEN convened Treasury, law enforcement, financial institutions, and industry partners to drive innovation in digital assets while addressing emerging fraud and scam risks. The July 15, 2025 FinCEN Exchange highlighted trends, compliance best practices, and enforcement strategies, underlining the importance of balancing innovation with consumer protection.
Key Changes:
- Increased focus on collaboration between government, law enforcement, and private sector stakeholders.
- Emphasis on developing strategies to detect, prevent, and report suspicious activity in digital asset transactions.
- Guidance for financial institutions to remain current with evolving risks, supported by FinCEN advisories and industry best practices.
- Alignment with Executive Order 14178, reinforcing U.S. leadership in digital financial technology.
- Strengthened dialogue on compliance measures and consumer protection as adoption of digital assets grows.
What This Means for Digital Asset Onboarding:
Onboarding teams in financial institutions must prepare for enhanced scrutiny and compliance expectations. This includes adapting KYC, AML, and fraud detection workflows to cover digital assets, ensuring reporting readiness, and maintaining robust internal controls in line with FinCEN guidance.
Recommended Actions:
- Compliance Audit: Review current onboarding and transaction monitoring processes for coverage of digital asset risks.
- Vendor Strategy: Ensure technology partners support real-time fraud detection and regulatory reporting.
- Infrastructure Readiness: Maintain scalable systems capable of handling increased digital asset volumes and complex transaction patterns.
- Regulatory Alignment: Stay updated on FinCEN advisories, public guidance, and industry trends in digital asset compliance.
How OnBoard Can Help: Onboard end-to-end onboarding platform supports financial institutions and payment providers in the digital asset ecosystem by automating KYC, KYB, AML, and ongoing due diligence. Its intelligent decision engine, smart dashboards, and contract generation tools enable faster, compliant onboarding while reducing friction and aligning with evolving regulatory guidance such as FinCEN’s.
Source: FinCEN
Australia
Industry Initiative: AUSTRAC Remittance Business Registration Review (2025)
Effective Date: Ongoing (major compliance actions expected by late 2025)
Issued By: AUSTRAC (regulatory enforcement update)
Summary:
AUSTRAC is intensifying scrutiny of independent remittance businesses, encouraging inactive providers to voluntarily deregister or face cancellation. With over 900 businesses currently registered, a significant portion appear dormant, raising concerns about potential criminal exploitation and public confusion over legitimate providers.
Key Changes:
- Inactive remitters are urged to withdraw registration or risk AUSTRAC-initiated cancellation.
- Dormant registrations can mislead the public and be exploited for illicit activity.
- AUSTRAC considers remittance services high-risk due to cash handling and cross-border transfers.
- Businesses must maintain up-to-date ownership and activity information to remain compliant under the Anti-Money Laundering and Counter-Terrorism Financing Act.
- Consumers are advised to verify providers via AUSTRAC’s remittance sector register.
- Previous digital currency sector blitz saw 22 voluntary withdrawals and 100 cancellations pending.
What This Means for PSPs:
Payment service providers must ensure all registered remittance partners are active and compliant. Onboarding, risk monitoring, and operational verification processes may need updating to prevent association with dormant or fraudulent entities.
Recommended Actions:
- Business Status Audit: Confirm operational activity for all remittance partners.
- Registration Management: Keep AUSTRAC records current for ownership and activity.
- Internal Controls: Strengthen monitoring to reduce exposure to misuse.
How OnBoard Can Help: OnBoard helps PSPs comply with AUSTRAC’s remittance requirements by automating onboarding with smart forms that capture ownership and activity details. Its KYC, KYB, AML, and OCDD checks verify partner activity, while the risk engine highlights dormant or suspicious entities. Built-in reporting and portfolio management keep records up-to-date.
Source: AUSTRAC
Industry Initiative: Identity Verification Services Modernisation (Identity Verification Act 2023)
Effective Date: Ongoing (full rollout expected over the next two years)
Issued By: Attorney-General’s Department (government legislative update)
Summary:
Australia is modernising its identity verification framework following the Identity Verification Services Act 2023, effective from 7 December 2023. The Act establishes secure, fast, and private verification through the Document Verification Service (DVS) and Face Verification Service (FVS), aiming to reduce identity crime and enable more online service delivery. Early adoption in Tasmania, Victoria, and South Australia is paving the way for a phased national rollout, with full implementation expected over the next two years.
Key Changes:
- The DVS now allows organisations to verify 14 types of identity documents, including birth certificates, driver licences, and Medicare cards.
- FVS access is currently limited to immigration documents and passports, with expansion under consideration.
- States are providing secure access to driver licence data under a phased intergovernmental agreement.
- Identity verification results are delivered almost instantaneously, without storing sensitive documents.
- The system is explicitly designed to prevent mass surveillance and real-time monitoring in public spaces.
- Identity crime mitigation is a core objective, protecting Australians and reducing community costs associated with fraud.
What This Means for Organisations:
Businesses and government entities need to integrate secure verification processes into customer onboarding flows while maintaining compliance with privacy regulations. This includes adapting internal systems to connect with DVS and FVS APIs, updating data handling policies, and preparing staff for enhanced verification protocols.
Recommended Actions:
- System Integration: Audit current onboarding and verification systems for compatibility with DVS/FVS APIs.
- Privacy Compliance: Ensure secure handling, encryption, and deletion of verification data.
- Process Optimisation: Streamline identity checks to reduce friction while maintaining accuracy.
- Risk Management: Update fraud detection and reporting mechanisms in line with legislative requirements.
How OnBoard Can Help: OnBoard streamlines onboarding during upgrades to identity verification systems, offering a single platform for the entire customer lifecycle. Automated KYC, KYB, and ongoing due diligence integrate with DVS and FVS, reducing errors and accelerating processes. Features such as risk assessment, workflow automation, and centralised project tracking make it easier to comply with legislative requirements while improving operational efficiency. See this in action today.
Source: Attorney-General’s Department
Industry Initiative: APRA Expanded Informed Consent Requirements
Effective Date: Ongoing (Privacy Act obligations already in force; APRA’s CPS 230 takes effect 1 July 2025, strengthening governance around third-party use of customer data).
Issued By: Office of the Australian Information Commissioner (OAIC) & APRA
Summary:
Regulators are moving away from vague, catch-all privacy notices toward granular, explicit disclosure of personal information use. Under the Privacy Act (APP 5 & APP 6) and APRA’s prudential standards (CPS 230 & CPS 234), businesses must now give customers clear, specific information about what personal data is collected, who it is shared with, and for what purpose.
Key Changes:
- Generic statements like “we may share your personal information with third parties” are no longer acceptable.
- They must identify the specific parties or categories of third parties receiving the data, such as identity verification providers, payment gateways, fraud detection services, or cloud hosting providers.
- They must explain the purpose of data sharing in plain, understandable language.
- Institutions must maintain a register of material service providers, include strong contractual provisions for risk and resilience, and conduct regular due diligence and monitoring.
What This Means for Organisations:
Payments is a highly regulated, data-intensive sector, and onboarding processes often involve extensive third-party checks. KYC/AML workflows typically pass personal data to providers like the Document Verification Service (DVS) and credit bureaus. Under the new consent expectations, firms must spell out exactly what PII is shared, with whom, and why. This requires updates to consent forms, privacy notices, and customer onboarding processes.
Recommended Actions:
- Update Privacy Notices: Ensure they list specific data fields collected and detail where and why each is shared.
- Revise Consent Forms: Remove broad, bundled statements and replace them with granular, service-specific disclosures.
- Map Data Flows: Document all third-party data recipients across the onboarding process.
- Third-Party Risk Reviews: Conduct regular due diligence and monitoring of third-party providers. Contracts must include privacy obligations (APP 5.2(f), APP 6), and CPS 230 requires board oversight of risk controls and resilience.
How OnBoard Can Help: OnBoard makes compliance with informed consent requirements simpler by mapping customer data flows, capturing and storing explicit consent records, and presenting clear, user-friendly onboarding forms. Automated workflows ensure that every disclosure is transparent, traceable, and audit-ready, building customer trust while keeping providers aligned with APRA and Privacy Act expectations.
