Author: James Borley, Director of Payment Services
In the ongoing evolution of UK payments infrastructure, the recent publications from the Financial Conduct Authority (FCA) and the Payment Systems Regulator (PSR) (specifically their 15 January 2026 letter to the Competition and Markets Authority (CMA)), together with the associated commercial Variable Recurring Payments (cVRP) prioritisation statement, see the rebooting of open banking solutions from both the consumer and commercial perspective.
I will pause there for a moment to reflect on the continued use of ‘open banking’ as a catch-all term, which you would be hard-pressed to find defined in any legislative text. The concept was born from the confluence of the second Payment Services Directive (PSD2) and the CMA Order, requiring banks (and, indeed, non-bank payment services providers (PSPs)) to make their customers’ payment accounts accessible to authorised third party providers.
It is ironic, therefore, that these non-bank PSPs are nevertheless prohibited from using the word ‘bank’ or ‘banking’, as it is a protected term under UK legislation. This tension is further exacerbated by the latest use case for open banking, ‘Pay By Bank’. Given that many payment accounts will be provided by non-bank PSPs, that’s a tricky circle to square. But then ‘Pay By PSP’ doesn’t quite have the same ring to it.
Anyway, back to the topic at hand. If you recall, a Variable Recurring Payment (VRP) is an authorisation given to a third-party provider to make periodic, but variable, payments on a customer’s behalf in line with agreed limits. At the heart of VRPs are open banking APIs. These can enable a customer to utilise VRPs to dynamically allocate funds to different categories, ensuring you always have enough for essentials while also allowing for some discretionary expenditure. From a business perspective, VRPs offer tangible commercial benefits, such as lower transaction costs as compared to direct debits or card payments.
Regulatory Calibration
In their latest publications, the FCA and PSR have decided (for now, at least) not to prioritise a formal investigation under Chapter I of the Competition Act 1998 into the pricing arrangements proposed by the UK Payments Initiative (UKPI) for Phase 1/Wave 1 of cVRPs. This is not a dismissal of competition law concerns; rather, it defers enforcement action in recognition of the broader policy landscape.
This is a significant development. Too often in payments innovation debates, the narrative polarises into ‘regulation versus innovation’. But which drives which? This statement shows that UK regulators are comfortable with endorsing industry progress while preserving the option to revisit enforcement if conditions change. They are effectively saying “we won’t let competition law uncertainty choke off innovation, but we will keep a close watch and intervene if necessary.”
Supporting Industry-Led Solutions Within a Public Policy Framework
The cVRP prioritisation statement repeatedly references the National Payments Vision (NPV) and the anticipated legislative framework under the Data (Use and Access) Act 2025. This reflects a recognition that spinning up a new payment rail, one that has the potential to supplant or disrupt legacy recurring payment mechanisms, requires more than regulatory approval: it needs market confidence, clear rules and institutional involvement. The choice to support an industry-led, multilateral scheme demonstrates trust in commercial governance, provided that it remains aligned with broader public-policy goals.
The governance safeguards described in the statement, such as independence of the pricing committee and ring-fencing of competitively sensitive information, are a signal that regulators are seeking risk-proportionate oversight rather than command-and-control supervision.
Innovation Without Prejudice
One of the more nuanced points in both the letter and the statement is the emphasis on scope and proportionality. Regulators are explicit that the non-prioritisation applies only to Phase 1/Wave 1 lower risk use cases, not to all potential future cVRP applications.
By limiting early comfort to a defined boundary, regulators can enable controlled experimentation and market learning while avoiding blanket toleration that could entrench weak practices or anti-competitive outcomes.
It also sets the stage for a data-led regulatory progression, where real-world implementation, consumer experience and market dynamics inform future regulatory decisions. In essence, they are allowing the market to test aspects of the commercial model before regulators commit to enforcement actions or restrictions.
A Transitionary Regime
The prioritisation statement makes clear that this regulatory posture is transitional: it applies only until the legislative framework is implemented or July 2027, whichever occurs first.
This underscores another subtle but critical point. The regulators are not retreating from their competition mandate, whatever you may think. Rather, they are actively managing the choreography of policy and enforcement so that new capabilities like cVRPs have a runway to develop without the risk of being prematurely stifled by legal uncertainty.
The message is clear: develop robust governance, demonstrate real consumer value, integrate competitive safeguards and engage early with regulators.
Wider Implications for the Payments Ecosystem
Open banking in the UK has clearly entered its next phase. From its foundations (like account data sharing and basic VRPs) to commercial VRPs with multilateral pricing models, the regulatory mindset is shifting from enablement to ownership:
- Banks (and, of course, non-banks PSPs!) and data holders must prepare for a new competitive dynamic in recurring payments.
- Third-party providers should see regulatory clarity as an invitation, not a guarantee, to innovate with discipline and consumer protection front-of-mind.
- Merchants and end users stand to benefit from richer payment choices, but only if uptake aligns with trust and fair access.
For firms and compliance practitioners, the practical takeaway is to engage early, design commercial models with competition and consumer outcomes in mind, and treat regulatory dialogue as a strategic asset rather than a procedural hurdle.
The future of payments innovation in the UK depends on it.
How Complyport Can Help
The evolving regulatory landscape surrounding open banking, VRPs and competition law requires careful navigation. Firms considering participation in cVRP schemes, whether as account providers, third-party providers, fintechs or merchants, must assess regulatory permissions, governance frameworks, conduct risk exposure and competition law implications.
Complyport supports firms by:
- Advising on FCA authorisation and variation of permission requirements under the Payment Services Regulations 2017;
- Conducting regulatory gap analyses and governance reviews;
- Assisting with regulatory engagement strategies and supervisory preparedness; and
- Delivering tailored compliance frameworks aligned with FCA Principles for Businesses and Consumer Duty obligations.
To discuss how this may affect your organisation, contact Complyport and book a meeting with one of our Subject Matter Experts.
Ask ViCA, your Virtual Compliance Assistant. Claim your complimentary 20 queries today! Register here: https://vica.chat
