This Week in Compliance Vol. 14

What's been occupying our compliance attention lately? Here's a rundown of notable updates in the world of payments from the past weeks.

CFPB to Reassess Open Banking Rule

The U.S. Consumer Financial Protection Bureau (CFPB) is preparing to revisit its recently finalized open banking rule, marking a significant policy reversal under the Trump administration. The rule, introduced in October, aimed to give consumers greater control over their financial data by allowing them to direct banks to share it with third-party providers. However, the move introduces fresh regulatory uncertainty for fintechs and data aggregators, with broader implications for innovation, liability, and access in the open finance ecosystem. Legal challenges have already been filed, and the rule now faces potential amendment or repeal.

ECB Delays Non-Bank PSP Access to Target Payment Systems

The European Central Bank has postponed the implementation of its policy granting non-bank payment service providers (PSPs) access to the Target settlement systems. Originally scheduled for April 2025, the rollout has been delayed by six months due to legislative transposition issues in several EU countries. The policy, linked to the Instant Payments Regulation, aims to open up T2 and TIPS systems to non-bank PSPs.

While the delay is procedural, it slows momentum toward a more competitive EU payments market. Broader access could drive innovation and instant payment adoption, but legal alignment across member states remains a barrier to timely progress.

1.2 Million UK Customers Affected by February Bank Outages

Over 1.2 million customers were affected by a major IT disruption across four UK high street banks—Lloyds, TSB, Nationwide, and HSBC—on February 28, coinciding with the country’s main payday. Many were unable to access their wages, and customer support lines were overwhelmed, with HSBC reporting average wait times of two hours.

According to letters submitted to the House of Commons Treasury Committee, the banks have begun compensating affected customers and upgrading systems to prevent recurrence. Lloyds, the worst-hit, saw 700,000 customers impacted but challenged the use of the term “outage.” No fraud incidents were reported, though the Treasury Committee continues to investigate broader patterns in banking service disruptions.

Spectacular Money Laundering Case Continues to Haunt Nordea

The high-profile money laundering investigation involving Nordea Bank continues to unfold, years after Danish police first raided its Copenhagen headquarters in 2017. The initial charges stemmed from violations of the Money Laundering Act, with investigators seizing documents linked to the bank’s failure to report suspicious activities.

The core of the case centers on Nordea’s International Branch at Vesterport, where billions of kroner were transferred by so-called “eastern customers.” Authorities allege that these transactions were suspicious and not properly flagged to Danish regulators. A second police raid in 2019 suggested the bank withheld information during the initial search, escalating the severity of the case.

Nordics and Estonia Advance Offline Payment Systems for Crisis Resilience

Finland, Sweden, Norway, Denmark, and Estonia are jointly developing offline card payment systems to ensure payment continuity during internet outages, including those caused by sabotage. The initiative responds to rising geopolitical risks, such as cyberattacks and undersea infrastructure damage in the Baltic region. Officials emphasize the need for local transaction processing capabilities, particularly in highly digital economies like Finland, where cash use is minimal.

Sweden targets a nationwide rollout by July 2026, while Norway and Denmark have launched early-stage versions. The project also highlights Europe’s dependence on US-based payment networks like Visa and Mastercard, prompting calls for diversified infrastructure. Complementary efforts include reserve account systems in Finland and ongoing development of the digital euro by the ECB, all aiming to boost the region’s financial stability against hybrid threats.

ESMA Publishes Supervisory Guidelines to Tackle Market Abuse Under MiCA

On April 29, 2025, ESMA released new guidelines to help National Competent Authorities (NCAs) prevent and detect market abuse under the Market in Crypto Assets Regulation (MiCA). Drawing on experience from the Market Abuse Regulation (MAR), the guidelines address crypto-specific challenges, including cross-border activity and the influence of social media on trading behavior.

The guidelines promote risk-based, proportionate supervision and encourage collaboration among NCAs to foster a consistent approach to crypto oversight. They will apply three months after official publication in all EU languages, but ESMA recommends early adoption. NCAs must report their compliance stance within two months of full publication.

At spektr, we understand that keeping up with regulatory changes and maintaining compliance can feel overwhelming. Let's have a chat about your compliance needs and how we can customize solutions to match your unique business requirements!