Payments challenges in financial services regulatory compliance

Explore challenges, regulatory pressures and actions to take.

The disruptions that affected all industries in 2020 will forever reshape the financial services industry. With such changes come regulatory and public policy challenges and concerns, which in 2021 will begin to inform the future, altering our view of the course to take. 

Here, from the KPMG report Ten key regulatory challenges of 2021, we share insights related to payments.


The rapid pace of change in the payments industry, including innovative technology, entry of non-traditional payments providers into mainstream markets, and the rise of digital currencies has led to  corresponding shifts in customer demand that have upended business organizations and delivery models. As financial institutions across the payments value chain seek to adapt to these changes, they find themselves in increasing competition, and in shifting partnerships with FinTechs, non-banks, and some of the country’s largest retailers. Customers find themselves with more options than ever before and are consistently on the lookout for new services that enable them to make payments faster and at lower cost. In turn, regulators are continuing to focus on the need to protect consumers and are evaluating options to balance promotion of responsible innovation with enhanced oversight.

Regulatory pressures

Regulatory jurisdiction and supervision. The current regulatory regime has not yet adapted to the increase in both the number and type of firms providing payments services, resulting in inconsistent regulatory frameworks for some entities, and a dearth of regulation for others (refer to Expanded Regulatory Authority section within the document below). Federal and State regulators are both seeking chartering authority on a number of fronts, and standardization of requirements across jurisdictions where feasible. However, each continues to expect firms to apply traditional expectations around anti-money laundering, consumer protection (refer to Consumer Protection section within the document), dispute resolution, privacy, and safety and soundness when offering innovative payments services.

Resiliency during COVID-19. The technological advances made in the payments industry prior to COVID-19 have kept payments services accessible during this time of unprecedented lockdown and financial upheaval. Digital banking, contactless card use, and mobile payments have all experienced significant growth; this shift in consumer behavior is expected to be prolonged and likely permanent. As firms continue to develop innovative payments offerings, regulators will have a renewed focus on the risks associated with the development and offering of new products, services, delivery and payment channels, and impact on related processes such as funds availability, fee disclosures, error resolution, and technology controls. Regulators will expect risk and regulatory compliance integration throughout the product development lifecycle, including through the transition to “business-as-usual” processes.

Inclusion and access. The shift to digital payments has in many ways made payments more accessible to populations that may have been excluded in the past due to lack of proximity to physical locations, mobility issues, or the high cost associated with traditional payments methods. However, many populations are still at risk of being left out, including those with no or inconsistent internet access, who are unfamiliar with how to use newer technology, and who have disabilities and need accommodations. Further, regulators continue to focus on the need to mitigate bias and disparate treatment when developing new products and services and the associated roll-out strategies. 

Advancement of cryptoassets and digital assets. While the role of regulators, governments, and central banks in virtual currency remains uncertain and evolving, collectively they have expressed concern about the array of risks cryptoassets may pose to both consumers and financial institutions. It will be imperative for firms to have a robust regulatory change management process in place to stay in tune with upcoming industry changes that are likely to yield new monetary policies and regulatory requirements aimed at protecting consumer information, advancing financial inclusion, and promoting financial stability both in the U.S. and globally.

Speed of compliance. The payments industry continues to drive towards providing faster, cheaper, and more transparent payment services. Compliance processes, particularly related to custody, know your customer, anti-money laundering, and fraud are often operating at a much slower pace, and are challenged by the volume and speed of the money movement (refer to Compliance Risk and Fraud and Financial Crimes sections within the document below). Faster payments processes will also need to be balanced with careful management of the collection, use, and safeguarding of customer data to mitigate against improper disclosure and misappropriation. Firms will need to invest in the modernization of their compliance departments, including third party risk management, to meet these growing challenges, which may prove difficult for firms already investing heavily in service delivery.

7 actions to take

  1. Leverage regulatory sandboxes, no action letters, and other guidance to develop and pilot innovative payments solutions to assess feasibility of larger scale rollouts.
  2. Integrate compliance within digital payments strategy to facilitate upfront assessment of applicable regulatory requirements and testing of associated controls.
  3. Evaluate strategies and approach for financial inclusion to support identification of target customer audience and achievement of corporate growth goals.
  4. Assess the timing and cost of replacing outdated core banking systems, and consider the acceleration of other technology initiatives to contribute to a more flexible and resilient payments infrastructure.
  5. Automate compliance risk mitigation activities, particularly those impacted by a growing customer base and increased transaction volumes. 
  6. Implement an enterprise-wide approach to third party due diligence that includes risk assessments and ongoing monitoring.
  7. Monitor regulatory and policy changes and current events to enable real-time responses.

Amy S. Matsuo

Amy S. Matsuo

Regulatory and ESG Insights Leader, KPMG US

+1 919-664-7100
Chad Polen

Chad Polen

Advisory Managing Director, FS Regulatory & Compliance Risk, KPMG US

+1 412-208-6144