Payments and Crypto: 2023 Regulatory Challenges

Insights on regulatory authority and guardrails; instant payments and controls; and disputes, complaints and claims

"The ever-evolving risk and regulatory landscape means that companies must constantly remain well-informed, nimble and measured. They must look to address these new and emerging risks within appropriate risk appetites and via a robust control environment. They also must ensure clear and consistent reporting to a myriad of stakeholders and across a varying (and growing) set of risks."  —Nancy Luquette, Chief Risk Officer, S&P Global


Expanded use of digital payments and crypto and digital assets in combination with broader acceptance of faster payments networks increase the need for defined regulatory authority around key risk areas—all companies in the digital ecosystem must ensure effective controls to mitigate these risks.

Explore here insights on Payments and Crypto from the KPMG report Ten key regulatory challenges of 2023.


Regulatory authority and guardrails

Agencies will continue to warn on the risks and look to establish more codified authority and guardrails within the payments and digital asset space. Topics will range from payment stablecoins and central bank digital currencies (CBDCs) to regulatory authorities and frameworks and financial stability risks.

Congress will likely be asked to consider legislation in several areas around digital assets based on agency recommendations, including legislation that would:

  • Grant clear regulatory authorities, including rulemaking, examination, and enforcement for crypto assets to financial regulators (including CFTC and SEC), and in particular around spot markets for “non-security” crypto assets.
  • Authorize the issuance of a U.S. CBDC.
  • Establish a federal prudential framework for payment stablecoin issuers, addressing market integrity, investor and consumer protection, and payment system risks.
  • Establish federal oversight over custodial wallet providers and other affiliates or subsidiaries of crypto-asset entities.

Congressional and agency inquiries and investigations will also increase in the payment space, as innovation continues and more non-traditional and retail players enter the market.

Regulators will use existing regulatory and supervisory authorities to address current and emerging risks related to digital assets, and regardless of whether additional authority is granted by Congressional action:

  • Banking regulators (FRB, FDIC, and OCC) will permit banks to engage in certain crypto asset, stablecoin, and distributed ledger activities upon review of their safety and soundness, financial stability risks, and consumer protections, and receipt of a non-objection from their primary regulator.
  • SEC will work to register and regulate crypto assets that are securities, related issuers, platforms and exchanges, and offers and sales, as well as ensuring compliance with disclosure requirements.
  • CFTC will work towards similar registration and regulation for crypto-asset derivatives and associated entities.
  • Registration and regulation will require a framework to address key risk areas, including consumer and investor protections (e.g., fraud, theft, privacy, access, disclosures, custody), financial crimes (e.g., AML/CFT, sanctions), and payments activities (including stability of stablecoin structure).

Instant payments and controls

Given the expanded regulatory attention to real-time payments and to the use of digital assets, regulators will be particularly focused on:

  • Data security
  • Network and service reliability
  • Liquidity sufficiency
  • User experience (ease of interface and payment processes)
  • Dispute and resolution attainability
  • Consumer protection, including account holds/freezes and access to payments/funds
  • Fraud and financial crime mitigation, including due diligence (KYC), BSA/AML/CFT, and reporting

Similarly, regulators have indicated a sharpening focus on payments-related areas, such as:

  • Peer-to-peer (P2P) payments
  • Non-bank platforms and services (e.g., fintechs and retailers)
  • New digital products
  • Distributed ledger (or “blockchain”) technology as a potential replacement to traditional payments clearing
  • Access to the Federal Reserve Bank accounts and payments services (e.g., novel charters)

FedNow Service. The FedNow Service, the FRB’s real-time payment system, is expected to launch in mid-2023, and will be accessible to financial institutions of any size that are members of Federal Reserve System. It will serve as an alternative to the existing private-sector real-time payments system (i.e., The Clearing House RTP (Real-Time Payments) network) and is intended to address concerns about economic security should the single service become unavailable.

The Department of the Treasury has recommended that the U.S. government consider the following actions with regard to instant payments:

  • Promote development and use of innovative access technologies to facilitate greater consumer access and use (including standards for interoperability, public-private partnerships, and expanded eligibility).
  • Support government use of instant payment systems, especially in areas such as distribution of disaster, emergency, or other government-to-consumer payments that could potentially provide more rapid support for underserved communities.
  • Establish a federal payment framework for nonbank payment providers that would complement existing federal requirements, including consumer protection and AML/CFT, providing a potential pathway for nonbank payment providers to participate directly in instant payment systems. 

Disputes, complaints and claims

Regulators, state AGs and Congressional members are paying close attention to how companies’ handle consumer and investor disputes, complaints, and claims related to payments.

  • Key areas of ongoing regulatory interest include:
  • Procedures and governance, including processes around account holds and freezes.
  • Customer communication protocols (outreach, follow-up, and resolution).
  • The application of account credits.
  • Analytics and reporting, including root cause and disparity analyses.
  • Timeliness to remediation and resolution.
  • Evidence of analyses informing changes to processes, procedures, or controls.

Regulators and enforcement agencies will utilize disputes, complaints and claims data to help guide examinations and investigations, as well as support enforcement allegations.  Financial institutions will be expected to have robust programs in these areas that both mitigate fraud risks and are demonstrably favorable to consumer protections. 


Call to action: Payments and Crypto

☑  Develop capability assessments for digital asset product offerings and operations, as well as for risk and compliance frameworks adequate for the proper licensing, registration, issuance, and/or use of digital assets

☑  Establish and enhance internal risk policies, procedures, and controls for digital assets and payments, including analyzing risk profiles, customer due diligence (KYC) operations, BSA audit programs, and AML/CFT programs

☑  Produce actionable and relevant digital asset information for board and senior management reporting

☑  Understand how data is being used and monetized and whether any behavioral targeting may be inconsistent with customer expectations

☑  Evaluate existing regulatory change management framework and ensure integration of appropriate risk partners in strategy discussions, development, and regulatory approvals, as needed




Ten Key Regulatory Challenges of 2023

Read our report for client perspectives, regulatory recaps, and actionable steps to help mitigate risk.

Connect with us

Amy S. Matsuo

Amy S. Matsuo

Principal and National Leader, Regulatory Insights, KPMG US

+1 919-244-0266
Damian Plioplys

Damian Plioplys

Principal, Advisory, FS Risk, Regulatory & Compl, KPMG US

+1 212-872-7959
Chad Polen

Chad Polen

Partner, Advisory, FS Risk, Regulatory & Compl, KPMG US

+1 412-208-6144

Explore all: Ten Key Regulatory Challenges of 2023

Subscribe to our mailing list to receive our Regulatory Alerts and Points of View.