Exact matches only
Search in title
Search in content
Search in comments
Search in excerpt
Filter by Custom Post Type
Payment Services

Technology has transformed the payment services industry in recent years. Online and mobile payments now offer consumers real alternatives. But newer payment services providers (PSPs) have often found the banks’ traditional monopoly tough to break.

The EU recognised this in January 2018 when it introduced its revised Payment Service Directive (PSD2), part of whose purpose was promoting innovation and improving market access for PSPs.

Acknowledging the heightened security risk in the payment services arena created by the ‘growing technical complexity of electronic payments’, PSD2 brought in stricter new requirements around:

  • Security of electronic payments
  • Transparency of conditions and information from PSPs
  • The rights and obligations of users and providers of payment services.

The FCA now requires all applicants seeking authorisation as PSPs to provide evidence of robust IT security policies and procedures – and a detailed risk assessment.

The European Banking Authority (EBA) recently stipulated that PSPs’ security measures should be audited by an operationally independent individual with expertise in both IT security and payments. The EBA guidance also specified that the frequency and focus of such audits should be appropriate to the risks a firm faces.

Thistle’s Payment Services team has in-depth knowledge of the regulatory compliance requirements facing PSPs. We apply our experience and expertise to create a service tailor-made to your precise needs.

Among the firms we work with are:

Among the many ways we can help PSPs are:

FCA applications

Applying for authorisation as a payment service provider (PSP) requires submitting a wide array of documentation. This includes a regulatory business plan, a suite of compliance policies and procedures, and an IT security risk assessment. We can provide template documents and work with you to tailor these to your specific circumstances. We can also carry out a gap analysis on your current policies and procedures – and help you address any action points identified.

Small payments institutions registration

We can help with your registration as a small payment institution (SPI or small PI) and ensure you’re up to date with your regulatory requirements.

REP018 submissions

We can provide payment service providers with effective support and guidance on completing and submitting REP018 operational risk reports.


We have extensive experience of auditing firms in the payment services space – whether on compliance issues generally, or specifically in areas such as IT systems, complaints policies and procedures, or training programmes. In line with EBA guidance, we can meet regulatory testing framework requirements by auditing jointly with an operationally independent individual with expertise in IT security and payment services.

Financial crime policy and procedures

Working closely with Thistle’s Financial Crime team, can help PSPs update their policies and procedures in line with a risk-based approach, as required by the Money Laundering Regulations 2017.

Limited Network Exclusion (LNE) and Electronic Communication Exclusions (ECE)

We are able to assist firms that are required to report to the FCA under Payment Services Regulations, even where the firm is not FCA regulated. These include the Electronic Communication Exclusion auditing requirements for telecoms businesses and the FCA’s reporting obligations on payments and e-money firms under the Limited Network Exclusion.

Regulatory returns

If you’d like help submitting regulatory returns via Gabriel (the FCA’s online system for collecting and storing regulatory data from firms), we can also help with this.

We’re always happy to hear from businesses operating in this space. So if there’s anything at all you’d like some help, advice or support with, please don’t hesitate to get in touch.

Contact us on 0207 436 0630 or email

Popular Services

Sector Services

Contact Us

Choose Sector*

Latest Blog

FCA portfolio strategy letter sent to authorised payment institutions & e-money issuers
July 10, 2020

Are you familiar with the SM&CR implementation periods for solo-regulated firms?
July 3, 2020

Latest News

New Compliance Star website launch
February 14, 2020

T-CNews: SM&CR and the leaders of the future
January 30, 2020

“The Payment Service Team at Thistle really helped making a difficult process, so much easier. Thank you for all your help.”

Caroline Plambeck / jumblebee

“Thistle helped us to become registered as an Account Information Service Provider (AISP) with the FCA. They were highly proactive and provided detailed guidance and feedback on what was a complex application process. Our caseworker Shazana was experienced and always available to answer any questions we had. We would not hesitate in using Thistle again for any of our compliance needs.”

Glenn Drake / QuickFile

“We used Thistle Initiatives to handle our Payment Services compliance obligations namely re-authorisation of SPI licence. Very professional service. Kept us informed step by step and assisted with all documentation. Many thanks to Nadia Lemard and her team. I would definitely put Thistle on your ‘short list’ of potential compliance consultants.”

Geoff Tully / Senit Remittance Ltd

“Thistle Initiatives provided professional support and guidance to achieve Orient Exchange’s Small Payments Re-Registration. Thank you for your assistance.”

Kishore Lalwani / Orient Exchange