Thistle Logo

Generic filters
Payment Services

Technology has transformed the payment services industry in recent years. Online and mobile payments now offer consumers real alternatives. But newer payment services providers (PSPs) have often found the banks’ traditional monopoly tough to break.

The EU recognised this in January 2018 when it introduced its revised Payment Service Directive (PSD2), part of whose purpose was promoting innovation and improving market access for PSPs.

Acknowledging the heightened security risk in the payment services arena created by the ‘growing technical complexity of electronic payments’, PSD2 brought in stricter new requirements around:

    • Security of electronic payments
    • Transparency of conditions and information from PSPs
    • The rights and obligations of users and providers of payment services

The FCA now requires all applicants seeking authorisation as PSPs to provide evidence of robust IT security policies and procedures – and a detailed risk assessment.

The FCA’s recent temporary additional guidance on safeguarding requirements stipulates that all EMIs and those payment services firms that must comply with Companies Act 2006 auditing requirements must undertake, on at least an annual basis, an audit with another independent external firm or consultant who has the appropriate specialist skill in auditing compliance with the safeguarding requirements under the PSRs/EMRs, taking into account the nature and scale of the firm’s business. Our expert payments services team are able to provide the support necessary for firms to comply with these latest requirements.

Our Payment Services team has in-depth knowledge of the regulatory compliance requirements facing PSPs. We apply our experience and expertise to create a service tailor-made to your precise needs.

Download our Payment Services flyer here.

Among the firms we work with are:

Among the many ways we can help PSPs are:

FCA applications

Applying for authorisation as a payment service provider (PSP) requires submitting a wide array of documentation. This includes a regulatory business plan, a suite of compliance policies and procedures, and an IT security risk assessment. We can provide template documents and work with you to tailor these to your specific circumstances. We can also carry out a gap analysis on your current policies and procedures – and help you address any action points identified.

Safeguarding audit 

Our FCA safeguarding audit services help your firm comply with its mandatory requirement to undertake a safeguarding audit. This requirement applies to any authorised payment institutions and e-money firms who are required to audit their annual accounts under the Companies Act 2006.

We anticipate that the regulator will be undertaking continuous and thorough supervisory checks to ensure firms remain compliant with FCA safeguarding requirements. Its 2020/21 business plan specifically identified payment services and e-money firms as among its top priorities, so scrutiny is likely to be intense. Learn more about our safeguarding audit services.

Small payments institutions registration

We can help with your registration as a small payment institution (SPI or small PI) and ensure you’re up to date with your regulatory requirements.

REP018 submissions

We can provide payment service providers with effective support and guidance on completing and submitting REP018 operational risk reports.


We have extensive experience of auditing firms in the payment services space – whether on compliance issues generally, or specifically in areas such as safeguarding, complaints policies and procedures, or training programmes. In line with EBA and FCA guidance, we can provide services such as an extensive audit of a firm’s safeguarding framework procedures as well as the firms wider compliance requirements.

Financial crime policy and procedures

Working closely with our Financial Crime team can help PSPs update their policies and procedures in line with a risk-based approach, as required by the Money Laundering Regulations 2017.

Limited Network Exclusion (LNE) and Electronic Communication Exclusions (ECE)

We are able to assist firms that are required to report to the FCA under Payment Services Regulations, even where the firm is not FCA regulated. These include the Electronic Communication Exclusion auditing requirements for telecoms businesses and the FCA’s reporting obligations on payments and e-money firms under the Limited Network Exclusion.

Regulatory returns

If you’d like help submitting regulatory returns via RegData (the FCA’s online system for collecting and storing regulatory data from firms), we can also help with this.

We’re always happy to hear from businesses operating in this space. So if there’s anything at all you’d like some help, advice or support with, please don’t hesitate to get in touch.

Contact us on 0207 436 0630 or email

Popular Services

Services we offer:

We operate in:

    Get in touch

    Choose an area of expertise*

    Latest Blog

    HM Treasury June update: Buy-Now Pay-Later (BNPL) products
    June 20, 2022

    New Payments Architecture

    Latest News

    Thistle Initiatives supports Wren Sterling Financial Group to acquire Mutual Financial Management

    Finance Digest: ESG investing – what is the regulatory position in 2022?
    April 7, 2022

    “The Payment Service Team at Thistle really helped making a difficult process, so much easier. Thank you for all your help.”

    Caroline Plambeck / jumblebee

    “Thistle helped us to become registered as an Account Information Service Provider (AISP) with the FCA. They were highly proactive and provided detailed guidance and feedback on what was a complex application process. Our caseworker Shazana was experienced and always available to answer any questions we had. We would not hesitate in using Thistle again for any of our compliance needs.”

    Glenn Drake / QuickFile

    “We used Thistle Initiatives to handle our Payment Services compliance obligations namely re-authorisation of SPI licence. Very professional service. Kept us informed step by step and assisted with all documentation. Many thanks to Nadia Lemard and her team. I would definitely put Thistle on your ‘short list’ of potential compliance consultants.”

    Geoff Tully / Senit Remittance Ltd

    “Thistle Initiatives provided professional support and guidance to achieve Orient Exchange’s Small Payments Re-Registration. Thank you for your assistance.”

    Kishore Lalwani / Orient Exchange