In an era of relentless regulatory change, the payments industry finds itself at a crossroads. A staggering 91% of respondents to Bottomline’s annual ‘The Future of Competitive Advantage in Banking and Payments’ survey admit it will be “very challenging or challenging” to remain compliant over the next 12 months. Yet, as two industry leaders argued during the recent Sibos panel ‘Compliance and Regulation: A Catalyst for Digital Payments Modernisation, regulation need not be the villain - it can be a driver for innovation.
“Regulation can be a friend and not a foe,” said Yulia Baynham, Director at PwC’s Financial Consulting Practice. Both Baynham and Manit Mehra, Managing Director at Accenture’s Financial Services practice, were forthright in reframing compliance as a strategic opportunity rather than a burden during the Bottomline-led session.
The ISO 20022 Tsunami and Instant Payments Deadline
The migration to ISO 20022 has dominated the regulatory horizon. “Since March 2023, there’s been a drive to move to this standard,” notes Mehra. High-value systems like Europe’s Target2, the U.K.’s CHAPS Payments, and the U.S. FedWire have already migrated to ISO 20022. But the real crunch comes in low-value payments in Europe. “The SEPA Instant Mandate deadlines for the EU happened in January and October 2025, while Faster Payments in the U.K. still runs on ISO 8583,” he said. Additionally, Switzerland and Liechtenstein must juggle the discontinuation of the euroSic system by the end of December 2027 which provides efficient and secure links to the TARGET2 RTGS system, as well as to the German and pan-European EMZ and STEP2 bulk payment systems.
Even more immediate is Swift’s hybrid address mandate. “Post-22 November 2026, if you don’t have a hybrid address - town and country for every cross-border or Swift payment, the schema simply won’t allow it,” Mehra explains. Structured or hybrid addresses are mandated for CHAPS in November 2026, and the deadline for mandatory structured remittance information for CHAPS in the U.K. is November 2027.
Yet Baynham cautions against treating ISO 20022 as a tick-box exercise. “Most banks have focused on being technically ready, but they still need to maximise that rich, structured data. Structured addresses will be a great benefit.”
Cross-Border Harmonisation: The G20 Blueprint
The G20’s cross-border payments roadmap sets ambitious targets: by 2027, most payments should cost no more than 1%, with none exceeding 3%. “There’s a lot of effort being made to harmonise,” says Baynham. “ISO will help with common standards, but meeting the G20 cross-border payment objectives will drive real change.”
One glaring gap is fraud intelligence. “You have local fraud databases, but no harmony around a central fraud database for cross-border,” Baynham laments. “That should be addressed.”
Mehra advocates a layered approach: “A common framework as a core, then add best practices from certain regions as an overlay—that seems the optimum solution.”
Resilience in a Fragile World
Outages are no longer theoretical. “Over the last two years in the U.K., there were 158 IT outages at major banks - 33 days where customers collectively couldn’t access banking or payments,” Baynham reveals. The response? Regulators are mandating embedded resilience.
Mehra expands the definition beyond IT redundancy. “In today’s world of geopolitical conflict, it’s about alternative network rails.” Banks and payment service providers (PSPs) now route euro payments via both Euro1 and Target2; U.K. institutions divert urgent traffic from Faster Payments to CHAPS if needed. Even central infrastructures are preparing: “The Bank of England is looking at networks beyond Swift - potentially APIs,” he says.
Baynham urges institutions to “know your payment flows end-to-end, from customer touchpoint, to plumbing, to beneficiary. Understand data lineage, points of contention, and where contingency can be applied.”
Compliance as Innovation Engine
Historically, compliance has been back-office drudgery. No longer. “We’re seeing regulation move from back office to front office,” Mehra observes. “There are now strategic compliance officers sitting at the product development table.”
Baynham sees legacy infrastructure as ‘the silver lining.’ “This is your opportunity to speak to the board and get budgets. Think strategically, modernise so you can adapt quickly, not only to future regulations but to competitors and fintechs who are SaaS or cloud native.”
It is important to highlight the real-world impact of regulation. For instance, Confirmation of Payee (CoP) in the U.K. was initially seen as a hurdle by PSPs. But the reduction in authorised push payment (APP) fraud has been massive - saving reputational damage and cost, while creating customer loyalty. “Bottomline now has customers who aren’t even mandated for either CoP or Verification of Payee (VoP) in Europe volunteering to sign up ASAP so they can reap the benefits.”
Advice for the Overwhelmed 91%
Mehra offers three pillars:
- Strategic modernisation: “Infrastructure has to be modular and adaptable to change.”
- Data excellence: “Cleanse data for hybrid addresses, unstructured information - unlock what AI and agentic AI can do.”
- Boardroom boldness: “Take your agenda to the board and be bold. Walk stakeholders through your vision for the future of payments and the regulation on the horizon.”
Baynham adds: “Focus on higher-priority mandates - fraud, resilience, ISO. Build compliance into payment flows. Bring compliance teams to the forefront of your modernisation roadmap and involve trusted third-party providers from the start.”
Lessons Learnt from the U.K. and Europe for Rest of World
The U.K. and Europe’s intense regulatory environment offers a blueprint. “Regulation levels the playing field,” Mehra argues. Non-bank financial institutions like Wise now hold accounts with the Bank of England for cross-border payments - a model emerging markets should emulate.
Baynham points to regulatory sandboxes: “PSPs can test solutions in a safe environment. Maybe this can be adopted elsewhere.” The U.K. also mandates cash access alongside digital banking, ensuring inclusion.
Next Steps
As digital assets, stablecoins, and AI-powered payments loom, the regulatory deluge shows no sign of abating. Yet the panel’s message is clear: embrace compliance strategically, modernise boldly, and partner early.
“Start now,” Mehra urges. In the payments race, those who treat regulation as a foe will be left behind. Those who see it as a friend will lead the pack.
Click here to see the panel on-demand.