Buy Now Pay Later has delivered real commercial results. Merchants offering BNPL at checkout have seen conversion rates increase by 20–30%, cart abandonment fall by up to 35%, and average order values rise by 32%. In some verticals, BNPL now drives more than 20% of total revenue.
For high-risk merchants operating in categories where mainstream card acceptance is already constrained, BNPL has often been one of the few genuinely flexible payment options available at checkout.
That is changing. On 11 February 2026, the FCA published Policy Statement PS26/1, formally confirming that BNPL legally reclassified as Deferred Payment Credit (DPC) comes under FCA regulation from 15 July 2026. The rules are final. The authorisation window for providers opens 15 May.
Most merchants are treating this as a provider compliance issue. That framing is incomplete and for high-risk merchants, it is dangerous. PS26/1 creates direct merchant obligations, accelerates vertical exclusions, increases fraud liability, and changes the commercial calculation of BNPL at checkout in ways that require a payments strategy response not a forwarded email to your account manager.
- What FCA PS26/1 Actually Requires: The Five Rules That Matter
- The Four Obligations That Land Directly on Merchants
- Why High-Risk Merchants Face a Fundamentally Different Problem
- The Fraud Problem BNPL Regulation Does Not Solve
- Underwriting Changes and the Checkout Impact
- What High-Risk Merchants Must Do Before 15 July 2026
- Conclusion
- FAQs
What FCA PS26/1 Actually Requires: The Five Rules That Matter
Understanding PS26/1 precisely not in its consumer-facing summary is the starting point for any merchant risk assessment. The regulation introduces five core requirements for all BNPL providers operating in the UK from 15 July 2026.
Rule 1: Mandatory per-transaction affordability checks
Every BNPL transaction requires a proportionate affordability and creditworthiness assessment before approval. This applies to purchases under £50. It applies at every transaction not just at account opening, as most providers currently operate.
Rule 2: Consumer Duty
Providers must demonstrate they are delivering good outcomes for customers across the full product lifecycle from design and marketing through to collections. Which merchant categories a provider serves is now a compliance question, not just a commercial one.
Rule 3: Transparent pre-contract disclosure at checkout
Clear, plain-language information must be surfaced before a BNPL agreement is completed:
- Full instalment schedule
- Total amount repayable
- Consequences of missed payments
- Cooling-off rights
- Returns processes
The obligation sits with the provider. The technical implementation sits with the merchant’s checkout.
Rule 4: Financial Ombudsman Service access
For the first time, consumers can escalate unresolved BNPL disputes to the FOS. Every disputed BNPL transaction now carries formal escalation risk with independent adjudication.
Rule 5: Section 75 Consumer Credit Act protection
For BNPL agreements on purchases between £100 and £30,000 from 15 July 2026, the BNPL provider and the retailer are jointly and severally liable for breach of contract or misrepresentation. If a product is faulty, undelivered, or misrepresented, the customer can claim against either party.
The average BNPL transaction is approximately £70 but for high-risk merchants processing higher-ticket purchases through BNPL, this is a real and new liability.
The Authorisation Timeline Merchants Cannot Afford to Miss
| Date | Event | Merchant Implication |
| 15 May 2026 | TPR notification window opens | Confirm provider registration plans |
| 1 July 2026 | TPR notification window closes | Last date for provider to register |
| 15 July 2026 | Regulation Day | Unregistered providers cannot legally offer BNPL |
Providers not in TPR or fully authorised by 15 July commit a criminal offence by continuing to offer BNPL. For the merchant, the consequence is immediate: BNPL must be removed from checkout that day. There is no grace period, no merchant carve-out, and no remediation window.
The Four Obligations That Land Directly on Merchants
The FCA perimeter covers lenders not merchants. But four direct obligations land on merchants regardless of their provider’s authorisation status.
Obligation 1: Financial Promotions
From 15 July 2026, any reference to BNPL on a merchant’s website, app, email, SMS, social media, or influencer content is a regulated financial promotion subject to FCA standards. Merchants without FCA authorisation must have every piece of BNPL-related content approved in advance by their authorised provider before publication. This includes:
- Checkout page copy referencing BNPL
- Email marketing and SMS sequences
Non-compliance is a breach by the merchant not the provider.
Obligation 2: Checkout UX Disclosure
Mandatory pre-contract information must be correctly surfaced in the merchant’s checkout flow, mobile app, and POS interfaces. The provider supplies the content. The merchant implements it. Merchants who have not made these UX changes by 15 July are non-compliant at the point of sale regardless of whether their provider is authorised.
Obligation 3: Section 75 Joint Liability
Joint and several liability means a consumer can pursue the merchant directly without going to the BNPL provider first. If a customer purchases a £200 subscription package on BNPL and files a Section 75 claim, the claim can land on the merchant. High-risk merchants with elevated dispute rates carry a disproportionate exposure here.
Obligation 4: Provider Dependency Risk
Your BNPL availability on 15 July depends entirely on your provider’s authorisation status. The TPR window closes 1 July two weeks before Regulation Day. If your provider misses that window, you have no time to source an alternative.
What “Jointly and Severally Liable” Means in Practice
Under Section 75, the consumer can pursue either the lender or the retailer or both simultaneously. For high-risk merchants in digital goods, subscription services, or content platforms where cancellation disputes and not as described claims are structurally elevated, this changes the liability profile of every qualifying BNPL transaction processed after 15 July.
Review your commercial agreement with your BNPL provider. Does it include indemnity provisions protecting you against Section 75 claims? If the agreement is silent, that requires renegotiation before July not after a claim is filed.
Why High-Risk Merchants Face a Fundamentally Different Problem
The impact of FCA regulation on mainstream retail is real but manageable. For high-risk merchants, the exposure is structurally more severe for three specific reasons.
Vertical exclusions are formalising, not just tightening
Klarna, Clearpay, and Afterpay already restrict or exclude:
- Online gambling and gaming
- Adult content and entertainment
- Forex, CFDs, and crypto exchanges
- Nutraceuticals with unverified health claims
- Subscription models with difficult cancellation terms
Before regulation, these were commercial decisions. Under Consumer Duty, they become compliance obligations. Providers must now demonstrate that every merchant category generates good consumer outcomes.
Categories where BNPL is used for speculative, consumable, or high-dispute-rate purchases fail that test. Expect exclusion lists to expand and become significantly less negotiable.
The approval rate problem is disproportionate
Mandatory per-transaction affordability checks will generate declines. Where those declines are concentrated matters:
- 63% of BNPL borrowers hold multiple simultaneous BNPL loans across different providers
- When a checkout affordability check surfaces an existing BNPL debt stack, the approval is declined even for a small transaction
- High-risk merchants whose customer demographics skew toward near-prime and subprime credit profiles will see above-average decline rates precisely in the customer segment that relied on BNPL most
Provider consolidation leaves high-risk merchants most exposed
Smaller providers do not. Openpay cited thin margins and fierce competition for merchant acquisition when it exited the UK market and that was before regulation added compliance overhead. White & Case partner Hyder Jumabhoy noted directly that compliance costs “could drive a wave of consolidation in the market, especially among smaller providers.”
The providers most likely to exit are precisely those serving high-risk merchant categories the major players will not touch.
The Conversion Maths Every High-Risk Merchant Needs to Run Now
If BNPL currently drives 20% of your monthly revenue and post-regulation approval rates fall by 20% a conservative estimate for near-prime customer demographics, the direct revenue impact is approximately 4% of total monthly revenue before any fallback payment method captures declined customers.
Without a fallback in place, those are abandoned carts not converted sales.
Ask your BNPL provider now:
- What is your current approval rate by customer credit tier?
- What percentage of our customer base holds multiple active BNPL arrangements?
- What is your projected approval rate post-affordability check implementation?
If your provider cannot give you this data, that absence of transparency is itself a risk signal.
The Fraud Problem BNPL Regulation Does Not Solve
FCA regulation improves consumer protection. It does not close the structural fraud vulnerabilities in BNPL that merchants absorb. These are two separate problems and conflating them is a costly mistake.
Synthetic identity fraud remains the primary threat
- Synthetic identities account for over 80% of new account fraud in BNPL
- Synthetic identity document fraud surged 311% in North America in Q1 2025
- 16% of merchants report synthetic identity fraud as their most common source of fraud losses
- The FCA’s affordability checks use credit bureau data which synthetic identities built around real National Insurance numbers can pass
Regulation does not close this vector. It may create a false confidence that the checks are done.
Account takeover targets high-risk categories specifically
Account takeover (ATO) fraud accounts for 13% of BNPL fraud occurrences. In high-risk merchant contexts digital goods, gaming credits, subscription services ATO is particularly damaging because:
- Goods are delivered instantly and digitally non-recoverable
- A compromised BNPL account already has a pre-approved credit line
- The fraudster completes the purchase and redeems goods within minutes
- The merchant has no practical recourse once digital delivery is confirmed
The three-party blind spot persists post-regulation
Merchants have no real-time visibility into a customer’s total BNPL debt exposure, fraud history, or dispute patterns held by the provider. This information asymmetry is a structural feature of the BNPL model. Regulation does not eliminate it.
The implication is clear: BNPL fraud prevention cannot be outsourced to your provider’s compliance posture. Pre-transaction KYC, device fingerprinting, behavioural scoring at transaction level, and service fulfilment audit logs are merchant-side responsibilities independent of what PS26/1 requires of the lender.
Underwriting Changes and the Checkout Impact
The shift from soft account-opening checks to per-transaction credit assessments is a fundamental change in the BNPL approval architecture.
Klarna moved in this direction in early 2025 introducing income verification tools and real-time spending pattern analysis following scrutiny from the Swedish Financial Supervisory Authority. That was voluntary. From 15 July, it is mandatory for every UK BNPL transaction.
The checkout impact is measurable:
- Per-transaction credit bureau queries add latency to a flow that previously delivered sub-second approvals
- Compliance cost pass-throughs increase the merchant fee on transactions that do complete
The Real Cost of BNPL at Checkout in 2026
| Factor | Pre-Regulation | Post-July 2026 |
| Transaction fee | 4–6% of GMV | Higher compliance costs passed through |
| Approval rate | Near-universal for eligible customers | Declining per-transaction affordability checks |
| Checkout latency | Sub-second | Extended credit bureau query per transaction |
| Merchant liability | Limited | Section 75 joint liability on £100-£30,000 purchases |
| Marketing freedom | Unrestricted | All BNPL content requires provider approval |
What High-Risk Merchants Must Do Before 15 July 2026
These are not general readiness suggestions. They are the specific actions that determine whether BNPL remains viable and legally compliant at your checkout after Regulation Day.
1. Confirm provider TPR readiness in writing
Contact your BNPL provider directly. Request written confirmation of their FCA authorisation timeline and TPR registration plans before 15 May. If they cannot confirm registration by that date, begin evaluating alternatives immediately.
2. Audit all financial promotions referencing BNPL
Every page, banner, email template, SMS sequence, and social media asset that mentions BNPL must be reviewed against FCA financial promotions standards and approved by your provider before 15 July. This is a larger body of work than most merchants anticipate start now.
3. Implement checkout disclosure UX changes
Work with your provider to confirm exactly what pre-contract information must appear at each stage of your checkout. Build, review, and test the UX changes before July, not in the final week.
4. Build and test BNPL fallback payment options
If approval rates decline or your provider fails to authorise, what captures those customers? Evaluate and integrate alternatives before July:
- Card-based instalment schemes Visa Installments, Mastercard Installments
- Open banking-based payment plans
- Alternative APMs with deferred payment capability
5. Review and renegotiate Section 75 indemnity terms
Calculate the monthly value of BNPL transactions above £100. Check whether your provider agreement includes indemnity provisions protecting you against Section 75 claims. If the agreement is silent, renegotiate before July not after a claim is filed.
6. Build fraud infrastructure independently of your provider
Pre-transaction KYC, device fingerprinting, transaction-level behavioural scoring, and service fulfilment audit logs are merchant responsibilities. Build this layer before July and treat it as a permanent operational requirement not a regulatory response.
Conclusion
The FCA’s July 2026 deadline does not sit exclusively on your BNPL provider’s compliance roadmap. It sits on your checkout, your marketing operations, your fraud exposure, and through Section 75 your legal liability for every qualifying BNPL transaction you process from that date forward.
For high-risk merchants, the stakes are proportionally higher. Vertical exclusions are formalising. Approval rates will fall disproportionately for near-prime customer demographics. Provider availability is narrowing. And none of this regulation addresses the synthetic identity fraud, account takeover exposure, and three-party visibility gaps that make BNPL structurally more dangerous for high-risk categories than for mainstream retail.
The businesses that navigate July 2026 well are those that treat it as a payments strategy decision running the conversion maths, confirming provider readiness, building fallback options, and reviewing legal liability before the deadline, not after the revenue impact shows in the dashboard.
Payment Mentors works with high-risk merchants to evaluate BNPL readiness, identify and integrate alternative APMs, and build checkout payment strategies that protect conversion regardless of what the regulatory environment does to any single payment method. If your BNPL strategy has not been reviewed in the context of PS26/1, now is the time.
FAQs
1. What is FCA PS26/1 and what does it mean for BNPL?
FCA Policy Statement PS26/1, published on 11 February 2026, is the final regulatory framework that brings Buy Now Pay Later formally reclassified as Deferred Payment Credit (DPC) under FCA supervision from 15 July 2026. It introduces five core obligations for BNPL providers: mandatory per-transaction affordability checks, Consumer Duty compliance, transparent pre-contract disclosure at checkout, Financial Ombudsman Service access for consumers, and Section 75 Consumer Credit Act protection for qualifying purchases. It is the most significant regulatory intervention in the UK BNPL market since the sector emerged.
2. Does FCA BNPL regulation apply to merchants or only to BNPL providers?
The FCA regulatory perimeter covers BNPL lenders not merchants directly. However, merchants face four specific obligations that sit independently of their provider’s authorisation status: financial promotions compliance, checkout UX disclosure requirements, Section 75 joint liability on qualifying purchases, and provider dependency risk if their BNPL partner fails to obtain authorisation. Merchants who assume this is purely a provider compliance issue are exposed to direct regulatory and legal consequences from 15 July 2026.
3. What is the Temporary Permissions Regime (TPR) and why does it matter for merchants?
The TPR is a transitional mechanism that allows existing BNPL providers who do not yet hold FCA consumer credit permissions to continue operating while their full authorisation application is assessed. The TPR notification window runs from 15 May to 1 July 2026. Providers that fail to register in this window and do not hold existing permissions commit a criminal offence by offering BNPL from 15 July. For merchants, this means that if your BNPL provider misses the TPR window, you must remove BNPL from your checkout on Regulation Day with no grace period and no remediation window.
4. How do mandatory affordability checks affect checkout conversion?
From 15 July 2026, BNPL providers must conduct a proportionate affordability and creditworthiness assessment at every transaction including purchases under £50. Previously, most providers ran soft checks at account opening only. Per-transaction checks add latency to the checkout approval process and generate declines for customers who hold multiple active BNPL arrangements or whose credit profile does not support additional borrowing. For high-risk merchants whose customer base skews toward near-prime demographics, the decline rate will be disproportionately higher than for mainstream retail.
5. What is Section 75 joint liability and how does it affect high-risk merchants specifically?
Section 75 of the Consumer Credit Act makes the BNPL provider and the retailer jointly and severally liable for breach of contract or misrepresentation on qualifying purchases between £100 and £30,000 from 15 July 2026 onwards. Joint and several liability means the consumer can pursue the merchant directly without going to the BNPL provider first. High-risk merchants in digital goods, subscription services, and content platforms where cancellation disputes and not-as-described claims are structurally elevated face a disproportionate exposure. Merchants should review their BNPL provider agreements for indemnity provisions and renegotiate if those protections are absent.
6. Why are high-risk merchants more vulnerable to BNPL vertical exclusions under the new regulation?
FCA Consumer Duty requires BNPL providers to demonstrate that they are delivering good outcomes for customers across every merchant category they serve. Categories where BNPL is used for speculative, consumable, or high-dispute-rate purchases gambling, gaming, adult content, forex, certain subscription models struggle to meet this standard. Before regulation, provider exclusions of these verticals were commercial decisions. Under Consumer Duty, they become compliance obligations. Expect exclusion lists from mainstream providers like Klarna, Clearpay, and Afterpay to formalise, expand, and become significantly less negotiable after 15 July.
7. What are the financial promotions obligations for merchants under BNPL regulation?
From 15 July 2026, any reference to BNPL on a merchant’s website, app, email, SMS, social media, or influencer content constitutes a regulated financial promotion subject to FCA standards. Merchants without FCA authorisation must have every piece of BNPL-related content approved in advance by their FCA-authorised BNPL provider before publication. This includes website banners, product page callouts, checkout copy, email templates, and social media posts. Non-compliance is a breach by the merchant not the provider and carries direct regulatory consequences.
8. How does synthetic identity fraud affect BNPL transactions at high-risk merchant checkouts?
Synthetic identities created by combining real and fabricated personal information account for over 80% of new account fraud in BNPL. Synthetic identity document fraud surged 311% in North America in Q1 2025. The FCA’s mandatory affordability checks use credit bureau data, which synthetic identities built around real National Insurance numbers or stolen credit file details can pass. Regulation does not close this vector. High-risk merchants must implement independent fraud defences including device fingerprinting, pre-transaction KYC, and behavioural scoring that operate regardless of what the BNPL provider’s compliance infrastructure catches.
9. What is account takeover fraud in BNPL and why are high-risk merchants particularly at risk?
Account takeover (ATO) fraud involves criminals gaining access to a legitimate customer’s BNPL account and making unauthorised purchases. ATO accounts for 13% of BNPL fraud occurrences. High-risk merchant categories digital goods, gaming credits, subscription services are primary ATO targets because goods are delivered instantly and digitally, making them non-recoverable once fulfilled. A fraudster with a compromised BNPL account carrying a pre-approved credit line can complete a purchase and redeem goods within minutes. FCA regulation does not address ATO risk. Merchants must treat it as an independent fraud exposure requiring dedicated controls.
10. What should merchants do if their BNPL provider fails to obtain FCA authorisation by July 2026?
If a BNPL provider fails to register for the Temporary Permissions Regime by 1 July 2026 or does not hold existing FCA permissions, the merchant must remove BNPL from their checkout on 15 July. There is no grace period. Merchants should begin contingency planning now by identifying alternative BNPL or instalment payment providers, evaluating card-based instalment schemes such as Visa Installments or Mastercard Installments, and testing fallback checkout flows before the deadline. Waiting until July to source an alternative leaves insufficient time for integration, testing, and compliance review.
11. How is BNPL regulation likely to affect provider fees for merchants?
BNPL transaction fees currently range from 2-8%, averaging 4-6% already materially higher than standard card processing costs of approximately 2%. FCA compliance infrastructure credit bureau integration for per-transaction affordability checks, Financial Ombudsman Service complaint handling, Consumer Duty governance frameworks, and enhanced onboarding processes represents significant investment for BNPL providers. These costs will be passed through to merchants in the form of higher transaction fees, reduced commercial terms, or both. High-risk merchants operating on thinner margins should model this fee escalation into their BNPL cost-benefit analysis before July.
12. Is BNPL still viable for high-risk merchants after FCA regulation?
BNPL remains viable, but it is no longer a low-friction conversion tool. Regulation introduces higher decline rates, stricter provider controls, and increased merchant liability. For high-risk merchants, BNPL must now be evaluated as part of a broader payment strategy, supported by fallback payment methods and independent fraud controls.
13. What are the best alternatives to BNPL for high-risk merchants?
Merchants should evaluate fallback options including:
- Card-based instalments (Visa Installments, Mastercard Installments)
- Open banking-based payment plans
- Alternative APMs with deferred payment structures
A multi-method checkout reduces dependency on any single provider and protects conversion if BNPL approval rates fall or availability changes.