In 2026, global expansion teams can no longer rely on the old sequence of launching a product, proving demand, and addressing compliance once volumes grow. Payment service providers and acquirers are derisking aggressively, especially in markets with tight FX controls, local licensing requirements or heightened AML expectations. Regulators are also paying closer attention to cross-border payment flows, data transfers and the licensing status of firms serving local customers from abroad.

As a result, compliance has shifted from a late-stage operational task to the foundation of market entry strategy. UK merchants now need to map licensing, FX controls, data rules and AML obligations before switching on payments because in many jurisdictions, compliance is what determines whether a launch is possible at all.

Step 1: Regulatory Mapping by Market Type

Before any merchant activates payments in a new market, the first task is to build a regulatory map that defines what is legally required to operate there. Market-entry failures almost always stem from unclear licensing obligations, overlooked data-transfer restrictions or assumptions that “UK-grade compliance” is enough everywhere. In 2026, it isn’t. Regulators expect firms to demonstrate they understand the local payment environment before switching on cross-border services.

Understanding Payments Licensing Regimes

Every market categorises payment activity differently. Some mirror the UK’s PI/EMI framework, while others require sector-specific licences or domestic operating permissions. Mapping these requirements early helps determine whether a merchant can operate cross-border or must establish a local footprint.

A regulatory map typically distinguishes between:

• PI/EMI-style regimes (common in the EU and advanced markets)
• Local operator licences for gateways, wallets or collection services
• Markets requiring in-country entities to offer payments or payouts
• Territories permitting cross-border services with limited thresholds

For markets aligned with EU rules, the European Commission’s PSD3/PSR hub provides the clearest view of how payment institutions and EMIs will be supervised under the incoming regime.

Reference: EU PSD3–PSR Official Hub (European Commission)

Data Localisation & Cross-Border Transfer Rules

Data policy now plays a decisive role in determining how merchants structure payments. Several jurisdictions require customer or transaction data to remain within their borders, which affects PSP selection, settlement routing and incident reporting.

Merchants should validate:

• Whether customer data must be stored locally
• Whether payment data may be accessed from the UK
• Whether outbound transfers require consent, notification or registration
• Whether cloud providers must host infrastructure inside the jurisdiction
• Whether certain data types (KYC, biometrics, identity attributes) are restricted

Ignoring these constraints can prevent PSPs or acquirers from supporting the market even when licensing requirements are technically met.

Market-Type Categorisation

A practical way for expansion teams to begin is by placing candidate markets into three categories:

1. Open regulatory markets: flexible licensing, no strong localisation rules
2. Structured regulatory markets: licensing is clear but data/FX constraints apply
3. Restricted markets: local entity required, strict capital controls, heightened AML scrutiny

This classification helps prioritise launch order and resource allocation.

Step 2: FX and Capital Controls as a Payments Constraint

Even when licensing and data permissions are clear, many markets restrict how money flows into and out of the country. These FX and capital controls shape everything from settlement timing to how refunds are processed. For UK merchants entering new regions, understanding these controls early prevents unexpected payout delays, PSP rejection, or the need for costly restructuring after launch.

Markets with Strict FX or Capital Control Regimes

Some jurisdictions impose daily limits, pre-approval requirements, restricted currencies, or mandatory conversion windows. Others regulate outbound flows tightly to protect reserves. These rules can influence the operational design of your payment stack more than any licensing requirement.

For deeper context, the IMF’s analysis of digital payments and FX control environments highlights how emerging markets manage capital flows and the operational challenges these create for cross-border businesses.

How FX Controls Affect Settlement and Refunds

FX restrictions shape the merchant experience far beyond currency pricing. They influence when funds settle, how PSPs batch transactions, and whether refunds can be issued from offshore accounts. In strict jurisdictions, merchants may be required to:

• Settle funds with a local banking partner
• Hold multi-currency wallets in market to support refunds
• Maintain additional liquidity buffers tied to FX availability
• Accept slower settlement cycles due to central bank oversight

These constraints directly affect reconciliation accuracy and operational continuity.

FX Controls and PSP Selection

Not all PSPs support controlled markets. Many will not onboard merchants unless the flows comply with local FX rules before processing begins. Early mapping helps merchants avoid last-minute surprises, such as:

• PSPs refusing to provide local acquiring
• Settlement delays caused by forced FX conversion
• Additional documentation requests tied to outbound flows
• Suspended payouts triggered by central bank scrutiny

Choosing PSPs familiar with the relevant controls ensures more predictable settlement behaviour.

Step 3: AML / KYC Alignment Across Markets

Even when licensing and FX rules are addressed, many market-entry failures happen when a merchant’s KYC framework does not meet the expectations of the new jurisdiction. In 2026, AML requirements vary considerably across markets, and PSPs increasingly expect merchants to demonstrate a clear gap analysis before onboarding.

The assumption that “UK-standard KYC is sufficient everywhere” is no longer accurate, especially as regulators tighten scrutiny on cross-border flows.

Understanding the KYC Gap

Your existing KYC stack document checks, risk scoring, enhanced due diligence may align with UK expectations but diverge from rules in markets where regulators require additional identity attributes, local address verification, or stricter screening of permanent residents vs foreign nationals.

Expansion teams should examine:

• What customer attributes are mandatory in the new market
• Whether enhanced due diligence triggers differ by risk tier
• If identity verification must use local verification providers
• How residency, nationality or business classification affects onboarding
• Whether onboarding must be revalidated after a fixed interval

This review helps avoid delays when PSPs or acquirers test your compliance posture before activating payments.

FATF High-Risk & Grey-Listed Jurisdictions

A core consideration in 2026 is whether the target market appears on the FATF list of High-Risk and Other Monitored Jurisdictions. FATF’s classification significantly influences PSP appetite, onboarding timelines and the level of scrutiny applied to customers originating from or transacting with those regions.

If a target market appears on the high-risk list, merchants may face:

• Longer PSP onboarding cycles
• More restrictive payout and settlement rules
• Mandatory enhanced due diligence for specific customer groups
• Additional documentation requirements for compliance oversight

If it appears on the grey list, PSPs may proceed but with tighter controls, lower tolerance for risk spikes and more frequent compliance reviews.

Reference: FATF – High-Risk and Other Monitored Jurisdictions

Why AML Alignment Matters for PSP Support

PSPs evaluate a merchant’s AML posture before agreeing to process live transactions, especially when entering markets with heightened geopolitical, financial or fraud risks. An inadequate AML framework is now one of the leading reasons PSPs decline new-market applications.

PSPs increasingly look for:

• Clear risk scoring logic supported by real data
• Documented enhanced due diligence procedures
• Screening rules appropriate for local naming conventions and data formats
• Evidence of ongoing monitoring not just onboarding controls
• Internal ownership of AML decisions

Merchants that can demonstrate these controls gain faster approvals and more flexible settlement options.

Step 4: Structuring the Legal & Entity Footprint

Before switching on payments in a new market, merchants must determine the legal structure through which services will operate. This choice influences licensing requirements, PSP appetite, tax exposure, data obligations and the level of scrutiny regulators apply.

In 2026, PSPs expect merchants to justify their entity design as part of onboarding particularly in markets where FX controls, localisation rules or AML expectations raise the risk profile.

Local Entity

A local entity is often required in markets with strict licensing regimes or strong consumer-protection oversight. Establishing a subsidiary signals long-term commitment and can simplify access to domestic payment rails or settlement accounts. Merchants choosing this route typically accept higher operational cost in exchange for:

• Greater regulatory acceptance
• Access to in-market acquiring or payout capabilities
• Smoother onboarding with PSPs that must comply with local supervision

However, a local entity also brings additional governance duties. Supervisors in some regions expect local directors, in-market compliance officers or locally stored operational records. These expectations are becoming more defined under regional reforms aligned with the European Banking Authority’s supervisory approach to payment institutions.

Branch Model

Branches sit between local entities and fully cross-border operations. They allow merchants to present a domestic presence without incorporating a new legal company. A branch is often a suitable structure in markets that are licensing-light but still require contactable oversight or documented accountability.

Cross-Border Provision of Services

Some markets permit fully cross-border payment services as long as customers are not deemed “domestically acquired”. This model avoids the cost of incorporation, but it narrows PSP choice: many acquirers prefer merchants with a local presence to reduce transaction risk and simplify dispute handling. Cross-border operating models also tend to face:

• Higher scrutiny of AML controls
• Stricter due-diligence questionnaires
• Limitations on using local payment methods or payout rails

This structure works best in markets with open regulatory regimes and no data localisation requirements.

High-Level Tax & Regulatory Trade-Offs

While no tax advice is provided, expansion teams should understand the regulatory trade-offs: a local entity usually improves PSP onboarding and compliance alignment, while cross-border models offer speed but introduce constraints. The decision should be informed by licensing needs, settlement behaviour, FX controls and long-term commercial strategy rather than speed alone.

Step 5: Building a “Regulatory Readiness Pack” for PSPs & Acquirers

By 2026, PSPs and acquirers expect merchants to demonstrate compliance readiness before they agree to support a new market launch. This shift is driven by tighter prudential rules, heightened AML expectations and growing regulatory scrutiny of cross-border payment flows. A well-constructed readiness pack gives PSPs the confidence that the merchant has mapped the regulatory environment, structured the right entity footprint and established controls appropriate for the destination market.

The readiness pack is not a marketing document it is effectively a due-diligence dossier. PSPs use it to assess whether your business model fits within their risk tolerance and whether the proposed flows comply with local licensing, FX control and data governance rules. It also reduces onboarding delays by answering many of the questions PSPs would otherwise raise during risk assessment.

Core Components of a PSP Readiness Pack

Although the content varies by region and PSP, most readiness packs include a set of foundational materials. These are not decorative; each one addresses a specific regulatory or operational concern.

These elements closely mirror the direction of PSD3 and the evolving PSR supervisory framework in the EU, both of which emphasise ex-ante risk assessment and stronger oversight of outsourced payment functions. PSPs must be able to demonstrate to regulators that their merchant portfolio is compliant, which is why the burden of preparation increasingly falls on merchants at the onboarding stage.

How PSD3, PSR and Global AML Reforms Raise the Threshold for Market Entry

Under PSD3 and the upcoming PSR reforms, payment institutions are expected to monitor not just transaction behaviour but also settlement profiles, liquidity risks and cross-border customer journeys. Merchants entering new markets must therefore show:

• How local rules influence their payment flows
• How AML/KYC controls adapt to regional expectations
• How data is stored, transferred and accessed
• How operational risks are managed across borders

At the same time, global AML reforms driven by FATF evaluations and regional enforcement actions mean PSPs may reject applications if the merchant cannot demonstrate market-specific AML alignment.

Clear documentation shortens risk reviews, reduces back-and-forth queries and increases the likelihood of securing acquiring or payout support.

Practical Templates: Market Entry Compliance Checklist

Expansion teams often struggle not with understanding regulations, but with organising the information in a way that PSPs, acquirers and internal stakeholders can actually use. A market-entry compliance checklist helps standardise this process by capturing the critical regulatory and operational variables in a single view. In 2026, this type of structured intake sheet has become an expectation not an optional exercise because PSPs increasingly require merchants to evidence that they have completed foundational due diligence.

The goal is not to produce a long document; it is to produce one that is complete, accurate and easy for regulators or PSP risk teams to digest. Most high-performing expansion teams maintain a one-page template per market that can be updated as rules evolve or PSP requirements shift.

How Expansion Teams Use the Template

The intake sheet becomes the anchor document for market-entry planning. Legal teams use it to validate licensing implications; treasury teams use it to assess FX and settlement constraints; data teams review localisation rules; compliance teams verify AML posture; and PSP partners rely on it during onboarding reviews.

Because PSPs increasingly face their own supervisory expectations particularly under frameworks influenced by the European Commission’s PSD3/PSR reforms they expect merchants to provide structured, market-specific information rather than general assurances of compliance.

Conclusion

By 2026, entering a new market is no longer defined by product readiness or customer demand alone. The determining factor often the make-or-break variable is whether a merchant can evidence compliance alignment before a single transaction is processed. Licensing rules, FX controls, data localisation requirements and AML expectations now form the practical boundaries of where and how a business can operate.

Merchants that approach compliance reactively tend to discover constraints late, face PSP onboarding delays or encounter settlement issues that undermine customer trust. Those that prepare early, document clearly and structure their entity footprint with intent move faster, negotiate better PSP terms and maintain resilient payment operations across regions. In today’s environment, compliance is not a barrier to expansion; it is the architecture that makes expansion possible.

---

FAQs