GLOBAL PAYMENTS KNOWLEDGEISO 20022 / SWIFT / SEPA / MT / MX

Payments - Introduction / Learning brief

Payments regulators and oversight

Your notes

What this means in plain language

Payments are governed by several kinds of body: central banks that operate and oversee systems, scheme owners that set rules, and conduct and competition regulators. This article explains who does what and why oversight matters.

A payment system is critical shared infrastructure, so it is watched by several kinds of authority, each with a different job. Central banks often play two roles at once: they operate core settlement systems, and they oversee the wider payment landscape to keep it safe and reliable. Scheme owners, such as the EPC (European Payments Council), write the rulebooks that banks follow for particular payment types. Conduct and competition regulators, such as the United Kingdom's PSR (Payment Systems Regulator) and the EBA (European Banking Authority), focus on fair access, good outcomes for users, and healthy competition. These roles overlap but do not duplicate: one body may run a system, another may set its rules, and a third may check that it treats users fairly. Oversight matters because payments must keep working, must be open to new entrants, and must protect the people who depend on them, especially when a single system carries much of a country's money.

Understand the full idea, step by step

Who is actually in charge of payments? Not one body, it turns out, but several kinds of body — each holding a different lever. One runs the settlement systems themselves. One writes the rulebooks that make schemes work. Others watch over safety, fair access, and financial crime. Knowing which is which tells you, for any rule you meet, who wrote it, why, and who could change it.

Central banks wear two hats

Central banks sit at the centre of payments in two distinct capacities. As operators, they run core settlement infrastructure — above all the RTGS (real-time gross settlement) system, where banks hold accounts and settle obligations in central bank money, the one asset that cannot fail the way a claim on a commercial bank can. As overseers, they set safety and resilience expectations for payment systems across the landscape, including systems run by others. The two hats can pull against each other — a central bank may oversee a system that competes with one it operates — so oversight is usually kept organisationally separate from operations. Both hats exist for the same reason: payment systems are critical infrastructure, and if a major one stops, salaries, invoices, and markets stop with it.

Oversight

Oversight is the function by which an authority — typically a central bank — monitors payment and settlement systems, assesses them against safety and efficiency standards, and induces change where needed. It is aimed at systems, which distinguishes it from the supervision of individual institutions. The international benchmark is the Principles for Financial Market Infrastructures (PFMI), issued by the Committee on Payments and Market Infrastructures (CPMI) together with IOSCO (the International Organization of Securities Commissions), which jurisdictions adapt into local requirements — including explicit responsibilities for the authorities themselves.

Who does what
Kind of bodyWhat it isHow it acts
Central bankPublic institution — operator of core settlement systems and overseer of the wider landscape (our fictional Central Bank Omega plays this role)Runs RTGS and related infrastructure; assesses systems against oversight standards informed by the PFMI
Scheme ownerUsually an industry body whose members use the scheme — e.g. the European Payments Council (EPC) for the SEPA schemesA binding rulebook: message usage, timing, participant obligations, dispute handling. To take part, you implement the rules exactly
Supervisors and conduct or competition regulatorsPublic authorities focused on institutions and outcomes — e.g. the European Banking Authority (EBA) developing technical standards under PSD2, or the UK's Payment Systems Regulator examining access and feesLicensing, technical standards, directions on access and pricing, consumer protection
International standard-settersCommittees that agree common standards across countries — the CPMI for infrastructure, the Financial Action Task Force (FATF) for money-laundering and terrorist-financing controlsPrinciples and recommendations that national authorities turn into local law and supervision

You may be wondering: where does FATF fit — is it a payments regulator?

Not directly. The FATF (Financial Action Task Force) is an intergovernmental body that sets the international standards for AML/CFT — anti-money-laundering and countering the financing of terrorism. It regulates no bank and operates no system; instead, its Recommendations are implemented by national law-makers and enforced by national supervisors. Payments feel FATF's influence constantly all the same: requirements such as complete originator and beneficiary information travelling with a transfer trace back to its standards. FATF sets the level; countries build the walls.

COMMON CONFUSION

SWIFT is the global payments regulator — it runs international payments, so it must be the body in charge of them.

SWIFT is a bank-owned cooperative providing secure messaging and standards; it regulates no one and settles nothing. It is itself subject to oversight by central banks precisely because so much depends on it. The bodies with actual authority are the ones in the table above: central banks, scheme owners with their rulebooks, and public regulators. A network being everywhere is not the same as a network being in charge.

STRICTLY SPEAKING

Strictly speaking, the division of these responsibilities varies considerably by jurisdiction: some countries fold conduct, competition, and prudential roles into one authority, others split them across several; some central banks operate many systems, others few. The names in this lesson are examples, not a directory. And none of this is legal advice — which rules bind a given institution, in a given country, for a given product is a question for that jurisdiction's current law and the institution's own compliance function.

REMEMBER IT

Sort any authority by its lever: runs the system (central bank as operator) · watches the systems (central bank as overseer) · writes the rulebook (scheme owner) · polices institutions and outcomes (supervisors, conduct and competition regulators) · sets the international level (CPMI, FATF). One question — what lever does this body hold? — files almost any document correctly.

FOR NOW, REMEMBER

  • Central banks act twice: operating core settlement systems in central bank money, and overseeing systems — including ones they do not run — against standards informed by the PFMI.
  • Scheme owners are usually industry bodies whose power is the rulebook: implement it exactly, or you cannot participate.
  • Supervisors and conduct or competition regulators police institutions and outcomes — licensing, technical standards, fair access, fees.
  • International standard-setters like the CPMI and FATF set common levels that national authorities turn into local law.
  • Oversight exists to hold three things together: safety, access, and fairness — the exact split of duties varies by jurisdiction.

TRY IT YOURSELF

A new payment firm complains publicly that Clearing System Delta's participation fees are structured so that small firms can never realistically join. Which kind of body is the natural addressee of that complaint?

The scheme owner's standards committee — fees are written in the rulebook, so the rulebook body handles fairness disputes about them.

Not this one — The scheme owner sets participation terms, but it is an industry body of existing members — it is the object of an access complaint, not the arbiter of one. When the fairness of the rules themselves is challenged, the challenge goes to a public authority.

A conduct or competition regulator — fair access to payment systems and the structure of fees is exactly the outcomes-focused territory such authorities exist to examine.

Correct — Right. A system can be technically sound and still work poorly for society — blocked entrants, fees falling unfairly. Public regulators with access and competition mandates (the UK's Payment Systems Regulator is a real example) can investigate and direct changes in a way no industry body can.

The FATF — barriers to entry in payments fall under the international financial-crime standards.

Not this one — FATF sets anti-money-laundering and counter-terrorist-financing standards; the fairness of participation fees is a competition and access question, an entirely different lever. Matching the complaint to the body's actual mandate is the skill this lesson builds.

You now know who governs the machinery. Step back to the machinery itself: the foundations topic rebuilds, from first principles, what a payment actually is — and everything these authorities exist to protect.

KEEP GOING

Three things to remember

  1. 01

    Central banks often both operate settlement systems and oversee the wider payments ecosystem.

  2. 02

    Scheme owners such as the EPC write the rulebooks that participating banks must follow.

  3. 03

    Conduct and competition regulators such as the PSR and the EBA protect access, fairness, and competition.

Where you would use this

USE CASE 01

A central bank sets standards a payment system must meet to be considered safe and resilient.

USE CASE 02

A scheme owner publishes a rulebook that every participating bank must implement to join a scheme.

USE CASE 03

A conduct regulator investigates whether new entrants can access a payment system on fair terms.

Put the idea into a real situation

Illustrative example: a fictional fintech, Northwind Pay, wants to offer instant transfers. First it must meet the rulebook published by the relevant scheme owner, which sets message formats and a 10-second credit target. It must also satisfy the central bank's oversight standards for safety before connecting to settlement. If Northwind Pay believes an established bank is charging it unfair access fees, it can raise the matter with the conduct and competition regulator, which can investigate and require changes. Three different bodies, three different roles, one payment.

Evidence & review

REVIEWED 2026-07-13

General orientation to payments governance; named bodies (EPC, EBA, UK PSR, CPMI, FATF) cited in their verified public roles. The exact division of duties varies by jurisdiction; not legal advice.

What this brief simplifies: Groups the governance landscape into four kinds of body; real jurisdictions split or merge these roles differently, and prudential supervision of banks is mentioned only in passing. The three-documents scenario is fictional.

Sources for this brief4
  1. Official requirement

    Principles for financial market infrastructuresCPMI and IOSCO (Bank for International Settlements) · Principles for Financial Market Infrastructures; responsibilities of authorities

    International risk-management standards for systemically important payment systems and other financial market infrastructures. · Checked 2026-07-12

    Published by the CPSS (now CPMI) and IOSCO; contains 24 principles plus responsibilities for authorities. This site uses it only for high-level concepts such as settlement finality.

  2. Official requirement

    The FATF Recommendations: International Standards on Combating Money Laundering and the Financing of Terrorism & ProliferationFinancial Action Task Force · International AML/CFT standards, incl. payment transparency

    The global standards countries implement against money laundering, terrorist financing, and proliferation financing, including targeted financial sanctions and payment transparency under Recommendation 16. · Checked 2026-07-12

    Adopted in 2012 and updated regularly since; the June 2025 FATF plenary agreed revisions to Recommendation 16 on payment transparency. Consult the live consolidated text for the current wording.

  3. Official requirement

    PSD2 and the RTS on strong customer authentication and secure communicationEuropean Banking Authority · EBA technical standards and guidelines under PSD2

    Governs open banking access in the European Union, including payment initiation and account information services offered by third-party providers, and the requirement for strong customer authentication. · Checked 2026-07-13

    Referenced from the European Banking Authority's public summaries, guidelines, and technical standards on payment services.

  4. Simplified educational illustration

    Payments Signal editorial teaching modelsPayments Signal · Fictional Bank Alfa / Central Bank Omega framing

    This site's own simplified teaching models. · Checked 2026-07-12

    Used wherever diagrams, scenarios, figures, or example values are didactic constructions rather than sourced facts; every such use carries a simplifications disclosure. All people, companies, banks, and list entries in examples are fictional.

Learn this properly

Related briefs

View Payments - Introduction archive

Reconciliation in payments

Explains how banks match internal ledgers against nostro statements and clearing reports to prove recorded money equals actual money, and how unmatched items, called breaks, are found, investigated, and cleared.

READ BRIEF

Push versus pull payments

Push and pull payments differ by which party starts the transfer. A push is initiated by the payer, a pull is collected by the payee under prior authority, with credit transfers and direct debits as the standard examples.

READ BRIEF