BNPL in the EU After CCD2: The Compliance Burden Most Teams Underestimate
The checkout can stay lightweight after CCD2. The affordability and disclosure evidence behind it cannot.
The checkout can stay lightweight after CCD2. The affordability and disclosure evidence behind it cannot.
BNR, KNF, and CNB ask the same questions about a borrower in a different order, with different proof.
A clean registry extract and a plausible MCC code are the start of merchant risk review, not the end of it.
Outsourcing compliance work is allowed under EBA rules. Losing the ability to inspect and govern it is not.
Adding USD or GBP to a EUR account isn't just an FX feature. It's a new corridor your bank partner will start watching.
A card is issued once. The compliance obligation behind it does not end there — it follows the cardholder for years.
Open banking firms can no longer treat AML as someone else's problem. If your AISP sees suspicious behavior or your PISP triggers payments, you need CDD, monitoring, and escalation paths.
When a SEPA Instant payment settles in 10 seconds, AML controls that used to sit in review queues have to move before release. Here's what that control sequence needs to contain.
A payment institution can passport into a new EU market in weeks and still fail in practice. The license travels. The disclosures and monitoring thresholds don't, unless you designed them to.
When a BaaS provider routes funds for a sub-merchant it didn't fully verify, the compliance failure is the provider's — not the platform's. Here's how to fix the architecture before that happens.
Fintechs that treat AML as a manual process are paying twice — once in compliance costs, again in slower onboarding. Automation is closing that gap.
Lithuania can be a fast EMI licensing route — but only when the operating model is ready. The Bank of Lithuania isn't just reading the application. It's testing whether the controls actually work.