The UK’s Payment Services Regulations 2017 — transposing PSD2 into domestic law — created the legal right for third parties to initiate payments and access account data with customer consent. What those regulations did not create was the commercial infrastructure to make that right economically meaningful. API quality across the nine largest UK banks, when the CMA Open Banking Implementation Entity began its work, ranged from genuinely well-designed to actively obstructive. Error rates on payment initiation calls routinely ran above five percent at the weakest implementations. The rule existed; the plumbing did not.
That gap between regulatory intent and infrastructure reality is precisely where we focus our attention at Pemberton. The payment stack being rebuilt is not the consumer-facing layer — several capable neobanks have handled that — but the connectivity, reconciliation, and authentication layers that sit between bank accounts and the businesses that want to use them. Building a functional payment initiation flow in 2019 meant assembling a fragile chain: an aggregator for bank connectivity, a separate reconciliation service, and bespoke handling for each bank’s idiosyncratic error responses. What a new entrant would call a "payment product" was, in reality, a maintenance burden wrapped in brittle API calls.
The most consequential change in the past two years has not been regulatory — it has been the gradual improvement in bank API reliability, driven partly by FCA supervisory pressure and partly by the commercial reality that banks with broken APIs lose the business of payment-native fintechs building on top of them. When Faster Payments infrastructure is paired with a well-implemented Open Banking connection, the settlement latency for a business-to-business payment drops from two days to seconds, and the margin captured by card networks disappears entirely. That arithmetic is now visible enough that large enterprise buyers are asking their SaaS providers whether they support account-to-account payment collection. In 2019, that question was not asked.
We are not arguing that cards are finished. Cards carry consumer protections — Section 75 of the Consumer Credit Act, chargeback rights — that account-to-account payments do not yet replicate. For consumer e-commerce, the card network is a rational choice for buyers. The disruption is happening in B2B payments, in payroll, in insurance premium collection, and in the software-led vertical markets where the buyer relationship exists entirely within the software platform. These are precisely the flows where card interchange is a tax with no corresponding consumer protection benefit, and where the payer is sophisticated enough to accept a different payment mechanism in exchange for speed and lower cost.
What we expect to see over the next three years is the construction of the commercial layer that PSD2 anticipated but could not mandate: fraud liability frameworks for payment initiation, standardised dispute resolution outside the card chargeback system, and the commercial adoption of Variable Recurring Payments for subscription and usage-based billing. The infrastructure companies building these layers are not, for the most part, regulated payments institutions themselves — they are the connective tissue between bank APIs and the software companies that want to use them. That is where our investment attention is focused, and it is where we believe the most durable value in the next phase of the payment stack will accumulate.