DEV Community

Tom Wang
Tom Wang

Posted on • Originally published at tomcn.uk

UK Open Banking Launches Its Card Challenger

For eight years, UK open banking has been a brilliant set of rails without a timetable. The plumbing worked — millions of account-to-account payments cleared every month — but there was no shared commercial framework to make recurring, card-free payments a mainstream default. On 2 June 2026, at Money20/20 Europe, that changed. The UK Payments Initiative (UKPI) went live with a finalised rulebook, a commercial model and operational standards for flexible, automated, recurring account-to-account payments. As a fintech developer and payment developer who has spent years wiring up Open Banking APIs, I think this is the most consequential structural upgrade to UK payments since Faster Payments launched.

This is not another pilot. UKPI Ltd is backed by an unusually broad coalition of founding shareholders — Barclays, HSBC, Lloyds Banking Group, NatWest, Nationwide, Santander, Monzo, Revolut and Starling on the bank side, with Acquired, GoCardless, Plaid, TrueLayer and Yapily among the fintech founding members. When the high-street banks and the open banking fintechs sit at the same table and agree a rulebook, the thing that has been missing for years finally arrives: certainty.

What the UKPI scheme actually standardises

The headline capability is commercial variable recurring payments (cVRP) — recurring account-to-account payments where the consumer, not the merchant, sets the rules. Under the scheme a payer can define how long a permission lasts, the maximum that can be taken, and exactly who receives the money, all without sharing card details or setting up a traditional direct debit. The permission lives in the bank, is visible in the banking app, and can be revoked in one tap.

For a payment developer, the value of UKPI is less the technology — VRP has existed as an API pattern for a while — and more the scheme layer sitting on top of it:

  • A shared rulebook that defines liability, dispute handling and refund obligations across every participant, so you build to one specification rather than negotiating bilaterally with each bank.
  • A commercial model that finally answers "who pays whom" — the question that quietly killed countless open banking business cases.
  • Operational standards for availability, performance and consumer protection, moving cVRP out of bespoke bank-by-bank integrations and toward predictable, scheme-grade reliability.

The FCA, which published a supporting statement the same day, called it "a major step forward for open banking and commercial variable recurring payments" and said it expects the launch to act "as a catalyst for other initiatives to emerge." Critically, the regulator confirmed it will consult on a long-term regulatory framework by the end of 2026 and supports establishing an independent standards-setting body. That sequencing — industry ships the rulebook, regulator codifies it afterwards — is how durable payment infrastructure usually gets built.


Read the full article on tomcn.uk →


About the Author

I'm Tom Wang, an AI Developer & Fintech Developer — building AI agents, crypto payment infrastructure, and cross-border payout systems with Rust, Go, and TypeScript. Based in London, UK.

Currently open to new opportunities in fintech, crypto payments, and AI agent engineering.

Top comments (1)

Collapse
 
johnfrandsen profile image
John Frandsen

Great breakdown of the UKPI launch. The "who pays whom" question has genuinely been the silent killer of OB business cases, and having banks + fintechs agree on a shared commercial model with defined liability is a structural upgrade, not just a technical one.

One gap worth flagging from the developer trenches: while cVRP rightly gets the spotlight for payments, the AIS (account information) side that powers aggregation, budgeting, and reconciliation tools still has a barrier the scheme layer doesn't touch. To access bank data under PSD2 — even purely read-only, consumer-consented — providers need an eIDAS QWAC qualified certificate. That runs roughly EUR 3,000 to 10,000 per year depending on the QTSP. For TrueLayer, Yapily, and the other founding members that is table stakes. For an indie dev who just wants to read their own transaction data across a few banks, it is a hard wall.

It would be powerful to see the governance conversation extend to an AIS-only tier that does not require the full QWAC burden for read-only access. The UKPI scheme standardises the payment rails beautifully; a parallel simplification on the data-access side would unlock a long tail of builders who are currently locked out.

(Disclosure: I work on open-banking.io, which is exploring certificate-free bank-data access for small builders. This comment is about the structural gap, not a product pitch.)