����žž

Catch up on some of the stories our payments compliance analysts have covered lately, and stay up-to-date on the latest news.

EU’s Updated Payment Services Rules Move A Step Closer With New Agreement

Member states have agreed their position on updates to the payment services regime, paving the way for negotiations with the European Parliament on a final version of the reforms.

The agreement was reached by representatives of member state governments in the Committee of Permanent Representatives (Coreper), the body that prepares the work of the Council of the EU.

With the Council’s position now agreed, negotiations with the European Parliament to finalise the text of the legislation can now begin.

The package includes a new and amendments to the existing Payment Services Directive (PSD2), which will become .

“Consumers deserve a fraud-resistant, transparent and safe payment services environment,” said Andrzej Domanski, the Polish minister for finance.

“At the same time, we need to encourage innovation in the sector. These new rules will deliver on both fronts.”

Massive Hack Leads Iran To Suspend Crypto Exchanges

Iran has imposed a curfew on crypto exchanges in the wake of a major cyberattack that drained $90m from its largest trading platform, Nobitex.

A pro-Israeli hacking group, Gonjeshke Darande, or Predatory Sparrow, claimed responsibility for the attack, which took place on Wednesday (June 18).

Cybersecurity experts believe the hackers may have transferred the hacked crypto to digital wallets over which they had no control, effectively throwing it away.

In a post on X, Gonjeshke Darande said the Nobitex exchange was at the heart of the Iranian regime’s efforts to finance terror worldwide, as well as being the regime’s favorite sanctions violation tool.

“N�Dz����ٱ�� doesn’t even pretend to abide by sanctions. In fact, it publicly instructs users on how to use its infrastructure to bypass sanctions. The regime's dependence on Nobitex is evident from the fact that working at Nobitex is considered valid military service, as it is considered vital to the regime's efforts.”

The hackers warned, “Associating with regime terror financing and sanction violation infrastructure puts your assets at risk.”

Nobitex acknowledged the scope and impact of the attack and said as a precautionary measure access to its web and mobile app had been suspended.

At the time of writing, the Nobitex website remains inaccessible, and the exchange anticipates a phased and secure restoration of services will take up to five days.

CFPB Changes Prompt Regulatory Rethink For Financial Services

The US Consumer Financial Protection Bureau’s (CFPB) decision to withdraw dozens of guidance documents is unlikely to have a significant impact on compliance and legal teams as it is not official law or regulations, panellists on ����žž’s latest webinar suggested last week.

In May, the CFPB’s new leadership a variety of guidance documents published under the Biden administration, during which the regulator gained a reputation for taking an interventionist approach to financial regulation.

The move was unsurprising to most, given that it reflected the CFPB’s ongoing shift in approach since the second Trump administration.

However, what was significant was the volume of withdrawn guidance, which affected interpretive rules, advisory opinions, policy statements, bulletins, and circulars.

“We have been dealing with rescinded regulations for a while, but never to this volume,” said Cherud Wilkerson,former Chief Compliance Officer SVP, The First Bank, during ����žž’s webinar, Decoding the Rise of Deregulation in the US.

Speaking about “the sheer number that came down”, he stated that firms will need to look at the withdrawals from a risk perspective.

Wilkerson said that this includes looking at what regulations actually impact the company, and what has been done relative to when the guidance was relevant.

“We’re looking at each one and we’re applying a risk-based approach to whether it's a product or process.”

CFPB Changes Prompt Regulatory Rethink For Financial Services

The US Consumer Financial Protection Bureau’s (CFPB) decision to withdraw dozens of guidance documents is unlikely to have a significant impact on compliance and legal teams as it is not official law or regulations, panellists on ����žž’s latest webinar suggested last week.

In May, the CFPB’s new leadership a variety of guidance documents published under the Biden administration, during which the regulator gained a reputation for taking an interventionist approach to financial regulation.

The move was unsurprising to most, given that it reflected the CFPB’s ongoing shift in approach since the second Trump administration.

However, what was significant was the volume of withdrawn guidance, which affected interpretive rules, advisory opinions, policy statements, bulletins, and circulars.

“We have been dealing with rescinded regulations for a while, but never to this volume,” said Cherud Wilkerson,former Chief Compliance Officer SVP, The First Bank, during ����žž’s webinar, Decoding the Rise of Deregulation in the US.

Speaking about “the sheer number that came down”, he stated that firms will need to look at the withdrawals from a risk perspective.

Wilkerson said that this includes looking at what regulations actually impact the company, and what has been done relative to when the guidance was relevant.

“We’re looking at each one and we’re applying a risk-based approach to whether it's a product or process.”

India Telecoms Watchdog Rolls Out Digital Consent Initiative To Tackle Bank Fraud

India’s regulators are continuing to tackle fraud issues in the country with a new consent tool to crack down on spam going to consumers' phones.

The Telecom Regulatory Authority of India (TRAI) has launched a pilot project to test a new digital consent management system aimed at tackling the growing problem of spam calls and messages.

The initiative, developed in partnership with the Reserve Bank of India (RBI) and selected banks, follows a formal directive issued to telecom service providers on June 13, 2025.

The move by TRAI builds on a broader regulatory drive to tackle fraud and misuse of digital communications channels.

In January 2025, the RBI introduced a set of mandatory safeguards for banks, non-bank financial companies (NBFCs), and payment firms to protect customers from financial scams perpetrated via calls and SMS.

These safeguards include mandatory use of the Mobile Number Revocation List (MNRL), publication of verified customer service contact details on the government’s Sanchar Saathi platform, and adherence to TRAI’s commercial communications guidelines, including proper consent mechanisms and adherence to do not disturb (DND) preferences.

However, despite these measures, one of the persistent challenges has been the verification of customer consent for receiving commercial communications.

Many businesses continue to cite offline or unverifiable consent when challenged over unsolicited messages, and consumers often report that their data was acquired through deception or unauthorised sharing.

Under the Telecom Commercial Communications Customer Preference Regulations (TCCCPR), 2018, entities can send commercial messages to consumers if they have explicit consent, even if those consumers are registered on DND lists.

Automatic Pix Goes Live, Enabling Recurring Payments in Brazil

Pix, Brazil’s instant payments system, has introduced a recurring payments mechanism, aiming to simplify bill payments for consumers.

Automatic Pix, which today (June 16), will allow users to authorise payments for recurring services, such as utility bills, school fees, gym memberships, or streaming subscriptions, so that they are paid automatically on the scheduled due date.

The feature, developed by the Central Bank of Brazil (BCB), is intended to make recurring payments more convenient, secure, and inclusive for both consumers and businesses.

"Automatic Pix will be innovative, practical, easy to use for both the payer and the recipient, cheap and inclusive. On the agreed day, the payment will be made normally via Pix, without the payer having to worry. It will be good for everyone", said Breno Lobo, deputy head of the department of competition and financial market structure at the BCB.

Automatic Pix will be free for consumers, while charges for merchants will depend on arrangements with their payment service providers (PSPs).

The BCB has also confirmed that consumers will retain full control over their authorisations, stating that payments can be cancelled at any time, and that users will have access to a dedicated section in their bank’s app for managing recurring Pix payments.

Customers can also set maximum charge amounts, receive payment notifications, and view authorisation histories.

‍

Want to know more? 

Request a demo with one of our experts today to gain full access to the stories we cover - and much more - and start learning how you can make compliance a competitive advantage for your organisation.