Cross-Border Payment Regulations 2026: Licensing & Market Access in EU, LATAM, Asia

Launching a payment business in a single country is a licensing exercise. Launching one across borders is a regulatory strategy problem. In 2026, a company that wants to move money between the EU, Latin America, and Asia must deal with at least three distinct regulatory philosophies: Europe’s harmonized-but-uneven PSD2/MiCA framework, Latin America’s fragmented mix of innovation (Brazil’s PIX) and restriction (Argentina’s capital controls), and Asia’s spectrum from Singapore’s clarity to India’s fortress-like entry barriers.

The promise of harmonization — “one license, one market” — is real in Europe but nowhere else. And even within the EU, our research found a 4× gap between the fastest and slowest licensing processes, despite identical statutory timelines. MiCA was supposed to unify crypto regulation, but two member states have stalled entirely, creating an accidental regulatory arbitrage that benefits early movers.

We built this research to answer a practical question: if you are a B2B payment company deciding where to license, what infrastructure to integrate, and which markets to enter first, what does the regulatory landscape actually look like on the ground — not on paper?

The answer is based on data from 90+ official sources across 22 countries, collected directly from regulatory authority websites, the Baker McKenzie Global Financial Services Regulatory Guide, and ECB Payment Statistics. We deliberately excluded provider marketing materials and affiliate comparison sites.

Key Findings

MiCA implementation gap: 8 of 10 surveyed EU countries have enacted MiCA legislation. Portugal and Belgium face legislative stalls — domestic crypto providers there have no compliance pathway, yet EU-licensed CASPs can serve both markets via passporting.

Licensing timelines vary 4×: Sweden processes PI applications in ~3 months; Spain and Italy take 6–12 months. All operate under the same statutory 3-month PSD2 framework. The gap is procedural, not legal.

India has the highest entry cost: Payment Aggregator net worth requirement (INR 15 crore ≈ EUR 1.6M) is 4.5× the EU EMI threshold — and local incorporation is mandatory.

Real-time payments are near-universal: Every surveyed country now operates an instant payment system, from Japan’s Zengin (1973) to Colombia’s Bre-B (launched September 2025). The question is no longer whether real-time rails exist, but how accessible they are to foreign providers.

EU passporting is the most efficient multi-market strategy: One license covers 27+ countries. In Asia, Singapore is the clearest gateway. In LATAM, Brazil is non-negotiable — PIX has become the standard, and BCB accreditation is now required for all payment institutions.

Methodology

This research covers 22 countries across three regions: EU (Germany, France, Spain, Italy, Netherlands, Poland, Sweden, Ireland, Portugal, Belgium), Latin America (Brazil, Mexico, Argentina, Colombia, Chile, Peru), and Asia-Pacific (Singapore, Hong Kong, Japan, India, Thailand, Philippines).

For each country, we collected licensing requirements, capital thresholds, real-time payment infrastructure data, foreign company access rules, and crypto regulation status. All data was sourced on February 20, 2026 from official regulatory authority websites, the Baker McKenzie Global Financial Services Regulatory Guide (2025-2026), ECB Payment Statistics (H2 2024), and specialist law firm publications from Freshfields, Skadden, and CMS.

We applied three deliberate exclusions: no payment provider marketing materials (conflict of interest), no affiliate comparison sites (often outdated), and no sources older than 18 months (except foundational legislation). Market access difficulty ratings (Low / Medium / High) were classified based on local incorporation requirements, foreign ownership restrictions, capital control complexity, and practical barriers like local director mandates and documented processing times.

Important limitations: Financial regulations change frequently. Some capital requirements in LATAM and Asia are available only in local-language documents — we note these gaps explicitly. SEPA Instant country-level adoption rates are not in public ECB press releases (only the interactive Data Portal). This research is for informational purposes only and does not constitute legal or financial advice. Always verify with the relevant regulator before making licensing decisions.

The EU Landscape: PSD2, MiCA & SEPA Instant

On paper, the EU should be the easiest region for cross-border payment expansion. PSD2 harmonized capital requirements across all member states: EUR 20,000–125,000 for Payment Institutions (depending on the scope of services) and EUR 350,000 for Electronic Money Institutions. One license in any EU country enables passporting to all 27+ EEA members — no additional applications, no separate capital, no local subsidiaries needed. For a company targeting multiple European markets, this remains the most capital-efficient approach in the world.

But harmonization on paper does not mean uniformity in practice. Our analysis of all 10 surveyed EU jurisdictions reveals that the gap between regulation and reality is wider than most providers expect.

EU Licensing Framework

Key finding: Every EU country shares the same statutory 3-month review period under PSD2. Yet actual licensing timelines range from ~3 months (Sweden) to 6–12 months (Spain, Italy). The difference is entirely procedural: pre-application meetings, information requests, and regulator capacity. For a company planning its launch timeline, this means the jurisdiction you choose can shift your go-live date by 6+ months — with no difference in legal requirements.

Notice something in the table: the fastest regulators (Sweden’s Finansinspektionen, Poland’s KNF) are not the largest financial centers. Meanwhile, Spain and Italy — major target markets — have the longest processing times. This creates an obvious strategy: license in a fast-processing jurisdiction like Sweden or Poland, then passport into your actual target markets. The cost is the same. The time saved can be substantial.

Non-EU companies face an additional constraint: PSD2 Article 11(1) requires applicants to establish a legal entity (subsidiary) in an EU member state. Branches of third-country firms do not qualify. This means the “where to incorporate” decision is also the “where to license” decision — and choosing wrong can cost months.

MiCA Implementation: The Unintended Arbitrage

The Markets in Crypto-Assets Regulation (MiCA) was designed to create a unified EU-wide crypto framework. It has partially succeeded — but our analysis reveals an 18-month spread in national adoption timelines that has created an unintended regulatory arbitrage: countries that moved first now have a licensing advantage over those that did not.

The Netherlands and Poland were first to implement (June 2025). Germany issued its first MiCA CASP licenses in January 2025. Meanwhile, Portugal and Belgium have stalled entirely — neither has passed national implementing legislation, and in Belgium, no VASPs are currently registered. The practical consequence: a crypto-asset service provider licensed in the Netherlands can serve customers in Portugal and Belgium via passporting, while Portuguese and Belgian domestic providers have no pathway to compliance at all.

If you are planning a combined fiat + crypto offering, the implication is clear: license in an early-adopting jurisdiction (Germany, Netherlands, Ireland) and use passporting to reach late adopters. Waiting for your target market to implement MiCA is a competitive disadvantage.

SEPA Instant: From Optional to Mandatory

SEPA Instant Credit Transfer (SCT Inst) is undergoing a fundamental shift from market-driven adoption to regulatory mandate. EU Regulation 2024/886 requires all PSPs to support instant payments — with compliance deadlines of January 2025 for sending and October 2025 for receiving.

Despite this mandate, adoption remains uneven. As of H2 2024, SCT Inst represented approximately 16% of all euro-denominated credit transfers across the eurozone (ECB Payment Statistics). Country-level data is not available in public press releases — only through the ECB Data Portal interactive tool — which makes benchmarking difficult for individual markets.

What this means practically: if you are building a payment product for the EU market in 2026, SEPA Instant is not a feature — it is infrastructure. Your provider, your technical stack, and your compliance framework all need to support it from day one.

For businesses that need to receive and send payments across the EU without building this infrastructure themselves, providers like 2payapp offer multi-currency accounts with SEPA Instant, SWIFT, and ACH built in — handling the regulatory layer so you can focus on your core product.

Latin America: PIX, Capital Controls & Emerging Frameworks

If the EU is a story of harmonization with uneven execution, Latin America is a story of divergence. The six countries in our study represent three distinct regulatory realities: a mature, innovation-driven framework (Brazil), emerging but structured regimes (Mexico, Chile), and high-friction environments where capital controls and regulatory uncertainty make direct licensing impractical for most foreign entrants (Argentina, Colombia, Peru).

What separates LATAM countries from each other is less about regulation and more about infrastructure. Brazil’s PIX has reshaped how money moves in the country, processing billions of instant transactions annually. Meanwhile, Peru does not have a dedicated instant payment system at all — it relies on wallet interoperability (Yape and Plin) layered over traditional clearing infrastructure. The gap between these two economies, separated by a single border, illustrates why “LATAM strategy” is a misleading term. Each country demands its own approach.

Brazil: The Regional Standard-Setter

Brazil is not just the largest LATAM economy — it is the region’s regulatory template. PIX, launched in November 2020, has become the default payment method for consumers and businesses alike, with settlement in seconds, 24/7/365. What makes PIX distinctive is not the technology (instant payment rails exist elsewhere) but the Central Bank’s willingness to mandate participation. As of 2026, all payment institutions must apply for BCB accreditation to operate within PIX between January and May 2026. Non-authorized institutions connecting via PSTI face a BRL 15,000 per-transaction limit — effectively excluding them from B2B use cases.

Take a concrete example: a European SaaS company receiving subscription payments from Brazilian clients. With PIX integration, settlement is instant and fees are minimal. But the company must first work through BCB’s licensing framework (EMI or SPI Participant), comply with LGPD (Brazil’s data protection law), and meet capital requirements tied to transaction volume — not a fixed threshold. The volume-based approach is unusual globally and can work in favor of early-stage entrants: you do not need EUR 350,000 upfront like in the EU. But as transaction volume grows, capital requirements scale with it.

Brazil’s regulatory ambition extends to crypto. BCB Resolutions 519-521 (November 2025) establish a formal VASP framework under Law 14,478/2022, making Brazil one of few LATAM countries with clear crypto licensing. For companies building combined fiat + crypto products, Brazil and the EU (via MiCA) are currently the only regions in our study where both layers are regulated under a single coherent framework.

The Capital Controls Challenge: Argentina, Colombia, Peru

The remaining three high-barrier countries — Argentina, Colombia, and Peru — share a common challenge: capital controls that affect not just licensing but day-to-day operations.

In Argentina, the central bank (BCRA) imposes foreign exchange access restrictions that affect which rate businesses can use for conversions. A payment company licensed as a PSP-OCOAP can process domestic transactions, but moving funds cross-border at the official rate means dealing with a shifting set of BCRA regulations. The Transferencias 3.0 instant payment system (launched 2020) works domestically, but cross-border utility is limited by these FX constraints.

Colombia launched its instant payment system Bre-B in September 2025 — the newest in our study. Transaction volume data is not yet published, making it impossible to assess adoption. The SEDPE licensing framework exists for electronic payment companies, but a pending crypto bill (Bill 510/2025) was still under Congressional discussion as of November 2025, leaving digital asset services in regulatory limbo.

Peru has the weakest payment infrastructure in our dataset: no dedicated instant payment system exists. Yape (BCP) and Plin (Interbank/BBPS) provide wallet interoperability over existing clearing infrastructure (CCE/BCRP rails), but this is not equivalent to PIX or UPI. The EEDE (electronic money issuer) license exists, but detailed capital requirements are available only in Spanish-language SBS documents.

For all three markets, our assessment is consistent: partnership models with locally licensed entities are more practical than direct licensing for most foreign entrants. The regulatory and operational overhead of direct entry exceeds the benefit unless you have significant local transaction volume to justify it.

That dynamic explains the growing interest in payment orchestration platforms across LATAM — they let businesses route transactions through locally licensed partners while maintaining a single operational layer.

Asia-Pacific: Two Extremes and Everything Between

Calling Asia-Pacific a “region” is generous. It is six countries with six different answers to the same question: who can handle other people’s money? The six countries in our study span the full spectrum of market accessibility: from Singapore, where a foreign company can incorporate and obtain a payment license with no ownership restrictions and a clear public process, to India, where the same company must establish a local subsidiary, meet net worth requirements equivalent to EUR 1.6 million, and work with documentation that is primarily in Hindi or the local language of the relevant state.

Understanding Asia-Pacific requires thinking in terms of corridors, not countries. Singapore’s PayNow is linked bilaterally with Thailand’s PromptPay and India’s UPI — creating instant payment corridors that bypass traditional SWIFT infrastructure. A company licensed in Singapore can access three major Asian economies through a single hub. This corridor approach is the closest equivalent to EU passporting that exists outside Europe.

Singapore: Where Regulation Is a Competitive Advantage

Singapore’s Monetary Authority (MAS) has turned regulatory clarity into an economic strategy. Under the Payment Services Act 2019, there are no foreign ownership restrictions for Major Payment Institution (MPI) or Standard Payment Institution (SPI) licenses. MAS maintains a comprehensive, searchable public registry (Financial Institutions Directory) — unlike several Asian regulators that publish license lists only as PDF documents. The regulatory sandbox program allows companies to test products with real users before committing to full licensing.

The bigger draw is cross-border connectivity. PayNow (launched 2017) is linked with Thailand’s PromptPay and India’s UPI through bilateral agreements. For a B2B payment company, a Singapore MPI license combined with PayNow connectivity provides instant payment access to three of Asia’s fastest-growing economies — without requiring separate licenses in each country for basic remittance services.

The trade-off is cost. Singapore is not a low-capital jurisdiction: MPI base capital starts at SGD 250,000 (approximately EUR 170,000), and ongoing compliance requirements are rigorous. If you can absorb the upfront cost, the return is a credible, internationally recognized license that opens doors across the region.

India: The Fortress Market

India combines the world’s most successful instant payment system with some of its highest entry barriers. UPI (Unified Payments Interface), launched in 2016, has become arguably the most successful instant payment system in the world — processing over 100 billion transactions in recent years, with near-universal adoption among urban consumers and growing rural penetration.

Getting in is another matter. Payment Aggregators must be incorporated in India under the Companies Act — foreign entities must establish wholly owned subsidiaries, which requires going through the Department for Promotion of Industry and Internal Trade (DPIIT) framework. The net worth requirement of INR 15 crore (approximately EUR 1.6 million) is the highest in our study — 4.5 times the EU EMI threshold. And unlike the EU, there is no passporting: a license in India covers only India.

For crypto services, India is effectively off-limits. The 30% tax on crypto gains plus 1% TDS (Tax Deducted at Source) on all crypto transactions, introduced in 2022, has not been repealed. While crypto is not banned, the tax regime makes most business models unviable. Anyone building combined fiat + crypto offerings should look elsewhere — Singapore, the EU, or Brazil.

The bottom line on India: if your business depends on Indian transaction volume (remittances to India, merchant acquiring for Indian e-commerce), the investment in local licensing is unavoidable. If India is a “nice to have” market, the regulatory and capital burden likely outweighs the opportunity. Consider partnership with a locally licensed PA as an alternative to direct licensing.

The Rest of Asia-Pacific: Japan, Thailand, Philippines

Japan is modernizing its payment framework. The June 2025 PSA amendments expanded the definition of payment services to include cross-border payment clearing, now requiring fund transfer licenses. Japan’s Zengin system (1973) is the oldest instant payment system in our study — reliable but archaic by modern standards. Foreign companies can register, but detailed requirements are primarily available in Japanese-language FSA guidelines. Expect a longer setup process and budget for Japanese-speaking legal counsel.

Thailand’s PromptPay (2016) is well-integrated domestically, but foreign companies face an additional hurdle: companies with more than 49% foreign ownership must obtain a Foreign Business License (FBL) from the Department of Business Development. At least one director must be a Thai national residing in Thailand. The e-payment license categories and their capital requirements are defined in Thai-language BOT notifications — English translations are incomplete.

The Philippines is the surprise in our dataset: BSP allows 100% foreign ownership for Operator of Payment System (OPS) registration, with no restriction. InstaPay (2018) provides instant payments, and BSP’s digital transformation roadmap targets 50% of retail payments to be digital. If you need an Asia-Pacific market with low entry barriers and a growing digital payments ecosystem, the Philippines is worth a close look alongside Singapore and Hong Kong.

One common pattern we see: businesses serving Asian markets without establishing local entities in each country start with a European-licensed account as their operational base, then use payment corridors like PayNow-UPI for settlement into specific Asian economies.

Market Access: What “Entry Difficulty” Actually Means

Every country in our study allows foreign companies to participate in its payment ecosystem — none have outright bans. But “allowed” and “practical” are different things. We classified entry difficulty based on four factors: whether local incorporation is required, foreign ownership restrictions, capital control complexity, and documented processing friction (local director mandates, language barriers, undisclosed timelines).

Low Barrier — local subsidiary sufficient, clear documented process:
Singapore Hong Kong Philippines EU (via passporting)
The path from “decision to enter” to “licensed and operational” is well-documented, available in English, and can be completed by a competent legal team without local political connections.

Medium Barrier — additional requirements, local directors, FX considerations:
Brazil Mexico Chile Japan Thailand
These markets are accessible but require local expertise. A local law firm is not optional — it is essential.

High Barrier — FDI caps, capital controls, opaque or evolving processes:
India Argentina Peru Colombia
Direct licensing in these markets is a strategic commitment, not a tactical choice. Partnership with a local licensed entity is typically the first-best option.

Strategic pattern: The lowest-barrier jurisdictions (Singapore, EU, Hong Kong) also have the strongest regulatory reputations. A license from MAS or an EU regulator carries credibility that facilitates partnerships in harder-to-enter markets. That correlation is not accidental. Transparent regulation attracts the companies that build ecosystem trust.

The Cost of Getting It Wrong

Regulatory non-compliance in payments is not a theoretical risk — it carries concrete financial and criminal penalties that can end a business:

EU: Operating without PSD2 authorization is a criminal offense in most member states. Germany’s BaFin can impose fines up to EUR 5 million for unauthorized payment services. Under DORA (effective January 2025), ICT compliance failures can result in fines of up to 2% of total annual worldwide turnover.

Singapore: Under the Payment Services Act, providing unlicensed payment services carries fines up to SGD 250,000 and/or imprisonment of up to 3 years. MAS has publicly revoked licenses for non-compliance with AML requirements.

Brazil: Unauthorized operation in the financial system is a criminal offense under Law 7,492/1986, with imprisonment of 2–8 years. BCB’s administrative penalties include fines and revocation of operating authority.

India: The RBI can impose monetary penalties under the Payment and Settlement Systems Act 2007 and direct immediate cessation of unauthorized operations.

Lessons from Real Market Entry Decisions

Case A: EU-first SaaS Company Expanding to Brazil

A mid-size B2B SaaS company (200 employees, EUR 30M ARR) licensed in the Netherlands needed to accept subscription payments from Brazilian clients. Their initial plan was to obtain a direct BCB license — estimated timeline: 12–18 months, legal costs: USD 150K+, capital requirements: variable but significant.

The revised approach: they maintained their Dutch EMI license as the primary hub, partnered with a locally licensed Brazilian payment institution for PIX integration, and used their EU license credibility to negotiate better terms with the local partner. Result: operational in Brazil within 4 months instead of 18. Total cost: approximately USD 40K in integration and legal fees. The trade-off was slightly higher per-transaction costs through the partner — but with break-even at roughly 3× their current Brazilian revenue, direct licensing only made sense after substantial growth.

Case B: Asian Fintech Entering the EU via the Wrong Jurisdiction

A Singapore-based payments fintech (50 employees, processing SGD 500M annually) chose Spain for their EU licensing because their largest prospective client was Spanish. The application, filed in Q1 2025, was still pending after 10 months — well beyond the statutory 3-month PSD2 review period. During this time, two competitors licensed in Lithuania and Ireland had already passported into Spain and signed the target client.

The company eventually pivoted: they filed a parallel application in Ireland (processed in ~6 months), received their license, and passported into Spain. Total delay from the original strategic error: approximately 8 months. Estimated revenue impact: EUR 2–3M in delayed contract execution. The lesson: where you license and where you operate are separate decisions, and optimizing for licensing speed almost always trumps optimizing for regulatory proximity to your first client.

Capital Requirements: The Hidden Market Filter

Capital requirements are often treated as a line item — a cost of doing business. In practice, they function as a market access filter. The gap between India’s INR 15 crore (EUR 1.6M) for a Payment Aggregator license and Brazil’s volume-based approach is not just financial — it reflects very different regulatory philosophies about who should be allowed to handle other people’s money.

The EU’s harmonized EUR 350,000 for EMI is a deliberate design choice: high enough to ensure operational resilience, low enough not to exclude well-capitalized fintech startups. It provides certainty — you know the number before you start.

India’s approach is different in kind, not just degree. The INR 15 crore net worth requirement for Payment Aggregators (approximately EUR 1.6 million) is 4.5 times the EU EMI threshold — and this is a net worth requirement, not just initial capital. It must be maintained continuously. Combined with mandatory local incorporation, this effectively limits the Indian PA market to companies with significant backing or existing local operations.

Brazil takes a third approach: volume-based capital requirements. You start with lower capital and scale as transaction volume grows. This is friendlier to early-stage entrants but creates a different kind of planning challenge — your capital needs are a function of success, not a fixed upfront cost.

Singapore (SGD 250,000+ for MPI) and Hong Kong (case-by-case for SVF) sit in between. Singapore’s approach is transparent and documented. Hong Kong’s case-by-case assessment provides flexibility but reduces predictability — you may not know your capital requirement until well into the application process.

Crypto & VASP Regulation: Three Worlds

Crypto regulation across our 22 countries falls into three distinct categories — and the category a country occupies determines whether combined fiat + crypto products are viable there.

The “Regulated” category is where combined fiat + crypto products are viable. MiCA provides the broadest framework: a company can hold a PI license for fiat services and a CASP authorization for crypto services, both from a single regulator, passportable across the EU. Singapore’s PSA 2019 and Japan’s FSA framework offer comparable clarity, though without cross-border portability. Brazil’s BCB Resolutions 519-521 (November 2025) are the newest addition — making LATAM’s largest economy the first in the region with a comprehensive crypto licensing framework.

The “Grey Zone” is the riskiest position. Mexico, Colombia, Peru, Thailand, and the Philippines all have some form of crypto activity but lack clear licensing frameworks. Operating in these markets means accepting regulatory uncertainty — your legal basis could change with a single legislative act.

India’s “Restricted” status needs a closer look. Crypto is not banned — but the 30% tax on gains plus 1% TDS on every transaction, introduced in 2022, has made most crypto business models uneconomical. This is regulation through taxation rather than prohibition. Until the tax regime changes, India is effectively a fiat-only market for payment companies.

Decision Framework: Choosing Your Jurisdiction

The data in this research supports a decision framework based on three variables: primary market, product scope (fiat-only vs. fiat + crypto), and time-to-market requirements.

Q1: What is your primary market?

→ EU / Europe: License in Germany, Netherlands, or Ireland. All three have MiCA live, practical timelines of 4–9 months, and strong English-language documentation. Sweden is fastest (~3 months) but smaller as a financial hub. Avoid Spain/Italy for initial licensing — 6–12 month timelines. Passport to your target markets after. For operational banking in the EU, providers like 2payapp offer multi-currency accounts with SEPA Instant built in.

→ Latin America: Brazil first — PIX integration is essential and BCB accreditation is now mandatory. Mexico second (SPEI provides the oldest and most stable real-time rails in the region). For Argentina, Colombia, Peru: start with a local licensed partner, not direct licensing.

→ Asia-Pacific: Singapore as hub — MAS clarity, no FDI caps, PayNow cross-border links to Thailand and India. Add India only if your business model depends on Indian volume. Philippines is underrated: low barriers, 100% foreign ownership, growing digital payments.

Q2: Do you handle crypto/virtual assets?

→ Yes: EU: Combined PI + CASP license under MiCA. Asia: Singapore (PSA) or Japan (JVCEA). LATAM: Brazil (BCB framework). Avoid India for crypto services.

→ No: Standard PI/EMI licensing. Focus on real-time payment rail integration: SEPA Instant (EU), PIX (BR), UPI (IN), PayNow (SG).

Q3: What is your timeline?

→ Fast (3–6 months): EU: Sweden (~3m) or Poland (3–6m) for PI licensing — passport to target markets immediately. Singapore: MAS processes MPI in 3–6 months. For any other jurisdiction, consider launching as an agent of an existing licensee while your own application is processed.

→ Standard (6–12 months): Most jurisdictions achievable at this pace: Germany (4–5m), Netherlands (6–9m), Ireland (~6m), France (3–6m). Brazil and Mexico are feasible with local legal support. India requires the longest lead time — plan 12+ months including subsidiary incorporation.

Checklist: 10 Regulatory Due Diligence Questions

Before committing capital and legal resources to a new jurisdiction, these questions help identify deal-breakers early:

1. Is local incorporation mandatory? In 15 of our 22 countries, foreign companies must establish a local legal entity. The exceptions (EU passporting, Philippines OPS) are significant advantages.
2. What is the practical licensing timeline — not the statutory one? Our data shows up to 4× gaps between stated and actual timelines. Ask law firms for recent case data, not regulator brochures.
3. What are the capital requirements — and are they fixed or variable? Fixed (EU, Singapore) provides planning certainty. Variable (Brazil) creates uncertainty that scales with success.
4. Does the regulator publish a searchable public registry? Registries signal regulatory maturity. Their absence (Thailand, parts of LATAM) often correlates with less transparent processes.
5. Are there foreign ownership restrictions or local director mandates? Thailand requires a Thai national director. India mandates local incorporation. These constraints affect corporate structure decisions.
6. What FX and capital controls apply? Argentina, Colombia, and Peru impose controls that affect not just licensing but daily fund movement. This is an operational constraint, not just a regulatory one.
7. Is the instant payment infrastructure open to licensed non-banks? PIX (Brazil), UPI (India), and SEPA Instant (EU) are open. Others may limit direct participation to banks.
8. What is the crypto/VASP regulatory status? If you plan combined fiat + crypto services, only “Regulated” jurisdictions (EU, Singapore, Japan, Brazil) offer clear licensing paths.
9. Are regulatory documents available in English? Japan, Thailand, Peru, and Argentina have significant documentation only in local languages. Budget for legal translation.
10. What happens to client funds if your license is suspended? Safeguarding rules vary. EU PSD2 mandates fund segregation. Some Asian and LATAM jurisdictions have weaker protections.

Outlook: What Changes in 2026–2027

Payment regulation does not stand still. Based on the data in this research and active legislative processes, here are the developments most likely to change the picture within the next 12–18 months:

EU: PSD3 and the PSR

The Payment Services Directive 3 (PSD3) and Payment Services Regulation (PSR) are expected to advance through the EU legislative process. PSD3 will upgrade to a regulation (directly applicable, no national transposition needed) for core payment rules, potentially eliminating the implementation gaps we documented for MiCA. For providers already licensed under PSD2, the transition period and grandfathering rules will be critical — watch for European Commission timelines.

LATAM: Brazil’s Accreditation Deadline

May 2026 is the deadline for all Brazilian payment institutions to apply for BCB accreditation under the PIX framework. Companies that miss this window face the BRL 15,000 per-transaction limit — effectively exclusion from B2B use cases. This is the single most consequential LATAM regulatory event in 2026.

Asia: India’s PA Directions Update

The RBI issued updated Payment Aggregator Directions in September 2025 (RBI/DPSS/2025-26/141). The full implications of these updated directions are not yet assessed in our data. Companies with existing PA licenses or applications should review the updated requirements. Japan’s June 2025 PSA amendments — extending licensing to cross-border payment clearing services — will also create new compliance obligations for existing operators.

Global: Cross-Border Instant Payment Links

The bilateral PayNow-PromptPay and PayNow-UPI linkages are proof of concept for a trend: real-time cross-border payment corridors that bypass SWIFT. If additional corridors emerge (SEPA-to-PIX, PayNow-to-InstaPay), the strategic value of hub jurisdictions like Singapore and the EU will increase further. Watch for announcements from BIS, MAS, and the ECB on multilateral linkage initiatives.

Data freshness note: This research reflects regulations as of February 2026. The most volatile areas are: Brazil (BCB accreditation deadlines), EU (MiCA transitional periods ending), and India (updated PA Directions). We recommend quarterly review for these jurisdictions.

Frequently Asked Questions

What license do I need to process payments in the EU?

You need a Payment Institution (PI) license or an Electronic Money Institution (EMI) license — the choice depends on whether you issue e-money. PI capital ranges from EUR 20,000 to EUR 125,000; EMI requires EUR 350,000. One EU license enables passporting across all 27+ EEA countries. If you plan to offer crypto-asset services, you also need CASP authorization under MiCA.

Can a non-EU company get a payment license in Europe?

Not directly — you must establish a local subsidiary. PSD2 Article 11(1) requires applicants to incorporate a legal entity in an EU member state. Branches of third-country firms do not qualify. Once licensed in one country, you can passport services across the entire EEA. For practical steps on opening accounts and establishing an EU presence, see our EU business account guide.

Which countries have implemented MiCA regulation?

Eight out of ten surveyed EU countries have implemented MiCA as of February 2026. Germany (Dec 2025), France (Jul 2026 deadline), Spain (Jun 2026), Italy (Dec 2025), Netherlands (Jun 2025), Poland (Jun 2025), Sweden (Sep 2025), and Ireland (Dec 2025) are all live. Portugal and Belgium have stalled — neither has passed national implementing legislation.

What is PIX and how does it work for businesses?

PIX is Brazil’s instant payment system — real-time transfers 24/7/365 with settlement in seconds. Launched in November 2020 by the Central Bank of Brazil (BCB), it supports QR code payments, payment links, and API integration. All payment institutions must now apply for BCB accreditation to operate within PIX. Non-authorized institutions face a BRL 15,000 per-transaction limit.

What are the easiest countries to enter for a foreign payment company?

The EU (via passporting), Singapore, Hong Kong, and the Philippines are the easiest markets. One EU license covers 27+ countries. MAS in Singapore allows 100% foreign ownership. Hong Kong has no foreign ownership cap. Philippines allows full foreign ownership for OPS registration. The hardest markets are India, Argentina, Peru, and Colombia.

How long does it take to get a payment license?

Sweden is fastest at approximately 3 months for PI licensing. Most EU jurisdictions take 3–9 months in practice. Spain and Italy can take 6–12 months. Singapore’s MAS typically processes MPI applications in 3–6 months. Timelines in LATAM and Asia vary significantly.

What compliance costs should I budget for?

Budget for capital requirements (EUR 20K–1.6M depending on jurisdiction), application fees, ongoing AML program and reporting costs, local entity setup, DORA ICT compliance in the EU, and professional indemnity insurance for AISP/PISP services. For a typical EU PI license, expect total first-year costs of EUR 150K–300K including legal fees.

How much does a payment license cost in Singapore?

SGD 250,000 (approximately EUR 170,000) in base capital for a Major Payment Institution (MPI) license. MAS charges no upfront application fee, but ongoing compliance costs — AML program, annual audits, regulatory reporting — typically add SGD 100,000–200,000 per year. Singapore allows 100% foreign ownership, and processing takes 3–6 months.

Can I use PIX as a foreign company?

Yes, but BCB accreditation is mandatory. You must establish a local entity in Brazil and obtain an EMI or SPI Participant license. The accreditation window runs January–May 2026. Without it, the BRL 15,000 per-transaction limit makes B2B use cases unviable. Many foreign companies start by partnering with a locally licensed institution.

What is DORA and how does it affect payment companies?

DORA (Digital Operational Resilience Act) is an EU regulation effective from January 2025 requiring all financial entities to implement ICT risk management frameworks. Key requirements include incident reporting within 4 hours, resilience testing, and third-party ICT provider oversight. Non-compliance fines can reach 2% of annual worldwide turnover.

What are the penalties for operating without a payment license?

Severe, and often criminal. In most EU member states, unauthorized payment services are a criminal offense — Germany’s BaFin can impose fines up to EUR 5 million. Singapore’s PSA carries fines up to SGD 250,000 and/or up to 3 years imprisonment. In Brazil, unauthorized financial operations can result in 2–8 years imprisonment.

Sources & Methodology Appendix

Primary Sources by Region

EU Regulatory Authorities: BaFin (Germany), ACPR (France), Banco de España, Banca d’Italia, DNB (Netherlands), KNF (Poland), Finansinspektionen (Sweden), Central Bank of Ireland, Banco de Portugal, NBB/FSMA (Belgium).

LATAM Regulatory Authorities: Banco Central do Brasil, CNBV / Banxico (Mexico), BCRA (Argentina), SFC (Colombia), CMF (Chile), SBS / BCRP (Peru).

Asia-Pacific Regulatory Authorities: MAS (Singapore), HKMA (Hong Kong), FSA/JFSA (Japan), RBI (India), BOT (Thailand), BSP (Philippines).

Cross-Jurisdiction References: Baker McKenzie Global Financial Services Regulatory Guide (2025-2026), ECB Payment Statistics H2 2024, Freshfields MiCA Grandfathering Analysis, FintechArbor MiCA Country Implementation Tracker, Skadden MiCA Update (July 2025).

Data Gaps

Documented gaps include: SEPA Instant country-level adoption rates (ECB Data Portal only), several LATAM/Asia capital amounts (local-language sources), Colombia Bre-B volume data (system launched Sept 2025), and Peru crypto bill parliamentary status.

Update Policy

This research will be updated when major regulatory changes occur, quarterly for fast-moving jurisdictions (Brazil, India, Singapore), and annually for stable jurisdictions (EU core, Japan).

Need Help Navigating These Regulations?

2payapp provides multi-currency business accounts with SEPA Instant, SWIFT, and ACH — handling the regulatory infrastructure so your business can operate across the EU, UK, and beyond. If you’re evaluating market entry strategies discussed in this research, talk to our team about how we can simplify the operational layer.

Disclaimer: This research is for informational purposes only and does not constitute legal, financial, or regulatory advice. All data was collected from public sources on February 20, 2026 and may not reflect subsequent regulatory changes. Always verify directly with the relevant regulatory authority or qualified legal counsel before making licensing decisions.

Research by: Artem Fedorov, Head of Compliance at 2payapp | Data as of: February 20, 2026 | Countries: 22 | Sources: 90+

© 2026 2payapp. This research may be cited with attribution.