The payments regulatory landscape is undergoing its most significant transformation in a decade. New rules across AML, KYC, open banking, data protection and operational resilience are reshaping how banks, fintechs, acquirers and payment institutions operate across MENA, the GCC and Europe.
Mena Advisory provides expert guidance on navigating these changes, ensuring your business is compliant, future-ready and commercially positioned to benefit from the new regulatory environment.
KEY 2026 REGULATORY CHANGES
PSD3 & PSR (Europe)
The third Payment Services Directive (PSD3) and the accompanying Payment Services Regulation (PSR) come into force in 2026, replacing PSD2. Key changes include: stronger Strong Customer Authentication (SCA) requirements, expanded open banking data sharing obligations, tighter liability rules for authorised push payment (APP) fraud, clearer rules on IBAN name verification, and new licensing frameworks for payment and e-money institutions. We help European-licensed entities and MENA firms with EU operations understand their obligations and update their compliance frameworks accordingly.
AML 2026 — FATF Revisions & EU AML Package
The EU’s landmark AML Package — comprising the AML Regulation (AMLR), the 6th Anti-Money Laundering Directive (6AMLD) and the creation of AMLA (the new EU AML Authority) — introduces harmonised rules across all 27 EU member states. For payment institutions this means: stricter beneficial ownership verification, enhanced due diligence for high-risk customers and geographies, mandatory transaction monitoring thresholds, and real-time suspicious activity reporting. FATF continues to update its guidance on virtual assets, correspondent banking and de-risking. We help institutions align their AML programmes to the 2026 framework.
KYC Modernisation & Digital Identity
Regulators across MENA and Europe are accelerating the shift to digital KYC and eIDAS 2.0-compliant digital identity verification. The GCC is seeing harmonisation of KYC standards under the Gulf Financial Intelligence Unit (GFIU) framework. Key requirements include: biometric verification, liveness detection, automated document authentication, and re-KYC obligations for existing portfolios. We advise on selecting and implementing compliant digital KYC solutions and designing proportionate onboarding journeys.
DORA — Digital Operational Resilience Act
From January 2025, DORA requires all EU-regulated financial entities — including payment institutions, e-money institutions and critical third-party providers — to meet stringent operational resilience standards. This includes ICT risk management frameworks, incident classification and reporting, digital resilience testing, and third-party ICT provider due diligence. MENA firms with EU-regulated entities or EU-licensed subsidiaries must comply. We provide DORA readiness assessments and gap analysis.
ISO 20022 Migration
The global migration to ISO 20022 messaging standards for high-value payments (TARGET2, CHAPS, SWIFT) is accelerating. By 2026, most major payment corridors will require ISO 20022-compliant messages. For acquirers, issuers and corporate treasuries this means richer transaction data, improved fraud detection and straight-through processing. We help payment institutions plan and execute their ISO 20022 migration roadmap.
Open Banking & Data Sharing (MENA)
Saudi Arabia (SAMA), UAE (CBUAE) and Bahrain (CBB) have all launched open banking frameworks. 2026 will see significant expansion of API coverage, mandatory bank participation and new use cases including account-to-account (A2A) payments, variable recurring payments (VRP) and payment initiation. We help banks, fintechs and aggregators prepare their technical and commercial open banking strategies.
Instant Payments Regulation (EU)
The EU Instant Payments Regulation mandates that all EU payment institutions offer instant SEPA credit transfers (SCT Inst) at the same price as standard transfers. By 2026, full compliance is required. This creates both a compliance obligation and a commercial opportunity. We advise on instant payment scheme participation, liquidity management and product development.
HOW MENA ADVISORY CAN HELP
Our specialist team brings direct regulatory experience across MENA, GCC and European markets. We offer regulatory impact assessments, gap analysis, compliance programme design, vendor selection and implementation support — ensuring your business meets its 2026 obligations without disrupting commercial operations.
Contact us to discuss your 2026 regulatory readiness.