Search
Choose a style
Dark
Light
Time to read: 6 min

Buy Now Pay Later: From checkout convenience to regulated activity

Hand with shopping cart and hand with credit card. Shopping time and buying with a credit card. Buy now pay later. Ecommerce sales and sale of goods, online trading platforms
Image: Shutterstock

Helen Simm, Partner, Browne Jacobson, examines how the FCA’s upcoming regulation of buy now, pay later will reshape the market and what lenders and merchants must do now to prepare for the new compliance landscape.

Helen Simm
Helen Simm, Partner at Browne Jacobson. Image credit: Browne Jacobson

Buy now, pay later (BNPL) has evolved from a niche payment option into a mainstream feature, commonly offered at online checkouts. According to the Payments Association, BNPL now accounts for 7% of the country’s ecommerce transactions.

Its appeal is well understood. It offers consumers a straightforward way to manage cash flow at the point of purchase, and retailers a way to increase conversion. That attractiveness has driven rapid adoption across the market. 

From 15 July 2026, however, BNPL lenders will operate under full FCA oversight. Consumers will acquire statutory rights, including the right to withdraw, access to the Financial Ombudsman Service, and the benefit of Section 75 joint liability. In the current unregulated landscape, these do not exist. The obligations arising from the new framework are structural, not cosmetic.

The perimeter and timeline

Businesses offering BNPL must first establish whether their product falls within the new regulated perimeter. 

The new regime targets interest-free, deferred payment agreements offered by third-party lenders at the point of sale. Where credit is offered directly by a merchant rather than a third-party lender, the merchant exemption is likely to apply, meaning no FCA authorisation is required. This warrants early analysis.

The implementation timetable is demanding. The temporary permissions regime opens for registration on 15 May 2026 and closes on 1 July, a six-week window. Firms then have six months to apply for full FCA authorisation. Businesses must design and embed compliant frameworks, train frontline staff, restructure product documentation, and prepare authorisation applications, all whilst managing ongoing operations and customer commitments.

My advice is consistent: begin with a structured gap analysis against the FCA’s requirements, prioritise affordability and vulnerability frameworks, where regulatory scrutiny will be sharpest, and treat the authorisation application as a parallel workstream, not a subsequent one.

Affordability obligations

The requirement to conduct proportionate affordability assessments is a hard legal obligation, enforceable by the FCA through the full range of supervisory and disciplinary tools available to it, including supervisory notices, variation or cancellation of permission, skilled person reviews under section 166 of the Financial Services and Markets Act 2000, and, in serious cases, public censure and financial penalties. Proportionality is not a concession to commercial convenience; it is a calibrated standard, assessed by reference to each firm’s customer base and product offering.

The challenge for BNPL providers is familiar: the commercial proposition rests on speed and ease of use. Inserting meaningful creditworthiness assessments into that journey without materially disrupting the user experience is a genuine challenge to product and legal design. What the FCA will not accept is the position that commercial necessity justifies superficial assessment. Firms will need to document their methodology, evidence their decision-making logic, and demonstrate that their frameworks are genuinely designed to prevent lending to consumers who cannot repay. Organisations must consider not only whether a process is defensible, but whether it is auditable under scrutiny.

Consumer Duty and customer vulnerability 

The extension of the Consumer Duty to BNPL brings obligations that extend well beyond individual transactions. Firms must identify customers in vulnerable circumstances, adapt their engagement accordingly, and signpost access to free debt advice where appropriate. The FCA’s 2024 Financial Lives Survey indicates that 20% of UK adults used BNPL in the twelve months to May 2024, a market spanning a wide range of ages, income levels, and financial literacy. Within that population, the incidence of vulnerability is material.

The Consumer Duty requires firms to deliver demonstrably good outcomes, not merely to avoid regulatory breaches. It reframes the compliance question from “did we follow the rules?” to “can we demonstrate that our customers were well served?” For boards and senior managers, this is a personal accountability framework as much as a corporate one. FCA authorisation also triggers the Senior Managers and Certification Regime, under which designated individuals carry personal liability for failures within their area of responsibility, making governance allocation an immediate priority.

Section 75: lenders inherit the merchant’s risk

One of the most commercially significant consequences of BNPL regulation is the application of Section 75 of the Consumer Credit Act 1974. 

Where agreements fall within the regulatory perimeter, lenders become jointly and severally liable with retailers for purchases between £100 and £30,000 in cases of breach of contract or misrepresentation, provided the required creditor/supplier nexus exists. For firms operating across large merchant networks, this is a structural shift in liability exposure. Merchant agreements, indemnity provisions, and underwriting criteria will need to be reviewed and, in many cases, renegotiated. Pricing and contractual frameworks need to reflect the changed risk position.

FOS Access, complaints, and the two-tier book

From July, BNPL consumers will have access to the Financial Ombudsman Service for the first time. FOS determinations are binding up to a maximum award of £430,000 for complaints referred on or after 1 April 2024, and complaint patterns will inform FCA supervisory activity. Firms should build complaints frameworks capable of generating reliable management information, to identify systemic issues internally before they attract external attention.

Beyond that, legal and compliance teams must manage a two-tier customer base: pre-July agreements remain unregulated; post-commencement agreements are fully regulated. Different obligations apply to each, and inadvertent conflation carries regulatory risk.

The firms best placed to navigate this transition will treat it as a business transformation programme, engaging at board level from the outset, rather than a compliance exercise bolted on at the end.


Helen Simm is a regulatory lawyer specialising in financial services regulation and financial crime. She represents corporates and individuals at all stages of regulatory investigation and enforcement. Helen has particular expertise in consumer credit. She advises on compliance and due diligence in relation to AML, sanctions and fraud. 

Simm has spent her career representing clients being investigated and prosecuted by the Serious Fraud Office (SFO), Financial Conduct Authority (FCA), Crown Prosecution Service (CPS), Health and Safety Executive (HSE) and Environment Agency (EA). In particular, she is instructed on matters related to bribery, money laundering and fraud. She is experienced in investigations with a cross-border element.

Subscribe to our newsletter