Pillar Guide
FCA Register Audit: Which iGaming PSPs Actually Hold UK Authorization
We ran all 20 UK-claiming payment providers in our catalog against the FCA's own register files. Ten brands hold a real EMI, eight are PI-only with very different permission sets, one is a bank branch, and one has been trading on a UK authorization that was cancelled in 2024.
Editorial Team
VerifiediGaming Payment Solutions
Every payment provider selling into UK gambling says some version of the same sentence: we are FCA-authorised. The sentence is doing far more work than it looks like, because the register behind it contains at least five different things that sentence can mean, from a full e-money institution that holds client funds to a payment-initiation firm that never touches money at all, and the marketing pages do not volunteer which one applies. So we checked. We ran all 20 providers in our catalog whose compliance rows name the FCA against the Financial Services Register itself, entity by entity, permission by permission, and resolved each brand to what the regulator's own files say.
The headline: ten brands hold a genuine e-money institution authorization, eight hold payment institution status with permission sets that range from full acquiring down to initiation-only, one operates as a bank branch, and one has been carrying a UK credential that the register shows as cancelled since July 2024. That last one includes a correction to our own catalog, which is the point of doing audits like this in public.
Register snapshot: July 13, 2026
The register's firm pages are an application the reader queries one name at a time; the auditable channel is the FCA's own downloadable register files (e-money firms, PSD firms, agents, and per-firm permissions), refreshed daily. Every status below comes from those files as of close of business July 13, 2026. Authorizations change; the classes and the method of checking are what carry forward.
Five things get called "FCA-authorised." They are not the same thing.
An Authorised Electronic Money Institution is the heavyweight class: it can issue e-money, hold client funds under safeguarding rules, and typically carries the full permission alphabet including acquiring and remittance. If a provider runs wallets or holds merchant balances in the UK, this is the authorization that makes it lawful.
An Authorised Payment Institution moves money without issuing it. The class label tells you less than the permission list underneath, because an API can hold anything from a full acquiring-and-remittance set down to two permissions. The two that matter most in this catalog: permission 5 (acquiring and issuing of payment instruments) is what a card-side processor needs, and permissions 7 and 8 (payment initiation and account information) are the open-banking pair.
A PIS/AIS-only firm is the case operators misread most. It is a real FCA authorization, and the firm saying "FCA-authorised" is telling the truth, but the permission set means it initiates payments from the player's bank account and reads account data; it cannot hold a single pound of anyone's money. That is not a weakness, it is the design, and it changes the counterparty math completely: there is no safeguarding question because there are no funds to safeguard.
A credit institution branch is a bank passporting in under a banking authorization, a different rulebook entirely. And an EMD agent provides e-money services on a principal's license: the authorization, and the safeguarding obligation, belong to someone else.
The audit sorts all 20 providers into those boxes, and the sorting is where the surprises live.
The register: entity by entity
The table is the audit. Brand names are marketing; the register speaks in legal entities, so the middle column is the one to read.
| Brand | Legal entity on the register | FRN | Class (Jul 13, 2026) | Reading |
|---|---|---|---|---|
| Nuvei | Nuvei Financial Services Ltd | 994233 | Authorised EMI (2024) | Full set incl. acquiring; ex-SafeCharge PI (789900) cancelled Jan 2025 after the EMI migration |
| Paysafe | Skrill Ltd | 900001 | Authorised EMI (2018) | Full set incl. PIS and AIS, the widest permission list in this audit |
| Paysafe | Paysafe Financial Services Ltd | 900015 | Authorised EMI (2018) | The Neteller entity |
| Paysafe | Prepaid Services Company Ltd | 900021 | Authorised EMI (2018) | The paysafecard UK entity |
| Worldpay | Worldpay (UK) Ltd | 1031413 | Authorised EMI (Nov 2025) | New EMI granted weeks before the Global Payments close; three legacy PI entities (incl. FRN 530923 with acquiring) still live |
| Adyen | Adyen N.V. | 779800 | Credit institution, UK branch | The only bank-branch model in the set |
| Trustly | Trustly UK Ltd | 1005703 | Authorised PI (2024) | Acquiring/issuing, remittance, PIS and AIS on the local subsidiary; the Swedish parent is not on the UK register |
| emerchantpay | eMerchantPay Ltd | 900778 | Authorised EMI (2018) | Full set; old PI cancelled 2017 |
| AstroPay | Larstal Ltd | 901001 | Authorised EMI (2019) | The name "AstroPay" does not appear on the register; a voluntary requirement, varied in July 2025, sits on the firm's record |
| TrueLayer | TrueLayer Ltd | 901096 | Authorised EMI (2020) | Full set plus PIS and AIS |
| PXP Financial | PXP Financial Ltd | 504318 | Authorised PI (2018) | Permissions 1-6 incl. acquiring; no EMI |
| Noda | Naudapay Ltd | 832969 | Authorised PI (2019) | See below: the entity has separated from the brand and announced a UK wind-down |
| Volt | Volt Technologies Ltd | 982594 | Authorised EMI (Aug 2023) | Full set plus PIS/AIS; the Holdings entity (925340) is a parallel PIS/AIS-only PI |
| Yaspa | Yaspa Ltd | 826720 | Authorised PI (2019, as Citizen) | PIS and AIS only: initiates payments, holds no funds |
| Trust Payments | TrustUk Payments Ltd | 932557 | Authorised PI (2021) | Acquiring/issuing plus remittance; "Trust Payments Ltd" is not a register name, and the group's acquiring core sits in Malta |
| MiFinity | MiFinity UK Ltd | 900090 | Authorised EMI (2018) | Full set |
| Checkout.com | Checkout Ltd | 900816 | Authorised EMI (2018) | Full set; 2Checkout (UK), PSD-revoked, is an unrelated namesake |
| Worldline | Worldline Merchant Services UK Ltd | 978429 | Authorised PI (2023) | Incl. acquiring; the Belgian entity's post-Brexit permissions are cancelled |
| Latpay | Lateral Payment Solutions Ltd | 912498 | Authorised PI (2020) | Permissions 1, 3, 5; Lapay UK Ltd (914920) is an unrelated near-namesake |
| Xace | XACE Ltd | 948213 | Authorised PI (2022) | Accounts and remittance, no acquiring permission; e-money services run as EMD agent of Modulr FS (900573) |
| PPRO | PPRO Financial Ltd | 900029 | Authorised EMI (2018) | Full set |
| Paramount Commerce | — | — | Not found | The group's UK entity, Citadel Commerce UK Ltd (575193), shows as cancelled July 12, 2024; no active authorization since |
10 / 8 / 1 / 1
EMI brands / PI-only / bank branch / no active UK authorization, of 20 audited
Twelve EMI legal entities across the ten brands. No current Small EMI, registered-only AISP, or appointed-representative arrangements in the set. Fifteen of our 75 catalog providers claim UKGC-facing support; the twenty audited here are those whose compliance rows name the FCA specifically.
The one that failed the check, and our own correction
Paramount Commerce is the audit's clean failure. The Canadian Interac specialist's UK footprint ran through Citadel Commerce UK Limited, and the register shows that authorization cancelled on July 12, 2024, with nothing replacing it: searches across the brand name, the Citadel entity, and the group's iDebit and Instadebit product names return no active UK record. That is a fact about UK authorization, not about the company's Canadian business, which operates under FINTRAC registration and Payments Canada membership as before. But until this audit, our own provider card listed "FCA (Citadel UK)" among Paramount's active credentials, two years after the register stopped supporting the claim. We corrected the card the day the audit ran. A catalog that publishes register audits gets audited by them first, and that cuts exactly the way it should.
The zombie row: when the register says yes and the business says no
Noda is the audit's most instructive case, because the register alone gets it wrong in the other direction. Naudapay Limited shows as a fully authorised payment institution with a healthy permission list, and a reader stopping there would conclude the Noda brand has a live UK license. The entity's own regulatory notice says otherwise: Naudapay has separated from the Noda brand, announced an orderly wind-down of its UK operations in late 2025, and is not onboarding customers or accepting new payment volume. The register row is real; the business it described has left.
The lesson generalizes. A register is a statement about legal permission, not about operational reality, and the gap runs both ways: Paramount's marketing outlived its authorization, while Naudapay's authorization is outliving its business. Due diligence needs both documents, the register record and the counterparty's own current statements, and a date on each.
Permissions are the read, not the class
Put Skrill and Yaspa side by side and the audit's central point makes itself. Both are FCA-authorised, and both sentences are true. Skrill Limited holds the full permission alphabet, e-money issuance through account information, and can hold player and merchant funds under safeguarding. Yaspa Limited holds two permissions, payment initiation and account information, and cannot hold funds at all: it fires the pay-by-bank instruction and steps out of the flow. For a gambling operator these are different products, different counterparty exposures, and different questions in a due-diligence file, yet the marketing phrase that describes them is identical.
The same read applies inside the audit's quieter rows. Xace's own authorization covers accounts and remittance but not acquiring, with its e-money services running on Modulr's license as an EMD agent, which its catalog entry, to its credit, has always disclosed plainly. Volt carries both shapes at once: a full EMI on the operating entity and a legacy PIS/AIS-only registration on the holding company, two register rows that mean different things under one brand. And Worldpay's fresh EMI, granted November 19, 2025 with three legacy PI entities still live, reads as licensing restructuring timed to the Global Payments acquisition that closed in January: the register logged the reorganization weeks ahead of the closing announcement.
How to run this check yourself
The register rewards a specific reading order, and it takes minutes per provider. Search the legal entity, not the brand, because Larstal will not surface under "AstroPay" and TrustUk will not surface under "Trust Payments"; the contracting entity on your agreement is the name to look up. Read the permission list, not the status line, since "Authorised" answers whether a firm may operate and the permissions answer what it may do with your money. Check for requirements and restrictions on the record, the way Larstal's voluntary requirement flags a history a status line hides. And date-stamp what you find, because this audit's two headline findings, a cancelled authorization still being claimed and a live authorization outliving its business, are both facts about time.
The same exercise, run against the EU's crypto regime, is our MiCA CASP register audit; the two are companion pieces in the same discipline of reading registers by entity instead of by logo. The standing rules the authorizations plug into, safeguarding, UK deposit-limit mechanics, and the wider compliance stack, sit in their own guides. Authorization is the floor under all of it, and as of July 13, 2026, you have the floor plan for all twenty UK-facing providers in this catalog, with the sources one click away.
Sources (7)
- 01FCA: Financial Services Register (firms, permissions, and daily data downloads)
- 02FCA: the Financial Services Register, what it shows and how to use it
- 03FCA: payment services and electronic money regulations hub
- 04FCA register: Naudapay Limited firm record (FRN 832969)
- 05Naudapay Limited: regulatory notice on brand separation and UK wind-down
- 06Companies House: Naudapay Limited (11741664)
- 07Noda: company page (the brand side of the Naudapay separation)