Skip to content
iGaming Payment SolutionsiGaming Payment Solutions

Pillar Guide

FCA Register Audit: Which iGaming PSPs Actually Hold UK Authorization

We ran all 20 UK-claiming payment providers in our catalog against the FCA's own register files. Ten brands hold a real EMI, eight are PI-only with very different permission sets, one is a bank branch, and one has been trading on a UK authorization that was cancelled in 2024.

Editorial Team

Verified

iGaming Payment Solutions

Deep-diveUpdated

Every payment provider selling into UK gambling says some version of the same sentence: we are FCA-authorised. The sentence is doing far more work than it looks like, because the register behind it contains at least five different things that sentence can mean, from a full e-money institution that holds client funds to a payment-initiation firm that never touches money at all, and the marketing pages do not volunteer which one applies. So we checked. We ran all 20 providers in our catalog whose compliance rows name the FCA against the Financial Services Register itself, entity by entity, permission by permission, and resolved each brand to what the regulator's own files say.

The headline: ten brands hold a genuine e-money institution authorization, eight hold payment institution status with permission sets that range from full acquiring down to initiation-only, one operates as a bank branch, and one has been carrying a UK credential that the register shows as cancelled since July 2024. That last one includes a correction to our own catalog, which is the point of doing audits like this in public.

Five things get called "FCA-authorised." They are not the same thing.

An Authorised Electronic Money Institution is the heavyweight class: it can issue e-money, hold client funds under safeguarding rules, and typically carries the full permission alphabet including acquiring and remittance. If a provider runs wallets or holds merchant balances in the UK, this is the authorization that makes it lawful.

An Authorised Payment Institution moves money without issuing it. The class label tells you less than the permission list underneath, because an API can hold anything from a full acquiring-and-remittance set down to two permissions. The two that matter most in this catalog: permission 5 (acquiring and issuing of payment instruments) is what a card-side processor needs, and permissions 7 and 8 (payment initiation and account information) are the open-banking pair.

A PIS/AIS-only firm is the case operators misread most. It is a real FCA authorization, and the firm saying "FCA-authorised" is telling the truth, but the permission set means it initiates payments from the player's bank account and reads account data; it cannot hold a single pound of anyone's money. That is not a weakness, it is the design, and it changes the counterparty math completely: there is no safeguarding question because there are no funds to safeguard.

A credit institution branch is a bank passporting in under a banking authorization, a different rulebook entirely. And an EMD agent provides e-money services on a principal's license: the authorization, and the safeguarding obligation, belong to someone else.

The audit sorts all 20 providers into those boxes, and the sorting is where the surprises live.

The register: entity by entity

The table is the audit. Brand names are marketing; the register speaks in legal entities, so the middle column is the one to read.

BrandLegal entity on the registerFRNClass (Jul 13, 2026)Reading
NuveiNuvei Financial Services Ltd994233Authorised EMI (2024)Full set incl. acquiring; ex-SafeCharge PI (789900) cancelled Jan 2025 after the EMI migration
PaysafeSkrill Ltd900001Authorised EMI (2018)Full set incl. PIS and AIS, the widest permission list in this audit
PaysafePaysafe Financial Services Ltd900015Authorised EMI (2018)The Neteller entity
PaysafePrepaid Services Company Ltd900021Authorised EMI (2018)The paysafecard UK entity
WorldpayWorldpay (UK) Ltd1031413Authorised EMI (Nov 2025)New EMI granted weeks before the Global Payments close; three legacy PI entities (incl. FRN 530923 with acquiring) still live
AdyenAdyen N.V.779800Credit institution, UK branchThe only bank-branch model in the set
TrustlyTrustly UK Ltd1005703Authorised PI (2024)Acquiring/issuing, remittance, PIS and AIS on the local subsidiary; the Swedish parent is not on the UK register
emerchantpayeMerchantPay Ltd900778Authorised EMI (2018)Full set; old PI cancelled 2017
AstroPayLarstal Ltd901001Authorised EMI (2019)The name "AstroPay" does not appear on the register; a voluntary requirement, varied in July 2025, sits on the firm's record
TrueLayerTrueLayer Ltd901096Authorised EMI (2020)Full set plus PIS and AIS
PXP FinancialPXP Financial Ltd504318Authorised PI (2018)Permissions 1-6 incl. acquiring; no EMI
NodaNaudapay Ltd832969Authorised PI (2019)See below: the entity has separated from the brand and announced a UK wind-down
VoltVolt Technologies Ltd982594Authorised EMI (Aug 2023)Full set plus PIS/AIS; the Holdings entity (925340) is a parallel PIS/AIS-only PI
YaspaYaspa Ltd826720Authorised PI (2019, as Citizen)PIS and AIS only: initiates payments, holds no funds
Trust PaymentsTrustUk Payments Ltd932557Authorised PI (2021)Acquiring/issuing plus remittance; "Trust Payments Ltd" is not a register name, and the group's acquiring core sits in Malta
MiFinityMiFinity UK Ltd900090Authorised EMI (2018)Full set
Checkout.comCheckout Ltd900816Authorised EMI (2018)Full set; 2Checkout (UK), PSD-revoked, is an unrelated namesake
WorldlineWorldline Merchant Services UK Ltd978429Authorised PI (2023)Incl. acquiring; the Belgian entity's post-Brexit permissions are cancelled
LatpayLateral Payment Solutions Ltd912498Authorised PI (2020)Permissions 1, 3, 5; Lapay UK Ltd (914920) is an unrelated near-namesake
XaceXACE Ltd948213Authorised PI (2022)Accounts and remittance, no acquiring permission; e-money services run as EMD agent of Modulr FS (900573)
PPROPPRO Financial Ltd900029Authorised EMI (2018)Full set
Paramount CommerceNot foundThe group's UK entity, Citadel Commerce UK Ltd (575193), shows as cancelled July 12, 2024; no active authorization since

10 / 8 / 1 / 1

EMI brands / PI-only / bank branch / no active UK authorization, of 20 audited

Twelve EMI legal entities across the ten brands. No current Small EMI, registered-only AISP, or appointed-representative arrangements in the set. Fifteen of our 75 catalog providers claim UKGC-facing support; the twenty audited here are those whose compliance rows name the FCA specifically.

The one that failed the check, and our own correction

Paramount Commerce is the audit's clean failure. The Canadian Interac specialist's UK footprint ran through Citadel Commerce UK Limited, and the register shows that authorization cancelled on July 12, 2024, with nothing replacing it: searches across the brand name, the Citadel entity, and the group's iDebit and Instadebit product names return no active UK record. That is a fact about UK authorization, not about the company's Canadian business, which operates under FINTRAC registration and Payments Canada membership as before. But until this audit, our own provider card listed "FCA (Citadel UK)" among Paramount's active credentials, two years after the register stopped supporting the claim. We corrected the card the day the audit ran. A catalog that publishes register audits gets audited by them first, and that cuts exactly the way it should.

The zombie row: when the register says yes and the business says no

Noda is the audit's most instructive case, because the register alone gets it wrong in the other direction. Naudapay Limited shows as a fully authorised payment institution with a healthy permission list, and a reader stopping there would conclude the Noda brand has a live UK license. The entity's own regulatory notice says otherwise: Naudapay has separated from the Noda brand, announced an orderly wind-down of its UK operations in late 2025, and is not onboarding customers or accepting new payment volume. The register row is real; the business it described has left.

The lesson generalizes. A register is a statement about legal permission, not about operational reality, and the gap runs both ways: Paramount's marketing outlived its authorization, while Naudapay's authorization is outliving its business. Due diligence needs both documents, the register record and the counterparty's own current statements, and a date on each.

Permissions are the read, not the class

Put Skrill and Yaspa side by side and the audit's central point makes itself. Both are FCA-authorised, and both sentences are true. Skrill Limited holds the full permission alphabet, e-money issuance through account information, and can hold player and merchant funds under safeguarding. Yaspa Limited holds two permissions, payment initiation and account information, and cannot hold funds at all: it fires the pay-by-bank instruction and steps out of the flow. For a gambling operator these are different products, different counterparty exposures, and different questions in a due-diligence file, yet the marketing phrase that describes them is identical.

The same read applies inside the audit's quieter rows. Xace's own authorization covers accounts and remittance but not acquiring, with its e-money services running on Modulr's license as an EMD agent, which its catalog entry, to its credit, has always disclosed plainly. Volt carries both shapes at once: a full EMI on the operating entity and a legacy PIS/AIS-only registration on the holding company, two register rows that mean different things under one brand. And Worldpay's fresh EMI, granted November 19, 2025 with three legacy PI entities still live, reads as licensing restructuring timed to the Global Payments acquisition that closed in January: the register logged the reorganization weeks ahead of the closing announcement.

How to run this check yourself

The register rewards a specific reading order, and it takes minutes per provider. Search the legal entity, not the brand, because Larstal will not surface under "AstroPay" and TrustUk will not surface under "Trust Payments"; the contracting entity on your agreement is the name to look up. Read the permission list, not the status line, since "Authorised" answers whether a firm may operate and the permissions answer what it may do with your money. Check for requirements and restrictions on the record, the way Larstal's voluntary requirement flags a history a status line hides. And date-stamp what you find, because this audit's two headline findings, a cancelled authorization still being claimed and a live authorization outliving its business, are both facts about time.

The same exercise, run against the EU's crypto regime, is our MiCA CASP register audit; the two are companion pieces in the same discipline of reading registers by entity instead of by logo. The standing rules the authorizations plug into, safeguarding, UK deposit-limit mechanics, and the wider compliance stack, sit in their own guides. Authorization is the floor under all of it, and as of July 13, 2026, you have the floor plan for all twenty UK-facing providers in this catalog, with the sources one click away.

Sources (7)

  1. 01FCA: Financial Services Register (firms, permissions, and daily data downloads)
  2. 02FCA: the Financial Services Register, what it shows and how to use it
  3. 03FCA: payment services and electronic money regulations hub
  4. 04FCA register: Naudapay Limited firm record (FRN 832969)
  5. 05Naudapay Limited: regulatory notice on brand separation and UK wind-down
  6. 06Companies House: Naudapay Limited (11741664)
  7. 07Noda: company page (the brand side of the Naudapay separation)