Finance is one of the most heavily regulated industries on the planet. There's a reason for that.

It's not bureaucracy for bureaucracy's sake. It's YMYL – Your Money, Your Life. When things go wrong in financial services, people lose their homes, their savings, their retirements. The 2008 financial crisis wiped out $12.8 trillion in household wealth. FTX's collapse vaporized $8 billion in customer funds overnight.

The rules exist because the stakes are existential.

Welcome to Fintech Brainfood. This is a free weekly newsletter created by Simon Taylor covering all the latest happenings in financial services. You can subscribe by clicking below

In the US alone:

Every agency has jurisdiction over some slice of the pie. The complexity isn't a bug – it's a feature of a system that added a new agency for every crisis.

Post-Brexit, the UK runs a "twin peaks" model. Two regulators, two mandates:

Firms supervised by the PRA for prudential soundness are also supervised by the FCA for conduct. Dual regulation by design. Smaller firms — payment providers, consumer credit companies, fintechs — answer to the FCA alone (these are "solo-regulated firms").

The FCA also regulates crypto. As of February 2026, the FCA finalized rules bringing Buy Now Pay Later under its supervision. They've been expanding the perimeter steadily — crypto marketing rules arrived in 2023, and the regulatory net keeps widening.

The EU layers national regulators on top of supranational authorities. Four key bodies:

The EU's crypto landmark is MiCA (Markets in Crypto-Assets Regulation). Fully applicable since December 2024. It's arguably the most comprehensive crypto regulatory framework anywhere in the world. One license, passportable across all 27 member states — a single set of rules replacing what was previously a patchwork of national regimes (or no regime at all).

Stablecoin issuers need e-money licenses, exchanges need CASP (Crypto-Asset Service Provider) authorization, and the travel rule mandates identity data on every crypto transfer. Grandfathering periods vary by country — the Netherlands cut it short at mid-2025, while France and Malta gave firms until July 2026.

Every country, every jurisdiction, every agency reflects the crises it lived through. The US has the most regulators because it had the most bank failures. The EU built MiCA because member states were regulating crypto 27 different ways (or not at all). Singapore centralized because a city-state can't afford bureaucratic sprawl.

🇺🇸 Money Transmitter License (MTL) – The most common starting point in the US. If you're moving money on behalf of customers, you need this. 50 states, 50 applications, 50 different requirements. Some companies spend $1-2 million and 18+ months just getting licensed.

🇪🇺 Payment Institutions & EMIs: The UK equivalent is FCA authorization as a payment institution or e-money institution. The EU has a similar framework under PSD2 (Payment Services Directive). Singapore's PSA license. Same concept everywhere — different paperwork, different timelines, different fees.

🇺🇸 Banking Charter: The gold standard. With a full banking charter, you can take deposits, make loans, and access the central bank's payment rails directly. In the US, since 2008, new bank formation dropped from 1,000 per year to roughly 6 per year. In the UK, the PRA has chartered a handful of digital banks (Monzo, Starling, Atom), but the bar is extraordinarily high. In Singapore, MAS awarded digital bank licenses to Grab-Singtel (GXS) and Sea Limited (MariBank) — two in total.

🇺🇸 ILC (Industrial Loan Charter) – A US-specific structure. An Industrial Loan Charter is a state-chartered bank that receives FDIC insurance but isn't subject to the Bank Holding Company Act. Utah has 15 of the 24 ILCs in the US and holds 85% of ILC assets. This is why companies like Block (Square's parent) run significant lending operations through Utah. No real equivalent exists elsewhere — it's a uniquely American regulatory artifact.

🇺🇸 National Trust Charter is a federal charter granted by the OCC that allows an institution to operate as a trust bank — it can hold and manage assets in a fiduciary capacity (custody, wealth management, asset servicing) but typically cannot take traditional deposits or make commercial loans. This is the route companies like Anchorage Digital took to become a federally chartered digital asset bank, and it's increasingly relevant as crypto custodians and tokenization platforms seek a direct regulatory relationship with the OCC rather than relying on state-by-state licensing. T Think of it as a banking charter scoped specifically for non-lending services.

Most fintechs don't start with their own charter. They "rent" one from a sponsor bank.

The model works like this: a small, FDIC-insured bank agrees to be the legal bank behind a fintech's product. The fintech builds the app, acquires customers, and handles the technology. The sponsor bank provides the regulatory wrapper, the FDIC insurance, and access to payment rails.

This is primarily a US phenomenon. In the UK, the FCA's e-money institution license lets fintechs operate directly without needing a bank sponsor (Revolut operated under an EMI license for years before pursuing a full banking charter). In the EU, MiCA now provides a direct licensing path for crypto firms. Singapore's PSA license similarly removes the need for a banking middleman for payment services.

Then things went wrong.

The Synapse bankruptcy in 2024 showed what happens when the US sponsor model breaks down. A middleware company collapsed, and suddenly nobody could figure out which customer funds were where.

The BaaS model didn't fail because it was inherently bad. It failed because the oversight didn't match the complexity. Now we're seeing a flight to quality. The largest fintechs are going straight to the regulators for their own charters.

Is it de-banking or de-risking?

It's both.

Put down your pitchfork for a second. Two things can be true simultaneously:

The UK's FCA has been aggressive about de-risking too — banks have exited entire categories of customers deemed high-risk rather than invest in better compliance. In the EU, correspondent banking relationships have been cut across entire regions. The pattern repeats everywhere: when regulatory pressure increases, banks default to blunt instruments because nuanced risk management is expensive.

Good founders and legitimate businesses have had their accounts closed purely based on their industry. That's real, and it's a problem.

But also: much of crypto was genuinely problematic, and pretending otherwise doesn't help.

The truth gets lost in slanging matches. What we need isn't to fight about the past – it's to bring fintech and crypto inside the regulatory perimeter properly. MiCA is one attempt. Singapore's PSA licensing framework is another. The US is still figuring it out — which is arguably why the de-banking problem has been worst there.