New FCA Oversight for Third-Party Direct Debit Bureaus: What You Need to Know
In a significant regulatory development, the Financial Conduct Authority (FCA) has confirmed it will introduce a new supervisory framework for third-party Direct Debit bureaus starting October 2025. This marks the first time the FCA has sought to exert formal oversight over non-bank service providers who facilitate Direct Debit collections on behalf of businesses and charities.
This article explores the background, drivers, compliance requirements, and potential impact on the UK’s vast network of payment service providers and Facilities Management (FM) bureaus.
Why Now?
The move follows a growing number of consumer complaints related to:
- Misleading pre-authorisation practices
- Delayed refund processing
- Opaque billing terms and service value
- Unauthorised recurring mandates
Many of these issues have been traced to third-party bureaus acting as intermediaries between clients (e.g., gyms, charities, subscription businesses) and customers. Until now, these entities operated in a regulatory grey area, falling under Bacs and Pay.UK standards but largely outside the FCA’s direct line of sight.
“We are not seeking to constrain innovation,” said FCA Payments Policy Director Laura Fenton, “but we cannot allow unregulated facilitators to undermine consumer protection simply because they operate behind the scenes.”
What Are Third-Party Bureaus?
Direct Debit bureaus offer outsourced services to manage the collection, reconciliation, and reporting of Direct Debits on behalf of businesses. They typically fall into two categories:
- Submission Service Providers (SSPs)
These act on behalf of organisations that already have their own Service User Numbers (SUNs) - Facilities Management (FM) Providers
These use their own SUN to collect payments for hundreds or thousands of clients, making them the most exposed to regulatory and reputational risk
FM bureaus are especially prevalent in:
- Membership organisations (e.g., fitness clubs, social groups)
- Education and training services
- Online donations and fundraising
- Niche subscription services
What the New Rules Require
Under the new framework, FM bureaus and SSPs will be required to register as regulated Payment Institutions or agents of an authorised Payment Institution, subject to the following obligations:
- Enhanced Due Diligence
- Thorough KYC (Know Your Customer) checks on all client businesses
- Evidence that client services meet FCA’s Consumer Duty standards
- Client Screening and Onboarding
- Documented reviews of the value, clarity, and suitability of client services
- Periodic audits to verify ongoing compliance with Direct Debit Guarantee protections
- Consumer Transparency
- Standardised pre-collection communications with required disclosures
- Clear cancellation, refund, and contact policies visible to end users
- Complaint Management Protocols
- Must have independent, accessible complaint channels
- Required to respond to consumer concerns within 15 working days
- Data Sharing & Reporting
- Monthly data submissions on failed payments, refunds, cancellations
- Real-time alerts for any fraud or misrepresentation patterns detected in client activity
Transition Timeline
| Date | Milestone |
| Aug 2025 | Final FCA rulebook and guidance published |
| Oct 2025 | Mandatory registration begins |
| Jan 2026 | Enforcement period starts; non-compliant bureaus may be delisted |
| Jul 2026 | First FCA audit window opens for registered firms |
Implications for Clients
Companies relying on third-party bureaus will now need to:
- Reassess their providers: Are they registered? Do they meet the standards?
- Review their own onboarding flows: Are they passing FCA scrutiny via their supplier?
- Update contracts: Ensure SLAs and compliance clauses reflect the new obligations
For many SMEs, this may lead to increased costs or a switch to direct bank integration if their provider exits the market or narrows its client base.
What’s Next?
- The FCA is expected to roll out a public register of authorised DD bureaus by January 2026
- Bacs (now under Pay.UK) is preparing updated onboarding templates and compliance flags for sponsor banks
- Some banks may refuse to support unregulated FM bureaus by Q2 2026
Conclusion
The FCA’s move to regulate third-party Direct Debit bureaus reflects a wider shift in UK payments policy—one that prioritises consumer outcomes, transparency, and shared accountability across the payments ecosystem.
As FM bureaus begin adapting to a regulated future, businesses using Direct Debit services must now do their own due diligence or risk non-compliance, reputational harm, or even collection disruption.
