2026 compliance and payments trends from Aeropay’s Chief Risk & Compliance Officer
Payments
December 15, 2025
|
Aeropay Team
This article was written by the payments nerds at Aeropay. Our goal is to provide you with solid insights to help your business operationalize more efficient, value-focused payments.
Compliance is one of the most important, and complex, aspects of payments. To stay on top of compliance, businesses are balancing innovation, regulation, and risk in real time.
To stay on top of compliance, it's helpful to look at what's coming. We sat down with Aeropay’s Chief Risk & Compliance Officer, Geoffrey Scott, to discuss compliance trends in payments for 2026, from data-sharing rules and AI oversight to the future of embedded payments and what “best-in-class” compliance really means.
Geoffrey Scott: There are two that stand out. First, NACHA is introducing rules requiring all participants, not just banks, to conduct risk-based fraud monitoring. Historically, responsibility wasn’t as clear here with banks bearing most of that responsibility, and being able to decide the degree to which their third-party senders needed to follow suit. Starting next year, everyone does.
For businesses using Aeropay, it’s good news. We’re already operating at that standard, so it doesn’t change much directly, but will help reduce overall fraud across the network, benefiting everyone.
The other big one is CFPB Rule 1033 (in short, it’s about consumers’ rights to securely share their financial data with third parties), which is currently stayed. An interim final rule could be coming this month, so clarity could be coming soon. The main problems were with the inability of banks to charge for access and that rule didn’t clearly define liability. If something goes wrong, who’s responsible? That uncertainty has stalled progress, and we’re seeing banks like Chase begin to charge for data access while the rule remains in limbo. It’s a classic case of innovation outpacing regulation.
Geoff: Definitely. There’s a tug-of-war between federal and state regulators, especially with prediction markets like Kalshi and the CFTC’s role versus state gaming commissions. States are challenging federal preemption because there are fair legal challenges, they’re losing tax revenue and regulatory control, and their consumers could be less protected than they would be in regulated state markets. For its part, the CFTC has been allowing these sports contracts to proceed.
It’s a fascinating gray area, technically not sports gambling but close enough that it’s causing friction. Predictions represent a new market overall, with sports contracts presenting questions. This dilemma highlights how regulation often lags behind new financial models.
Geoff: I wouldn’t say there’s been a radical shift; if anything, enforcement resources are thinner. The CFPB, for instance, is operating with a pretty lean team right now. We’re also seeing generally more openness to embracing new technologies historically seen as risky, as shown by the OCC conditionally approving trust bank charters for five digital asset firms.
But NACHA’s new fraud-monitoring rules are an exception. They’re essentially saying, “everyone in the chain needs to be accountable.” It’s about increasing confidence in the system, especially as more payment methods gain traction and transaction windows shorten. The goal is faster detection and fewer surprises days after a transaction settles.
Geoff: It always comes back to culture. You need a clear tone from the top, leaders who take compliance seriously, and make thoughtful decisions around risk.
What’s changing is scope. A best-in-class team is thinking not just about the rules today, but about what those decisions will look like two or three years from now when the pendulum inevitably swings back toward tighter regulation.
In sectors like gaming or social wagering, there can be hundreds of permutations across states, each with its own requirements. You need systems and people who can keep pace with that complexity while maintaining judgment and flexibility.
Geoff: We try to be more transparent with merchants and partners than the law requires. There aren’t many formal rules that say you have to share X, Y, or Z with partners, but we make sure to share what will best help them keep their operations compliant.
It’s not about being perfect, it’s about being honest and consistent. That transparency builds long-term trust and makes compliance part of the customer experience.
Geoff: AI is both a blessing and a risk. The big question is accuracy: did I just save a thousand hours of research only to land on the wrong conclusion? That’s the tradeoff.
But when it works, it’s transformative. Tools such as AI-assisted policy review and automated risk scanning can help us process large volumes of information in hours rather than days. The real value is freeing our team from the box-checking work so we can focus on judgment, communication, and decision-making.
We’re already using machine learning for transaction modeling, fraud detection and document review. AI won’t replace compliance; it will elevate it if we use it responsibly.
Geoff: Almost always. The account-connection ecosystem, which aggregate and securely facilitate data sharing, have moved far ahead of formal guidance. The same is true with prediction markets and, of course, AI.
That gap creates opportunity and risk. It’s exciting for companies like Aeropay that are willing to navigate gray space responsibly, but it also means compliance has to be proactive, not reactive. You can’t wait for the rulebook to catch up.
Geoff: One possibility: Payments companies gain more direct access to the Federal Reserve ACH Network, through initiatives like “skinny accounts” or potential national trust bank charters. That could create significant opportunities for companies like ours to operate more independently, improve margins, and assume greater risk and reward.
Geoff: Most of these rules exist for good reasons. It’s easy to see compliance as red tape, but look back at why these rules are written: privacy violations, unfair lending, and inaccurate interest calculations, to name a few. These aren’t arbitrary.
I’d estimate eighty to ninety percent of regulation is well-intentioned. The trick is to apply it effectively without sacrificing the ability to innovate.
Geoff: We’re built for readiness. If new account options or bank charters open up, we’ll be in a better position than most to access them because we already have the documentation, controls, and culture in place.
We’re creative and careful simultaneously. That’s rare. Our goal is to support growing markets responsibly, to find ways to say “yes” when others default to “no,” while still protecting the integrity of the system.
Compliance may not grab headlines, but as Geoff puts it, it’s what keeps innovation grounded.
In a year where payments, AI, and regulation will collide more than ever, staying proactive and principled could be the defining edge.