Pay-by-bank, tokenization, and the UK national payments vision: Paul Horlock, Santander UK

In 2017, the UK payments industry published a blueprint to rebuild the country’s retail payment rails. The New Payments Architecture was meant to deliver more competition, faster innovation, and better outcomes for customers. The thinking was reasonable and widely shared. Delivery proved harder than the design.

Building the rail was an engineering problem. Agreeing on what it was for, and who would fund it, was not. That second problem, the commercial and governance one, is the part Paul Horlock watched most closely.

Horlock was CEO of Pay.UK from 2017 to 2021, running the operator at the center of the New Payments Architecture, the body charged with delivering it. Before that he led payments at Nationwide and ran global payment processing at Barclays. He has been Chief Payments Officer at Santander UK since 2021, after 25 years in payments.

“The uncomfortable truth,” he says, “is that infrastructure transformation, or the intention to complete it, on its own does not create market transformation.” Ahead of Payments Unleashed EMEA in London, where he joins the main-stage panel on sovereignty without fragmentation, he set out where that leaves the UK: what banks have actually aligned on, where they still diverge, and the one investment he would defend for the long term.

When the program launched, the industry expected new messaging standards and central infrastructure to carry most of the change. They did not.

The part that gets underestimated, he says, is the cost of running old and new systems side by side for years. “Every delay extends the period where banks are funding legacy resilience, regulatory change, and future architecture simultaneously,” he says. “That is not sustainable indefinitely, certainly without a commercial model.” Waiting for a single, all-at-once replacement carries its own risk.

The National Payments Vision is framed differently. Rather than one central build, it coordinates work across fraud, identity, data sharing, resilience, and competition policy. The Bank of England’s emphasis on a sustainable commercial model, as he reads it, fits that: several infrastructure options developing in parallel.

“At Santander UK, and increasingly across the industry, the focus is shifting from ‘what is the new rail?’ to ‘what customer and economic problems are we solving?’” he says. “That is the right lesson.”

Banks have aligned most where acting alone would cost every one of them.

“Fraud is the clearest example,” Horlock says. Authorized push payment reimbursement, mule account controls, Confirmation of Payee, and intelligence sharing have driven much deeper collaboration. Operational resilience is the other. “Nobody competes on systemic instability.” There is broad agreement, too, on ISO 20022, richer transaction data, moving more processing to the cloud, and digital identity that can work across providers.

Banks diverge where the economics are unsettled, and pay-by-bank is the clearest case. Everyone backs the idea, but the economics differ by bank: how much card revenue it would give up, what it would cost to build, who owns the customer relationship. Banks also differ on what they want to be. Some aim to be platforms, some utilities, some fully integrated providers, and that choice drives how much each one puts into APIs and embedded finance.

As UK banking consolidates, including Santander’s acquisition of TSB, Horlock expects more pressure to standardize core infrastructure and resilience, and to compete instead on service and customer experience. “I think that balance becomes increasingly important over the next five years.”

Santander runs across many regulatory regimes at once, which makes this a daily decision. “Standardize the capability globally, localize the control points,” Horlock says.

Regulatory sovereignty is real, he says, whether it shows up as data residency, fraud obligations, consumer protection, or cloud rules. But building each market independently means paying for the same thing many times and giving customers a different experience in each place. Some of those differences are required by local law; others are just legacy habit.

Some things can be built once and reused: fraud models, engineering and cloud standards, card tokenization. Others have to change by market: customer protections, scheme rules, reimbursement frameworks, local payment methods. The approach he favors is to reuse those shared pieces and adapt locally rather than rebuild everything market by market. Santander’s own example is Getnet, the group’s global cards platform, and its Payment Hub, both of which the UK builds on rather than rebuilding from scratch.

The open question on pay-by-bank, for Horlock, is whether it becomes something consumers actively choose, or whether the demand keeps coming mainly from the merchant side. “Today, much of the enthusiasm is driven by merchants seeking lower acceptance costs,” he says. “That alone is not enough to drive mass consumer behavioral change.”

For banks to invest seriously on the issuing side, he points to three changes. The experience has to be as easy and reliable as the best payment a customer already uses, including when a payment goes wrong and has to be disputed. The rules have to be clearer: who carries the loss when something fails, and what each party earns, the way card economics and protections are broadly understood today. And fraud and identity controls have to develop alongside adoption, because real-time account-to-account payments carry different risks from cards, and those controls are not there yet.

He does expect pay-by-bank to become common in specific places: recurring payments, eCommerce, and account servicing. But the firms that benefit most, in his view, will tie identity and fraud controls to the payment itself rather than treating pay-by-bank as a cheaper way to move money.

Asked which single payments investment he would fund for the long term rather than the next budget cycle, Horlock points to programmable payments built on tokenized commercial bank deposits: transactions that can carry their own conditions, so money moves only when those conditions are met. Distributed ledger and real-time data make it work, but the point for him is the capability: settlement that can be made conditional.

Customers, he says, want payments that are safer and less disruptive, especially around fraud. Programmable settlement is his answer. Payments investment has mostly been reactive, he notes: scheme mandates, regulatory deadlines, fixing resilience weaknesses, paying down technical debt. The point, he argues, is infrastructure that improves fraud prevention, efficiency, and speed at once rather than one at a time.

By that he means decisions made as the payment happens: fraud intervention, liquidity, financial crime detection.

Tokenizing commercial bank deposits, he argues, opens what he calls a multi-money world, where tokenized bank deposits move on the same rails as cash and other money. Customers, he says, most want change where they are defrauded or held up by fraud checks. His answer is what he calls smart money: a payment whose terms are written into the transaction, so the money is released only when the goods or services actually change hands. Picture a payment that settles the moment delivery is confirmed, rather than before it. That closes a specific settlement-timing risk in today’s process, where the money moves separately from the goods, though it does not remove every risk in a transaction.

“The next phase of payments competition is less about the rail itself,” he says, “and more about the intelligence layer sitting above it.” What he means by that layer is the services and controls wrapped around a payment, including the conditional settlement he wants to build. The rail still matters to him. It is no longer the part he is most interested in building.

Paul Horlock joins the main-stage panel on sovereignty without fragmentation at Payments Unleashed EMEA. The event opens with a reception on June 29 at 12th Knot, Sea Containers, and runs a full day on June 30 at the Hilton London Bankside, drawing banks, merchants, and payment providers from across Europe and the Middle East. Sessions cover real-time payments, fraud and scam liability, and payments sovereignty.

The questions Horlock raises here, what to standardize across markets and where pay-by-bank fits, run through the day’s banking sessions.