Today on The Settlement Layer: the UK PSR finally puts Visa and Mastercard scheme fees under mandatory disclosure, Anthropic splits Claude billing in a way that will hurt anyone running agents 24/7, and South Africa's crypto capital-flow rules attract a substantive critique on enforceability rather than just outrage. Plus Joburg's water crisis gets a constitutional framing.
The UK Payment Systems Regulator published the final report of its scheme and processing fees market review, finding that Visa and Mastercard core fees to UK acquirers have risen at least 25% since 2017 β costing UK businesses around Β£170m a year β without evidence of corresponding cost increases. The same week, the PSR opened a consultation requiring both schemes to publish disaggregated UK financial performance, including profit and loss accounts. Both pieces sit alongside the PSR's separate work on remedies for fee transparency and reduction.
Why it matters
This is the first time a major regulator has moved from suspecting scheme-fee opacity to mandating disclosure of UK margins specifically. Operationally, the consequences will not arrive overnight β but the precedent matters: once UK-level P&L disaggregation exists, every other regulator with merchant-cost concerns (EU's PSR-equivalents, the RBA, eventually SARB on its own scheme review) will have a template. For PayFacs and acquirers, the medium-term watch is whether scheme fee increases get pre-emptively re-papered in 2026 before the disclosure framework hardens. The Bloomberg report this week of Mastercard pushing processors to absorb Will Bank losses (paywalled but circulating) suggests the schemes are already feeling the cost-recovery squeeze.
TechCentral editor Duncan McLeod and economist Dawie Roodt published a substantive critique of South Africa's draft Capital Flow Management Regulations this week. Their core technical argument: self-custodied crypto (recovery phrases, hardware wallets) is information that cannot be geographically bounded or seized, which makes the proposed surveillance, forfeiture and forced-liquidation architecture mathematically unenforceable against anyone with basic operational hygiene. The piece joins the IRR's constitutional challenge and Luno's separate reclassification lobbying, all aimed at the 30 June comment deadline.
Why it matters
This is the most damaging line of attack the draft has yet faced β not because of crypto ideology, but because it reframes the question from 'should we regulate?' to 'can the state actually do what these regulations claim?'. Treasury can still pass the rules, but every operational element that depends on the state knowing what an individual holds offshore in self-custody will be litigated and probably defeated. For operators building rails into and out of ZAR, the watch is which provisions survive the comment window: the registration and reporting framework for licensed CASPs is enforceable and will stay; the seizure-and-forfeiture mechanics for self-custody are the parts most likely to be quietly walked back or judicially struck. Plan compliance investment accordingly.
Following Thursday's reporting on SARB's 50% stake in PayInc and the 'open shared digital infrastructure' designation, ITWeb adds the operational detail: PayInc is launching advisory services targeting ecosystem participants in townships and informal trading environments, on top of the formal pivot from P2P to merchant payments and e-commerce. 14 participating banks, 905m transactions since 2023, 6m registered users β but the explicit framing now is that the next phase is merchant acceptance in segments where existing card and QR economics don't work.
Why it matters
The new beat this cycle is the advisory-services posture, which signals PayInc accepting that adoption in informal trade will not come from a rate sheet β it requires hand-holding integration partners through merchant onboarding, dispute handling and float management. That is genuinely useful for anyone building merchant acceptance products in SA, because it implies PayInc itself is not going to compete on the last-mile UX layer. The opportunity is for operators with informal-sector distribution to plug into PayShap rails with PayInc explicitly supporting the integration. Watch for the first published advisory partnerships β they will reveal which acquirer and PSP stacks PayInc considers viable for that segment.
Following Thursday's coverage of the 58.4% compounded cost modelling, the Kenya Bankers Association has now formally pushed back against Finance Bill 2026's proposal to treat digital payment service charges as royalties subject to WHT and VAT β which would effectively reverse the December 2025 ABSA Supreme Court ruling that classified them as operational service fees. Parliament's deadline for public input was 25 May. Same week, Africa fintech revenue projections from the BFT puts the broader sector at $65bn by 2030, with transaction taxes flagged as the primary structural risk.
Why it matters
The new beat is the explicit Supreme Court framing: KBA is arguing that Parliament cannot tax-by-legislation what the apex court has already classified as non-royalty fees, which raises the bill's constitutional risk profile. For operators with Kenyan card and digital payment volume, the practical watch is whether the VAT-on-digital-services and WHT-on-interchange provisions survive the committee stage in current form. The pattern matters across the continent β Uganda's mobile money levy collapsed transaction volume 25% and the BFT piece this week explicitly bifurcates African tax models into 'tax the rail' (bad for adoption) vs 'use the rail to improve collection' (Kenya and SA's stated direction). Finance Bill 2026 would put Kenya in the first camp.
Two pieces this week converge on the same operator-level conclusion. JDSupra's legal analysis identifies four foundational compliance gaps in agentic payments: credential-acquisition regime (open banking vs CFPB 1033), Know-Your-Agent frameworks that detect registration but not prompt injection, contract-formation uncertainty when agents accept terms, and asymmetric accountability between centralised and open platforms. The Bank of England's DLT Lab (republished via Bank Underground) maps the same territory architecturally β four emerging layers (agent comms, agent payments, agent identity, payment rails) β and lands on the same point: centralised control concentrates liability but enables compliance; open platforms defer costs but face exclusion.
Why it matters
Three weeks after the UK Payments Association/US Payments Forum/Bank Underground triptych we ran on Thursday, the policy-and-legal layer is now publishing the architectural conclusions rather than just the open questions. The practical implication for an operator building agent-aware payment flows: the centralised-vs-open trade-off is becoming a deliberate design choice, not a default. If you concentrate credential custody, agent identity and payment authorisation under one roof, you absorb compliance and liability but get to ship now. If you build on open protocols (x402, AP2, ACP), you defer the liability question to consortium governance that does not yet exist. JDSupra's credential-selection point is the one to internalise β when an agent chooses the rail, it materially changes consumer protections, and that choice is currently undocumented in most stacks.
Accenture's analysis published this week puts numbers on the GL Insight/Innopay argument we covered Tuesday: by 2030, 30% of online commerce could run through AI agents β about $3.1 trillion in transactions. Agents will autonomously optimise payment selection by cost and rewards, potentially redirecting half of card transactions to lower-cost alternatives and compressing payments-industry revenues by $7.2 billion. The piece coins 'GEO-ready' (generative engine optimisation) as the new conversion problem: being visible and trustworthy to agents rather than converting humans at checkout. 78% of payments leaders expect fraud to rise; 87% cite trust as the adoption barrier.
Why it matters
Accenture is a vendor consultancy, so the headline numbers are directional rather than gospel β but the $7.2B revenue compression is the first credible attempt to size the rail-disintermediation effect. The asymmetric framing matters: agents are not killing card networks, they are squeezing the rent on settlement while preserving the value of governance and identity. For operators in African markets, where card economics already compete with mobile money and A2A rails, this thesis points the same way: agent-driven steering will accelerate the route to whichever rail is cheapest, fastest and most agent-readable. The operator action is to ensure your acceptance product surfaces clean, machine-readable pricing and fulfilment signals β anything else gets routed past.
Uber Engineering published a detailed write-up of its production agent identity and authorisation system: SPIRE-backed workload credentials, short-lived JWTs from an internal Security Token Service, and a standardised Agent-to-Agent client that maintains cryptographically verifiable actor-chain attribution across multi-hop workflows. Personnel identity, every intermediate agent, and the target service are embedded into each token; an MCP Gateway pattern enforces policy at the perimeter rather than inside agent reasoning.
Why it matters
This is the most concrete reference architecture published to date for the problem the JDSupra and Bank Underground pieces describe in policy terms. The single-hop short-lived token design, combined with full provenance from user through every agent in the call chain, is the only credible answer to 'who authorised this payment' once agents are calling agents. For a payments operator, the directly applicable patterns are: enforce authorisation below the agent (Gateway), make every token attributable to a human principal at the start of the chain, and reject any architecture where agents share long-lived credentials. The Five Eyes joint guidance from earlier this month said the same thing in policy terms; Uber's piece is the engineering blueprint.
Anthropic confirmed this week that from 15 June, Claude subscriptions split into two rate-limit pools: interactive use (Claude.ai, Claude Code, Cowork) keeps the current limit; programmatic use via Agent SDK or headless mode gets a separate monthly credit equal to the subscription fee but billed at API rates, with no rollover. A practitioner running 24/7 agents documents the math: a serious overnight shift is $2β$8 in token spend, easily blowing the $200 Max credit by mid-month. Mitigations: route work through interactive Claude Code sessions where possible, add a second harness vendor (Codex Pro) for redundancy, route commodity calls through OpenRouter to cheaper models, and audit token waste before the deadline.
Why it matters
This is the operational shoe dropping behind Anthropic's profitability story we covered yesterday. Flat-rate subscription pricing on programmatic use was always a customer-acquisition subsidy β and the company is now extracting margin where the workload actually sits. For anyone running Claude Code in CI loops, scheduled Routines, or background agent harnesses, the action items are concrete: instrument /usage by category, separate interactive from programmatic forecasts in your own cost model, and accept that single-vendor agent infrastructure is now a cost-concentration risk. The architecture lesson generalises β diversify the harness, route narrow calls to cheaper models, and treat token spend like cloud spend rather than a flat seat licence.
Anthropic moved last week's Code with Claude announcements into more concrete shape: Claude Compliance API integrations for governance, self-hosted sandboxes (public beta, not just announcement), and MCP tunnels (research preview) for Managed Agents to connect to private network services without exposed firewall holes. Security vendor Geordie has already shipped an integration on top of the Compliance API exposing chats, files, projects and logs as enterprise telemetry. Penligent separately disclosed and Anthropic patched a SOCKS5 null-byte injection bug in Claude Code 2.0.24β2.1.89 that let sandboxed code bypass network allowlists.
Why it matters
The new beat versus last week is the Compliance API being a usable surface β a third-party governance vendor has built on it within days, which means the audit-and-monitoring layer Claude Enterprise has been missing is now real. For anyone deploying Claude inside a regulated payments environment, the combination matters: self-hosted sandboxes keep tool execution in your perimeter, MCP tunnels invert the network model so internal MCP servers never face the public internet, and the Compliance API gives your security team Claude-specific telemetry alongside endpoint and DLP data. The Penligent disclosure is a useful reminder that sandbox boundaries are a security primitive and need to be tested as such β parser-differential bugs in egress controls will keep appearing.
Michael Berner, Visa's Head of South and East Africa, told TechCabal at the Africa CEO Forum in Kigali that stablecoins could be 'pretty big' for African payments and that bank-to-Visa crypto settlement pilots are launching 'very, very soon'. Same week, Visa joined the Canton Network as a super-validator β Canton being the privacy-preserving institutional blockchain for bank-grade settlement, distinct from Visa's earlier Tempo validator role on the Stripe/Paradigm chain. The Yahoo Finance/Visa testing piece confirms the broader strategic frame: stablecoin settlement and AI-commerce as parallel experiments on future fee economics.
Why it matters
Visa is hedging across at least two settlement-chain bets at once β Tempo for general institutional flows, Canton for privacy-preserving bank rails β while telling the African market specifically that pilots are weeks away. For operators with cross-border ZAR/USD/NGN flows, the interesting question is not whether Visa supports stablecoin settlement (it will) but on which chain and under whose KYA/KYT rules. The Berner quote is forward-looking, not a launch announcement, but it lines up with this week's Checker, Celo/Bridge and MoneyGram-on-Tempo signals: institutional stablecoin settlement infrastructure is consolidating around a small number of validator-grade chains, and African corridors are explicitly in the early-pilot tranche.
MoneyGram International announced it will join the Tempo blockchain β the institutional chain designed by Stripe and Paradigm β as a transaction validator, moving from blockchain user to network operator. Stripe will execute MoneyGram settlements over Tempo's stablecoin infrastructure. Western Union is separately deploying Solana-based USDPT in Bolivia and the Philippines. Global remittance fees averaged 6.36% in Q3 2025, more than double the UN's 3% target. Visa is already a Tempo validator (and has now also joined Canton, per story 5 above).
Why it matters
The strategic point: legacy money transfer operators are no longer experimenting with stablecoin rails as a side project β they are operating validator nodes on the institutional chains that will replace correspondent banking in their corridors. For African remittance flows specifically, the operator question is no longer 'should we support stablecoin settlement' but 'which validator-grade chains will the corridor counterparties standardise on'. Tempo has Visa, MoneyGram and Zodia Custody. Canton has Visa, Goldman, Boerse Stuttgart's Seturion. The corridor partners' chain choices will determine the African-side integration roadmap.
The Sebola critique β naming Mofokeng and Appollis publicly on matchday eve β is now the defining tactical frame rather than background noise. Whether Ouaddou responds with personnel changes or doubles down on the same attacking system is the story inside the story. The CANAL+ confirmation is the structural beat that tends to get lost in final-day drama: broadcast stability through to Broos's squad call matters more for what comes after Saturday than the result itself.
The SAHRC's three-day inquiry β opened 19 May β concluded with the commission formally framing Gauteng's water crisis as a man-made constitutional violation under Section 27. New this cycle: Johannesburg Water's MD disclosed that criminal syndicates are physically attacking water infrastructure, with armed assaults on the Olifantsvlei wastewater plant requiring armoured vehicles β reframing the security calculus from copper theft to resource-extortion via tanker contracts. Rand Water revealed municipalities collectively owe it R9bn (Emfuleni alone: R1.9bn). Johannesburg's documented backlog: R27bn maintenance, 85km of pipe replacement annually vs 186km needed. Rand Water has scheduled a 96-hour maintenance window from 29 May to 2 June affecting eight Joburg systems including Midrand, Randburg, Roodepoort, Soweto, Deep South, Commando, Sandton and Central.
Why it matters
The Section 27 framing is the consequential new development: a statutory body has formally documented this as a constitutional rights breach, opening legal and political pathways that 'infrastructure backlog' language did not. The 29 Mayβ2 June maintenance window is a concrete operational planning event for anyone with property dependencies in the listed areas. The armed-attack disclosure is separately significant β tanker mafias were already on record from the SAHRC hearings (R264m spent in Tshwane over three years, WaterCAN demanding municipalisation), but physical assault on bulk water infrastructure is a qualitative escalation.
Gauteng Economic Development MEC Vuyiswa Ramokgopa publicly called for updated gambling legislation and tighter bank-regulator coordination on digital betting transaction flows. She framed existing laws as unfit for the scale and speed of digital operations, and explicitly asked banks to strengthen monitoring of gambling settlement flows to improve revenue tracking and compliance. This lands alongside this week's separate UCT endorsement of Treasury's 20% online betting tax and the still-rolling Gauteng Gambling Board governance collapse.
Why it matters
Two beats in one. First, the MEC's statement is the first explicit provincial-level demand for closer bank scrutiny of gambling settlement flows β which is exactly the lever that bites PayFacs and acquirers running iGaming MIDs. Expect stricter transaction monitoring obligations, additional KYC/AML reporting, and probably a tightening of the MCC 7995 and 7800-range scrutiny that banks already apply. Second, sitting next to the proposed 20% national tax (UCT-endorsed, Treasury-driven), provincial GGR economics are about to come under simultaneous tax and compliance pressure. The Brazil Resolution BCB 569/2026 mandating bank reporting on unlicensed gambling fraud is a useful comparator for where this ends up architecturally.
Ontario's regulated online gaming market reached 91.1% channelisation in March-April 2026 (up from 83.7% unregulated play a year earlier), per IPSOS research commissioned by iGaming Ontario and AGCO. The province simultaneously launched BetGuard, a centralised self-exclusion platform that blocks account access, new registrations and marketing communications across every licensed sportsbook and casino. Cumulative wagers since April 2022: $103bn, generating $4.2bn in revenue. In counterpoint this week, H2 Gambling Capital projected UK black-market betting at Β£33bn within three years as mandatory affordability checks tighten.
Why it matters
Two opposite case studies in the same news cycle. Ontario shows that competitive licensed markets plus seamless centralised player protection tools (one self-exclusion register that actually works across operators) can drive channelisation up while operating costs stay manageable. The UK is doing the opposite β adding affordability-check friction at the licensed-operator level, which H2 forecasts will push Β£33bn offshore. For SA's 20% national tax debate and the Gauteng MEC's call for tighter bank monitoring above: the empirical evidence is now reasonably clear that channelisation requires reducing friction at the licensed product while concentrating the protective tooling at the regulator/scheme level. The Dutch Loterij FY25 loss we covered last week sits in the same conversation.
Scheme-fee opacity is finally being priced The UK PSR's mandatory financial reporting consultation plus the 25%-since-2017 finding signals the end of card networks treating scheme fees as a non-disclosable line item. Expect Australian and EU regulators to follow.
Agentic payments are settling into a control-plane fight, not a rail fight Visa joining Canton as a super-validator, Fireblocks taking an x402 governing seat, Mastercard's Centemero framing trust as a precondition β the networks are conceding rails will diversify (stablecoins, A2A, mobile money) and contesting the governance/identity layer above them. Accenture's $7.2B 'compression' estimate sharpens this.
AI cost models are repricing in public Anthropic splitting subscription vs SDK billing on 15 June, the $200 credit math not surviving real agent workloads, and Arnon Rosenfeld's analysis of HBM/TSMC bottlenecks all point to the same thing: flat-rate inference was a customer-acquisition subsidy and it is going away. Operators running production agents need to recalibrate this quarter.
African crypto and capital-control regimes are being argued on enforceability, not ideology Roodt/McLeod's critique of SA's CFMR draft (self-custodied keys are mathematically unenforceable) joins the IRR's constitutional challenge and Luno's reclassification lobbying. Same logic applies to Kenya's Finance Bill VAT proposal β operators are starting to win the argument on what regulators can actually enforce.
Joburg's collapse is now a documented constitutional matter The SAHRC inquiry's Section 27 framing of Gauteng water, OUTA's R25.2bn-creditors-vs-R3.9bn-cash callout, and the 29 May Rand Water maintenance window are converging into something residents and operators can litigate against rather than complain about.
What to Expect
2026-05-23—Pirates v Orbit College at Mbombela, 15:00 β title or 14-year wait extended.
2026-05-29—Rand Water 96-hour maintenance begins, affecting 8 Johannesburg systems through 2 June.
2026-06-15—Anthropic splits Claude subscription rate limits β programmatic (SDK/headless) gets a separate $200-equivalent credit pool, billed at API rates after exhaustion.
2026-06-30—Extended deadline for public comment on SA Treasury's draft Capital Flow Management Regulations.
2026-07-08—Eskom's R5.2bn disconnection deadline for the City of Johannesburg.
β The Settlement Layer
π Listen as a podcast
Subscribe in your favorite podcast app to get each new briefing delivered automatically as audio.
Apple Podcasts
Library tab β β’β’β’ menu β Follow a Show by URL β paste