Today on The Settlement Layer: a UK court affirms regulators can cap card interchange, South Africa rewires its payments governance after 30 years, US banks launch a tokenised-deposit network to fight back against stablecoins, and a Claude Code MCP security hole that Anthropic declined to patch.
A UK High Court judge ruled Saturday that the Payments System Regulator has the statutory authority to set price caps on interchange fees for cross-border card transactions, rejecting a joint legal challenge from Mastercard, Visa, and Revolut. The ruling affirms the PSR's power to regulate card payment costs directly; the specific cap levels remain to be set in a separate determination.
Why it matters
This is a meaningful legal precedent, not just another skirmish. Visa and Mastercard argued the PSR exceeded its statutory remit by intervening in fee categories set by the networks — the court disagreed. What it means operationally: cross-border interchange on UK-issued cards transacting abroad (or foreign cards transacting in the UK) is now subject to direct regulatory price-setting, not just network discretion. For acquirers and PayFacs pricing UK merchant accounts, the pending PSR determination will set new interchange floor/ceiling economics for cross-border card categories. Revolut's participation in the challenge is notable — it operates both as an issuer benefiting from interchange and as a merchant-side competitor to card networks, suggesting the regulatory exposure cuts across the ecosystem. The broader pattern, visible alongside this week's stablecoin developments, is that card network pricing power is being compressed from multiple directions simultaneously: regulator-mandated caps above, and A2A/stablecoin substitution below.
The Bank of Uganda announced Friday that over-the-counter cash withdrawals will be capped at UGX 50 million per day and UGX 250 million per week for individuals, and UGX 500 million/UGX 2.5 billion for corporates, effective January 1, 2027. The policy explicitly targets forced migration to RTGS, EFT, and mobile money rails, with a public awareness campaign beginning July 2026. Sectoral exceptions are available but require pre-approval.
Why it matters
Forced-adoption mandates of this kind create predictable demand inflections for digital payment infrastructure. Six months of advance notice (with a July 2026 education campaign) gives operators a clear runway to build merchant and consumer onboarding for mobile money and EFT before the caps bite. The corporate caps are the more interesting constraint: UGX 2.5 billion weekly (~$680K) is below the weekly cash-flow threshold for mid-sized importers and construction contractors, which means corporate treasury functions that currently run on cash will need EFT infrastructure or mobile money integrations that many don't have. For a payments operator building East African infrastructure, Uganda just became a market with a regulatory tailwind and a hard deadline — the combination that tends to move procurement decisions.
Following up on the 50% equity stake SARB took in PayInc to build a national payments utility, the central bank has now formally dissolved the Payments Association of South Africa (PASA) — the industry-owned body that governed interbank settlement for three decades. PASA's functions transfer directly to PayInc. No immediate disruption to day-to-day settlement operations is anticipated, but the governance structure of the national payment system has fundamentally changed.
Why it matters
This is the structural shift the NPS modernisation project has been signalling for years, and it matters in practice rather than in principle. PASA was a bank-owned cooperative; PayInc under 50% SARB ownership is a regulated utility with a direct central-bank principal. The implications for payment operators are layered: access requirements, pricing for settlement services, and the criteria for connecting new payment rails to the national infrastructure will now be set by a body with a SARB mandate rather than a banking consortium consensus. For anyone building South African acquiring infrastructure, cross-border rails anchored to RTGS, or open-banking integrations requiring interbank settlement, the new governance structure changes who you negotiate with and what their incentives are. Watch for revised access frameworks and potential changes to the NPSA amendment bill that SARB flagged in its earlier stablecoin statement — these are now being drafted by the same institution that owns the utility.
The Clearing House announced a shared tokenised deposit clearing initiative with JPMorgan Chase, Citigroup, Bank of America, Wells Fargo, and other major US banks targeting an H1 2027 launch. The platform creates on-chain clearing and settlement of tokenised bank deposits — maintaining full deposit insurance and regulatory treatment — while offering 24/7 blockchain-based settlement integrated with TCH's existing RTP and CHIPS infrastructure (which clears $2.2 trillion daily). The initiative is explicitly framed as a competitive response to stablecoin yield competition.
Why it matters
The distinction between tokenised deposits and stablecoins is not semantic — it's the entire regulatory and credit architecture. Tokenised deposits are bank liabilities with FDIC insurance and Federal Reserve oversight; stablecoins are separate instruments outside the banking perimeter. TCH's move creates a regulated, insured, 24/7 settlement layer that competes with stablecoin infrastructure on speed and programmability while preserving the institutional trust stack. For operators building cross-border payment infrastructure, this signals a bifurcation that will persist: large banks routing interbank settlement through tokenised deposits on permissioned rails; fintechs and emerging-market operators routing through USDC/USDT on public chains. Neither kills the other — they serve different counterparty-risk and regulatory profiles. The timeline (H1 2027) gives stablecoin-native operators roughly 12 months before institutional demand for blockchain settlement shifts toward the banking-perimeter option.
Grey Business — the B2B cross-border payments arm of Nigerian fintech Grey — processed $61.4 million in total payment volume within four months of launch, with USDC and USDT now accounting for the single largest share of cross-border flows on the platform. CEO Idorenyin Obong confirmed the stablecoin use is for treasury management, supplier payments, and trade settlements — not as a crypto-speculative position. Nigeria leads by transaction count; Western Europe and the Middle East lead by value.
Why it matters
This is the cleanest African operator-level data point yet on the transition from 'stablecoins as experiment' to 'stablecoins as primary rail.' The $61.4M in four months is not a pilot number — it's production volume from businesses actively routing around FX access constraints and slow correspondent banking settlement. The North–South and South–South trade-flow distribution (Nigeria-originating transactions, EU/MENA-value concentration) maps directly onto the corridors where traditional banking has the most friction: dollar-denominated supplier invoices, inventory payments to Chinese and European wholesalers, and platform fee settlements. For African payment operators evaluating stablecoin infrastructure investment priorities, Grey's data suggests the B2B trade corridor is generating real volume well ahead of retail remittance at comparable scale.
Following Friday's announcement that Flutterwave is integrating stablecoin settlement via Tempo, TechCabal has contextualised the partnership with Tempo's current performance metrics: a 6% failure rate, 0.47 TPS throughput measured on June 3, and $22.4 million in stablecoin supply. This operational reality suggests why Flutterwave is retaining its existing Polygon infrastructure as a multi-rail hedge rather than executing a full migration.
Why it matters
A 94% success rate on a payment rail is not a production standard — it means roughly 1 in 17 transactions fails. For context, Visa's network uptime SLA is 99.999%. Flutterwave retaining Polygon while adding Tempo is the right architecture call: smart routing between rails based on real-time reliability and cost, rather than single-rail dependency. But operators evaluating Tempo as a settlement rail need to track two specific metrics before scaling volume: TPS throughput (0.47 TPS is incompatible with any meaningful remittance volume) and failure rate trajectory. The ISO 20022 messaging alignment and ERP integration story is strategically correct — but the infrastructure needs to catch up to the partnership press release. For African fintech operators watching this space: Tempo's Stripe/Paradigm backing and the Flutterwave vote of confidence give it runway to solve these problems, but the timeline for enterprise-grade reliability is months, not weeks.
AllUnity — the regulated European stablecoin issuer backed by DWS, Flow Traders, and Galaxy — confirmed the June 2026 launch of SEKAU (Swedish krona stablecoin) under MiCA's EMT framework, pairing it with Coinbase's x402 agentic payment standard. SEKAU joins EURAU and CHFAU as AllUnity's third European currency denomination, creating one of the few families of MiCA-compliant non-dollar stablecoins explicitly designed for machine-to-machine settlement.
Why it matters
The 98.6% USDC concentration in current AI-agent settlement flows is a single-issuer dependency risk that the agentic payments ecosystem hasn't seriously addressed. MiCA EMTs carry reserve audits, defined redemption SLAs, and supervisory oversight — operationally closer to a SEPA Instant credit transfer than to an ERC-20. AllUnity's explicit coupling of MiCA compliance with x402 makes SEKAU the first production example of regulatory-grade, non-dollar settlement assets designed for agent credential flows. For operators building cross-border agent payment infrastructure where European regulatory compliance matters — including anyone processing agent-initiated transactions in EU-regulated iGaming or financial services — this provides a settlement asset that satisfies both the KYC-for-agents audit-trail requirements and the MiCA counterparty-risk framework simultaneously. Watch for EURAU adoption in particular as MiCA enforcement bites USDT out of EU channels from July 1.
Nordea and Mastercard completed the first AI-assisted online purchase and payment transaction in Finland on Friday, with an AI agent buying a coffee tasting package on Priceless.com using Mastercard Agent Pay's agentic tokens for secure verification — a consent-based, verifiable transaction where agent-origin signalling was preserved throughout to the issuing bank. The transaction was executed on existing card infrastructure without stablecoins or new wallet infrastructure.
Why it matters
The architecture detail worth extracting: this ran on existing card rails, not agent-native infrastructure. The agent token is a credential wrapping mechanism that preserves the existing Mastercard network's verification chain — the issuer sees an agent-origin flag alongside normal card data, enabling enhanced transaction data visibility without requiring any changes to authorization switching or settlement. This is the 'retrofit' camp approach we've been tracking, and Finland's first live example confirms it works in production. The practical question for payment operators is what that agent-origin flag actually does to authorization rates and fraud scoring — Nordea hasn't published those numbers yet, but they'll determine whether the retrofit approach is commercially viable at scale or whether card issuers start declining agent-flagged transactions at elevated rates.
An iGaming Afrika analysis published Friday argues that operators winning across Kenya, Uganda, Tanzania, and West Africa have internalised a set of product and commercial constraints that European-market playbooks actively ignore: low-RAM device profiles, interrupted 3G sessions, mobile-money-first deposit flows, and B2B pricing benchmarked against actual market economics rather than imported European revenue-share norms. The piece also maps Kenya's 2025 Gambling Control Act and draft 2026 Conduct of Gambling Operations Regulations as emerging moats that compliance-ready operators can exploit.
Why it matters
The article surfaces an uncomfortable but accurate operator truth: most payments integrations in African iGaming are treated as plumbing problems when they're actually product problems. The difference matters because plumbing problems get outsourced; product problems require first-party engineering. Mobile money deposit flows (M-Pesa, MTN MoMo, Airtel Money) have different session-timeout behaviours, reconciliation latencies, and failure modes than card rails — and a product built around European card checkout assumptions will haemorrhage players at the deposit screen. The regulatory moat argument is equally concrete: Kenya's GRA real-time monitoring mandate (covered Thursday) and server localisation requirements create compliance costs that unlicensed grey operators cannot absorb, which is the first time in years that regulatory compliance in African iGaming translates directly into competitive advantage rather than friction.
With New Glenn grounded following the May 28 hotfire explosion at Launch Complex 36, NASA is now actively evaluating alternative launch vehicles for Blue Origin's Blue Moon lunar landers, decoupling the lander from its designed-for launch vehicle to preserve the Artemis III timeline. SpaceX's Falcon Heavy is the most-cited alternative, but Blue Moon's 7-metre fairing compatibility requirement creates engineering constraints. Blue Origin CEO Dave Limp announced a return-to-flight target before end of 2026 — a timeline industry observers describe as optimistic. The Moon Base I cargo mission, originally slated for fall 2026, is directly in the critical path.
Why it matters
NASA's contingency planning reveals the structural fragility of a two-vendor heavy-lift market. Blue Origin holds a $627 million Moon Base I contract signed two days before the explosion — and the agency now has no clear path to deliver the cargo lander on schedule without either waiting for New Glenn's return to flight (optimistic) or engineering a cross-vendor solution with SpaceX (complicated by competitive dynamics and fairing geometry). The deeper issue is the cascade: if Moon Base I slips, the crewed Artemis III 2027 target moves with it. For satellite constellation planners and commercial launch customers, the New Glenn grounding removes a launch vehicle that was positioned as a meaningful alternative to Falcon 9/Heavy for medium-to-heavy payloads — reinforcing SpaceX's de facto monopoly on heavy commercial lift for the next 12–18 months.
Anthropic's Claude platform suffered a significant outage beginning at 15:08 UTC on Friday, affecting claude.ai, the Claude API, Claude Code, and Claude Cowork. Opus 4.6 through 4.8 and Sonnet 4.6 all showed elevated error rates, with staggered recovery over approximately 3.5 hours. Unconfirmed reports suggested Claude may have returned inference outputs intended for other users — Anthropic confirmed investigation into potential data exposure. The following day, Claude Code v2.1.167 shipped with a `fallbackModel` setting allowing up to three sequential fallback models when the primary is overloaded or unavailable, plus glob pattern support in tool deny rules and hardened cross-session messaging.
Why it matters
This is the third documented major Claude platform disruption in early June 2026, and the pattern suggests systemic scaling strain rather than isolated incidents. The unconfirmed cross-user response exposure is the more serious concern — if confirmed, it creates both GDPR and PCI DSS Article implications for operators who process sensitive financial data through Claude. The v2.1.167 fallback routing arriving the day after the outage reads as either a remarkably well-timed release or a response to internal pressure post-incident; either way, it's the right mitigation. For production deployments, the practical takeaway is to configure fallback models now (before the next incident) and instrument token throughput monitoring to detect degradation windows early — the outage was 3.5 hours but early error rate signals appeared within minutes of onset.
Mitiga Labs disclosed Friday that malicious npm packages can silently rewrite ~/.claude.json to intercept OAuth tokens bound for GitHub, Jira, Confluence, and other SaaS platforms connected through Claude Code's MCP configuration. The attack requires prior code execution consent — which is why Anthropic declined to patch it, citing it falls outside their threat model. The vulnerability remains live as of publication, and the attacker's IP spoofs Anthropic's egress range, making the session appear legitimate on the provider side.
Why it matters
Anthropic's 'requires prior code execution consent' rationale misses the operational reality of how Claude Code is actually deployed: developers routinely install packages from npm without full trust audits, and Claude Code is increasingly running in CI/CD environments where the boundary between 'consented' and 'ambient' code execution is blurry. For fintech operators who have wired Claude Code to internal payment APIs, database credentials, or transaction-signing endpoints — which is the obvious use case for the agent-payment workflows this reader builds — a compromised token chain bypasses traditional audit-log detection entirely. The session looks like Anthropic traffic. The attack surface is MCP configuration files, not the model itself, which is precisely the vector that's hardest to monitor with standard SIEM tooling. Until Anthropic patches or sandboxes MCP credential routing, the practical mitigation is scoping Claude Code's MCP permissions to read-only integrations and keeping transaction-signing credentials out of the MCP config entirely.
Regulators are moving from guidance to structural control Three separate regulatory events this week — the UK PSR winning price-cap authority over card interchange, SARB dissolving PASA and taking 50% equity in PayInc, and the Bank of Uganda mandating digital payment migration via cash withdrawal caps — show that central banks and payment regulators are no longer content with advisory roles. Direct ownership stakes, enforceable fee ceilings, and hard-deadline mandates are the new toolkit.
Stablecoin settlement is bifurcating by institutional tier This week crystallised a structural split: US money-centre banks (JPMorgan, Citi, BofA) are building tokenised deposits inside the regulated perimeter via The Clearing House, while fintechs and African operators (Grey Business, Flutterwave/Tempo, Checkout.com) are building on public stablecoin rails. The two systems are not interchangeable — one carries deposit insurance and CHIPS clearing; the other offers 24/7 global reach. Operators will need to decide which tier serves which corridor.
Agentic payment volumes are negligible; governance infrastructure is not An honest operator-level audit this week found x402 generating ~$17K/day in real transactions and Stripe agent completions in single digits. Yet Nordea/Mastercard completed Finland's first live agentic purchase, AllUnity launched a MiCA-grade stablecoin explicitly for agent settlement, and Ra Pay logged the first CLI agent payment in reinsurance. The pattern: infrastructure is being built for a market that barely exists yet, which is precisely when architecture choices lock in.
Claude platform instability is becoming a systemic dependency risk Three major Claude outages in early June — including a two-hour disruption on Friday affecting all frontier models and unconfirmed cross-user response exposure — coincide with Claude Code v2.1.167's new fallback model routing. The timing is not accidental. For operators running production agentic workloads on Claude, single-vendor dependency is now a documented operational risk, not a theoretical one. Fallback routing is the immediate mitigation; multi-provider architecture is the durable one.
African iGaming regulation is converging toward real-time monitoring as table stakes Kenya's GRA (covered Thursday) and the Gaming Tech Summit Africa this week both point in the same direction: African gaming regulators are adopting API-level transaction visibility, mandatory digital reporting, and server localisation requirements. The compliance burden is shifting upstream to payment and platform infrastructure providers. Operators who treat compliance as a moat are better positioned than those who treat it as overhead — Kenya's framework is already being studied across 22+ jurisdictions.
What to Expect
2026-06-11—SpaceX IPO expected to price at $135/share (NASDAQ: $SPCX) — the S-1's xAI valuation writedown question becomes a public-market test.
2026-06-15—Anthropic billing split goes live: Claude Agent SDK calls move off subscription pools to API-metered credits. Overflow billing must be manually enabled or agent workflows fail silently.
2026-06-15—Greece's omnibus gambling bill consultation period closes — final text on per-session winnings taxation and mandatory payment blocking obligations expected shortly after.
2026-06-17—Ariane 6 launches 36 Amazon Kuiper satellites with upgraded P160C boosters — largest single payload in both Amazon Leo and Arianespace history.
2026-07-01—MiCA absolute deadline: ~83% of EU VASPs still unlicensed, Tether USDT remains non-compliant. Expect enforcement actions and exchange delistings affecting USDT-denominated payment rails in EU corridors.
How We Built This Briefing
Every story, researched.
Every story verified across multiple sources before publication.
🔍
Scanned
Across multiple search engines and news databases
939
📖
Read in full
Every article opened, read, and evaluated
227
⭐
Published today
Ranked by importance and verified across sources
12
— The Settlement Layer
🎙 Listen as a podcast
Subscribe in your favorite podcast app to get each new briefing delivered automatically as audio.
Apple Podcasts
Library tab → ••• menu → Follow a Show by URL → paste