If businesses aren’t ready for cross-border compliance, they may as well be writing regulators a blank check.
And particularly as it relates to financial services, eCommerce and digital platforms, companies looking to navigate the complex landscape of data privacy, financial regulations and cybersecurity, are finding that many foreign marketplaces have adopted “on-soil” requirements.
These mandates demand that businesses keep certain data within a country’s borders, impacting cross-border transactions and compliance.
In India, for example, Reserve Bank of India (RBI) regulations require financial data collected within the country to remain within its borders, similar to China’s Cybersecurity Law requiring critical data to be stored domestically and undergo security assessments before any cross-border transfer. Even the European Union’s General Data Protection Regulation (GDPR), while not an explicit data localization law, imposes strict rules on transferring personal data outside the EU.
For businesses involved in cross-border transactions — whether across payments, logistics or digital services — on-soil requests can complicate compliance in several ways. To succeed in this evolving landscape, businesses need robust compliance strategies, investments in regional infrastructure, and a deep understanding of local regulations.
And as the November 2025 migration to ISO 20022’s universal financial messaging standard approaches, it is becoming increasingly critical to understand how the standard will impact cross-border payments, on-soil mandates and overall regulatory compliance.
See also: The Convenience-Compliance Conundrum in Cross-Border B2B Payments
Cross-border compliance in the age of on-soil requests requires businesses to balance local demands with global ambitions. One of the biggest challenges posed by on-soil requests is the sheer complexity of meeting multiple, and often conflicting, regulatory demands. A policy that aligns with one country’s rules might run afoul of another’s. Companies must navigate carefully to avoid fines, operational disruptions or loss of access to key markets.
For example, the conflict between the U.S. CLOUD Act and the European Union’s GDPR highlights the tension between different jurisdictions’ compliance priorities. While GDPR emphasizes data privacy and prohibits sharing personal data with third countries without proper safeguards, the CLOUD Act allows U.S. law enforcement to compel companies to disclose data, even if it is stored abroad.
These conflicts force companies to build redundancy into their compliance frameworks, such as creating country-specific data infrastructures or maintaining separate supply chains for certain regions. While this approach ensures legal compliance, it drives up operational costs, limits economies of scale and reduces overall efficiency.
In an interview with Karen Webster, panelists from the financial services industry detailed that banks have been taking a scaled approach to sending data so that it can be validated to ensure that straight-through processing works and back office reconciliation improves.
“Everything’s going more cross-border and getting regulated, so compliance regulation is huge for new business models in new markets,” Sovos CEO Kevin Akeroyd told PYMNTS in an April interview.
Read more: How Compliance Is Shaping the Future of Cross-Border Payments
On-soil compliance requests reflect a larger shift in the global business environment — one that moves away from the seamless interconnectedness that defined previous decades. As governments assert more control over their economic ecosystems, multinational companies are left navigating an increasingly fragmented landscape, where localization could become a prerequisite for international growth.
And with the ISO 20022 migration date inching closer to reality, banks and payment service providers must now strike a delicate balance — leveraging ISO 20022’s richer data capabilities while ensuring that cross-border payments comply with the varying on-soil mandates in every jurisdiction involved.
Leveraging technology, such as AI-driven compliance management systems, can help firms stay ahead of regulatory changes and ensure consistent compliance across jurisdictions. These tools monitor evolving regulations in real time, alerting companies to potential risks.
As PYMNTS’ Karen Webster noted in an earlier interview, the focus on cross-border innovation needs to be on solving key frictions: moving money securely and safely, providing transparency throughout the process and optimizing the economics of cross-border transactions
After all, faulty cross-border payments cost merchants in the United States at least $3.8 billion in sales last year alone, according to the PYMNTS Intelligence report “Cross-Border Sales and the Challenge of Failed Payments.” Additionally, 70% of U.S. firms experienced higher rates of failed payments in cross-border sales compared to domestic sales.
Seamless and efficient cross-border payments have become more important as businesses look abroad for new markets and customers, according to the PYMNTS Intelligence and Citi collaboration, “The Treasury Management Playbook: Spotlight on Cross-Border Payments.”