Planning for a new business, BNPL firms, and what to do if you fall foul of a data breach
Today we give our top tips on key points to consider when starting a new business, the new framework for Buy-Now, Pay-Later (BNPL) firms, and what you should do if you become a victim of a data breach.
Are you thinking of starting a business?
If you’re considering starting a business, there’s a lot to think about – especially when it comes to finances, tax and compliance. From choosing the right structure (sole trader, partnership or limited company) to registering with HM Revenue and Customs (HMRC), keeping proper records and understanding your tax responsibilities, it’s important to get things right from the start. You may want to consider:
- When and how to register for VAT
- Setting up payroll if you’ll be taking on staff
- Planning for Corporation Tax or Self Assessment
- Claiming allowable expenses
- Understanding what support and reliefs are available for new businesses
To help you navigate all of this, ask us for your free copy of our New Business Kit for 2025/26. This practical guide has been updated for the latest tax year and covers all the key financial, tax and accounting areas you need to consider when setting up a business. It’s designed to give you a clear overview, with straightforward explanations to help you feel more confident in your decisions.
If you’re in the early stages of planning to start a new business – or even just testing an idea – it’s a great place to start.
Please get in touch if you’d like a copy of the New Business Kit or to speak to us about your plans.
New Buy-Now, Pay-Later Rules Announced
From next year, Buy-Now, Pay-Later (BNPL) firms will need to work within a stricter regulatory framework. Following last year’s consultation, the government has now laid legislation before Parliament to bring BNPL under formal regulation, aiming to end what’s been called the “wild west” of unregulated borrowing.
BNPL refers to a type of interest-free instalment credit that allows the borrower to split their purchase cost into regular repayments within a 12-month period and in 12 or fewer instalments.
This type of credit is currently unregulated, which means the businesses offering them are not overseen by the Financial Conduct Authority (FCA), nor do they have to comply with the Consumer Credit Act 1974’s requirements. Klarna, Clearpay and Paypal Pay in 3 are examples of third-party providers that many businesses partner with to provide a BNPL option at checkout to their online customers.
What’s changing?
BNPL has grown rapidly in recent years, with millions now using it as a way to spread the cost of purchases. But concerns have grown around affordability, lack of clear terms, and delays in processing refunds. The new rules aim to change that by:
- Requiring affordability checks before people can borrow
- Ensuring clearer information upfront about what customers are signing up to
- Providing fairer and faster access to refunds
- Giving customers the right to complain to the Financial Ombudsman, as with other credit products
At the same time, the government is reforming the outdated Consumer Credit Act to remove outdated and confusing rules, with oversight of all credit types covered by the Act shifting to the Financial Conduct Authority (FCA). This move is expected to reduce red tape while strengthening consumer protections.
What does this mean for your business?
If your business uses a third-party BNPL provider, these changes will likely affect how those services are delivered and what your customers experience at checkout. Here’s what to be aware of:
- Process changes at checkout – Third-party BNPL providers will need to carry out affordability checks before approving purchases. This could slightly affect the speed or flow of the checkout process, particularly for new users.
- Customer communication – Your customers will receive more detailed information about repayment terms and their rights before they complete a purchase. It will be worth making sure any information you include on your website outside of the checkout areas maintained by your BNPL provider is consistent, so that there are no surprises or confusion.
- Refunds and returns – The new rules aim to make refunds faster and fairer for customers using BNPL. You may need to work closely with your BNPL provider to ensure your return and refund policies support this.
- Complaint handling – Customers will now be able to escalate complaints about BNPL services to the Financial Ombudsman. While the BNPL provider will take the lead, good customer service from your side can help avoid issues being pushed further.
Overall, these changes aim to build trust in BNPL – and that could benefit businesses that use it as a flexible payment option to drive sales. Now is a good time to review how your BNPL partner operates and whether any changes are needed to keep up with the new rules.
What Should You Do If You’re the Victim of a Data Breach
There has been much media attention on the recent cyber-attacks affecting high street retailers. If you or your business is a customer of these businesses, you may have received communications alerting you to the fact that your data was included in the breach. If so, you may be wondering what you should do to protect yourself.
The National Cyber Security Centre (NCSC) have been highlighting their guidance on how to protect yourself from the impact of data breaches.
The guidance reviews what a data breach is and how you might be affected. It then details the actions to take following a breach, reporting suspicious messages and what to do if you’ve lost money.
What actions should you take following a breach?
The starting point is to confirm whether you’ve been affected. NCSC advise that you can contact the relevant organisation using their official website or social media channels. They stress that you shouldn’t use links or contact details included in any messages you have been sent.
You may receive suspicious messages, even some time after the breach has been made public, so be alert. NCSC provide a list of tell-tale signs that can help you determine whether a message is fake. You should especially be cautious when being asked to provide personal information or to act urgently.
If you receive a message that contains a password that you’ve used in the past, NCSC advise that you don’t panic. If you still use the password or use it on any other online accounts, you should change those straightaway.
You should also check your online accounts to make sure that they are not being accessed by someone who is unauthorised. Check the account’s login records for unusual logins or login attempts. Look for changes in your security settings and messages or notifications that have been sent from the account that you don’t recognise.
If you find an account has been accessed, then NCSC provide a step-by-step guide on recovering a hacked account.
To review the data breach guidance in full, see the NCSC website.