Close up of a woman's hand paying with her smartphone in a cafe

How European banks compare on readiness for EU payments regulations

As Open Banking makes way for Open Finance, how banks and payment service providers can achieve compliance and gain a competitive edge.

In brief
  • The EU’s recent regulations and initiatives include PSD3, PSR, FiDA, SCT Inst and the digital euro.
  • Financial service providers need to overhaul their technology and business models to comply and compete in a competitive market.
  • EY survey of leading European banks and payment service providers (PSPs) shows they will need to make significant investments to prepare for these initiatives.

Banking customers in the European Union (EU) can one day expect hyper-personalized recommendations based on their real-time financial situation and aspirations, secure and instant transactions and payments 24/7 at no extra cost, and full control over how their data is shared.

That scenario is a step closer to reality as the EU introduces a raft of initiatives and regulations to adapt its payments and wider financial services industry to the digital age and gear up for the digital euro.

As these proposals are being finalized, it’s crucial for financial services providers to prepare for comprehensive changes across their organizations — from underlying digital business models to products, compliance, IT and legal — if they are to remain compliant and competitive.

Download the EY payment regulations survey highlights

PDF (10 MB)

An EY survey1 of 26 leading European banks and payment service providers (PSPs) shows that 63% anticipate the regulations will necessitate modifications or upgrades to their infrastructure. 


Lack of clarity

The regulatory changes are part of a broader EU plan to spur innovation in financial services and economic growth by making it easier for new players to enter digital markets and enhancing customer data autonomy, complementing laws such as the March 2024 Digital Markets Act.

However, 70% of those surveyed noted that they are struggling to define the changes they will need to make in response to these initiatives and regulations, most likely due to a lack of regulatory clarity.


How EY can Help

  • Payment services

    Our payments professionals can help your business enhance innovation, drive growth and improve performance. Find out more.

    Read more

From Open Banking to Open Finance

Despite the buzz around fintech and the 2018 EU Open Banking regulations, Europe’s financial services industry has yet to fully embrace the opportunities.

 

The number of Open Banking users in Europe is expected to reach 64 million in 2024, just a quarter of the banking population.

 

The EU has thus concluded that regulatory changes are needed to accelerate its 2020 digital finance strategy, which focused on four priorities:

  1. Removing fragmentation in the Digital Single Market

  2. Adapting the EU regulatory framework to facilitate digital innovation

  3. Promoting data-driven finance

  4. Enhancing the digital operational resilience of the financial system


Upcoming changes

The 2023 strategy update adds new emphasis on cybersecurity to boost customer trust and pan-European payment solutions (pdf), but most of the new regulations focus on making the existing digital finance infrastructure more competitive. It includes:

  • Streamline the Single Euro Payments Area (SEPA) Instant Credit Transfer (SCT Inst) with round-the-clock, speedy transactions and allow customers to verify the name and the International Bank Account Number (IBAN) of payees

  • Payment Services Directive 3 (PSD3) updates licensing and authorization for Payment and Electronic Money Institutions

  • Payment Services Regulation (PSR) strengthens Open Banking rules by harmonizing implementation across the EU and boosting consumer rights and protection

  • The Financial Data Access (FiDA) framework transforms Open Banking to Open Finance by extending data sharing to insurance, investments and other financial data

  • A digital euro, still in development, to accelerate the shift to digital in day-to-day transactions


Increased competition

The starting point for the next phase of Europe’s digital revolution is the principle that customers, not banks, own their data. The new legislation therefore gives customers the right to access or share their data with any regulated entity, including third-party payments services companies, financial advisors, insurers and mortgage brokers.


Our survey revealed that 60% of respondents expect customers to seek greater data oversight as a result. We know that customers are willing to share their data in exchange for more sophisticated digital payments and a better user experience.


Rise in digital payments and better user experience will mark the most significant shifts in customer behavior

Rise in digital payments
75%
of respondents expect customers to demand a better user experience and increase their use of digital payments.

The reforms remove financial institutions’ control over client data and make it easier for PSPs to access European payment systems and retrieve customer data (with their consent).

With data access and settlements infrastructure barriers coming down, incumbents will face more competition.

According to our survey, two-thirds of respondents expect new challengers to emerge, squeezing traditional financial services institutions between reduced fee-based revenue and higher consumer expectations for service levels and greater personalization.


Shifting the business model

These changes will impact more than just an organization’s compliance and IT functions. For banks and many FinTechs — especially those that rely on data exclusivity - the changes will necessitate a major shift in their business model.


The new regulations, and particularly FiDA, will democratize access to data and the consumer insights it generates, allowing any authorized intermediary to use customer-permitted data. While banks can still seek compensation for data sharing, they can no longer depend on data monopolization for profit.

Established players may also face shrinking customer loyalty as it becomes easier to compare and switch providers. They will need to make better use of third-party data from insurers, brokers or asset managers to compete on price, speed, user experience and security in an increasingly transparent ecosystem.

Ambiguous regulations limit action

As important as these changes are, our survey shows regulatory ambiguities are stifling strategic planning. Some 65% of respondents said they were unsure of the impact on payments revenues, citing uncertainties around compliance costs, fraud risks, increased competition and profitability pressures from SCT Inst, PSD3 and PSR.


Some of the ambiguity is by design. The EU wants markets to find their own solutions to some of the technical challenges, adding another level of complexity for banks trying to calibrate their response. Deadlines for SCT Inst are in January 2025, with PSR, PSD3 and FiDA potentially following in 2026-2027 — coinciding with the expected debut of the digital euro.

There is also uncertainty associated with anti-money laundering and increased liabilities for banks in impersonation and spoofing cases, as digitization and generative AI (GenAI) take root.

Impact assessment

Part of the problem may be that banks are underestimating the impact of the changes. Our survey shows that fewer than half of respondents have assessed the impact of PSD3, FiDA and the digital euro.


Financial burden

But respondents are certain about the investment required. Almost half believe that these regulations will be a top 10 investment item.


Many highlighted the cost of developing the secure application programming interfaces (APIs) needed for data sharing beyond payment accounts to customers and their designated platforms.

The financial burden extends to unpredictable costs for designing, testing and running new IT systems.

Although banks can recover the technical costs of sharing the data, they will no longer profit from the value of the data itself, as per the General Data Protection Regulation (GDPR).

Skills gap

A skills gap is another looming challenge.

When asked which skills would be hardest to access when implementing the regulatory changes, our respondents cited everything from software development and operations (DevOps) and information technology IT development and information and communications technology (ICT) execution to expertise in payment products, legacy systems and cybersecurity.  

What skill sets will be most hard to access for implementation of these initiatives and regulations?

Below highlights the top 5 skills that will be most sought after:

  1. Technology-driven changes require capacity in DevOps and IT development.

  2. Demand for IT developers and ICT execution ability is high.

  3. Skills are needed in payment product expertise, legacy IT knowledge and security.

  4. Complexity in impact assessment and business understanding neccessitates skilled resources.

  5. Challenges in IT support, cyber expertise, and resource allocation arise.

New opportunities

Most survey respondents expect the new regulations to drive customer-focused innovation, enhance fraud protection and foster collaboration.


New data-driven business models are likely to emerge. For example, big tech is already profiting from payment ventures; banks are considering using their data to offer products to third parties; and some FinTechs are set to offer free or discounted services for data access — although use is tightly regulated.

EU customers will also benefit from greater data control, faster and less costly payments, clearer fee structures and tailored financial solutions. On the commercial side, the biggest beneficiaries are likely to be legacy financial services providers which can rise to the digital challenge and FinTechs that can navigate the new compliance challenges.

Customer trust will be vital

While regulations push financial firms to adapt, it is consumer expectations and concerns that will pull them toward innovation.

Here are two imagined scenarios to show how this might play out:

  1. Nina logs onto an app, where she can see data from her bank, payment service provider, mortgage broker, investment advisor and insurance policies. The home screen opens to a dashboard showing all her assets and liabilities, dynamic cash-flow position and upcoming bills. At the top of the screen is an overall financial health score, which she thinks is a little low. The service recommends she switch to a loan from a new supplier offering a lower interest rate: having looked at her credit history, it offers not only instant approval, but a one-button option to initiate the switch. The platform has also been monitoring her household appliances and driving patterns and recommends she switch to a cheaper bespoke insurance policy that combines her house and automotive coverage based on actual risk levels rather than actuarial risk levels. Nina permissions the app to make the changes for her and is happy to see her financial health score tick up as well as save her money.

  2. Jules has recently opened a white goods store in Paris. A customer who has just moved from Rome comes in to buy a high-end refrigerator that will automatically order and pay for food staples when supplies run low. The customer wants a discount. Jules logs on to his bank and determines that given the store’s 60-day payment terms, giving the discount will put undue strain on his cash flow. The customer then uses her phone to log on to her own bank and determines that although most of her assets are relatively illiquid, she can immediately access a pre-approved loan at an attractive rate and use SCT Inst to transfer the funds from her Italian bank at minimal cost. Jules, having addressed his cash-flow worries, agrees to the discount and makes the sale. The customer, reassured that the payment will not go adrift because of IBAN name matching and increased fraud prevention measures, uses her phone to make the transfer, and the funds arrive in Jules’ bank account less than 10 seconds later.

Success will be measured by customer willingness to adopt the new services amid concerns over identity theft and abuse of data. Our survey shows 40% of institutions expect customers to demand enhanced security.

Customers to demand secure payment solutions
40%
of respondents expect customers to demand better security measures.

Long-term outlook

The immediate challenge for banks will be updating IT systems to align with ECB standards. This could open opportunities for additional value-added services to serve new and existing customers.

Looking ahead, the new environment will likely encourage and reward innovation. The planned regulations establish a framework for Europe’s financial sector and pave the way for even more disruptive change: the digital euro. Depending on its design, this ECB-backed central bank digital currency could significantly affect everything from accounting practices and liquidity compliance to customer experience, payments, and considerations for credit risk assessments.

Though details are still uncertain, banks and PSPs should start incorporating it into their technical and compliance planning to future-proof their investments.

Additional article contributors:

  • Amal Shah, Senior Manager, Knowledge, EY Global Services Limited
  • Ganesh Samvaran Vudayagiri, Manager, Knowledge, EY Global Delivery Services India LLP
  • Swaroop Francis, Senior, Knowledge, EY Global Delivery Services India LLP

Summary

Banks and PSPs face significant challenges as they navigate the regulatory changes in Europe’s financial landscape. These reforms mandate greater data sharing, streamlined compliance processes, and the adoption of faster and more affordable payment methods. The EU payments package (PSR, PSD3 and FiDA) and the advent of the digital euro will finally create a truly integrated ecosystem across the financial service industry.

Financial institutions must act decisively to establish data-sharing standards, modernize their systems, bridge the skills gap and strengthen defenses against fraud. Their ability to adapt to these changes will be critical in remaining competitive in a rapidly evolving environment.

Payments and open finance in the EU

The landscape of payments and open finance in the EU is evolving – learn how it’s transforming financial services and driving innovation.

Learn more

Related articles

Why FiDA will unleash change across European financial services

Discover how the FiDA data regulation will transform financial services across Europe by 2027, and why firms must address new data-sharing rules.

Susan Barton + 2

How banks can prepare for the digital euro using four hypotheses

Explore how banks can prepare for the digital euro with strategic insights and key steps for successful integration by 2028. Gain a competitive advantage.

Susan Barton + 2

How PSD3 and PSR will shape trends in EU financial services

Explore impacts of the PSD3 and PSR on EU financial services on compliance and opportunities.

Clément Robert + 1

    EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.