Woman smiles as she taps her card to pay a food stand

How PSD3 and PSR will shape trends in EU financial services

Understanding upcoming regulations in their wider context can help payment service providers adopt a strategic approach to compliance.


In brief

  • The third Payment Services Directive and the Payment Services Regulation will shape the development of the rapidly evolving EU payments sector.
  • These regulations will introduce a range of compliance requirements for banks and non-bank payment service providers (PSPs) and will also impact business models.
  • Understanding the intentions behind the regulations and their likely effects can help business leaders ensure a coordinated approach across their organizations.

Draft European Union (EU) payments regulations in the form of the third Payment Services Directive (PSD3) and the Payment Services Regulation (PSR) are expected to be voted on by the EU Parliament in 2024 and will have a major impact on open banking. They will create new compliance requirements for banks and non-bank payment service providers (PSPs) and will also reflect broader trends in financial services – and in some cases will accelerate these trends and present new business opportunities.

Understanding the new regulations in the wider context of the European Central Bank’s (ECB) retail payments strategy, in addition to the specific regulatory requirements, can bring real benefits to banks and PSPs. It can help management teams adopt strategic rather than compliance-led approaches, foster collaboration across departments, and encourage and facilitate more effective planning for change. Perhaps most importantly, it can help develop a strategy based on future opportunities and threats. For example, the new regulations will not just influence how current market participants operate but may also encourage new entrants.

When PSD3’s predecessor, the second Payment Services Directive (PSD2), was introduced in 2018, there were clear benefits for companies that took a holistic, strategic approach rather than only using a compliance perspective.

PSD3 and the PSR

PSD3 and the PSR will both amend and modernize PSD2. These regulations aim to:

  • Combat fraud
  • Improve customer rights
  • Level the playing field between banks and non-bank financial players
  • Improve open banking
  • Increase access to cash via shops and ATMs
  • Strengthen harmonization, with more consistent application of rules across EU Member States

Notably, the regulator is introducing both — a new directive and a regulation for the first time. While the directive focuses mainly on licensing requirements and gives some flexibility to EU Member States in the license-granting process; the regulation applies everywhere in the European Economic Area (EEA) and will strengthen the regulatory framework. 

In terms of the timeline, the PSD3 and PSR are expected to come into effect around 2026, though there is some uncertainty about the precise timing. Final text of the documents are expected later this year, and Member States are typically granted an 18-month transition period.

Four key trends driving payments regulations

We see four main sector trends that contextualize PSD3 and PSR: emerging fraud risk, increased competition from non-bank payment companies, the development of open banking and the wider regulatory agenda.

 

Emerging fraud risks

One goal of PSD3/PSR is to “strengthen user protection and confidence in payments”, with action having been prompted not just by the remarkable growth of the payments sector, but also the emergence of increasingly sophisticated fraud.

 

The draft texts require a range of measures from banks and PSPs. One key requirement is mandatory checks to ensure a payee’s name matches the international bank account number (IBAN) bank account name, to help combat fraud involving impersonation or “spoofing.” Another is to monitor fraud and share data and other information including unique identifiers, manipulation techniques, fraudulent credit transfers, and identified patterns of behavior with each other. PSPs will also need to have programs to raise customers’ awareness of fraud risks and help them stay safe.

 

To meet these requirements, PSPs may need to enhance verification mechanisms to conduct IBAN name checks, establish fraud monitoring, data-sharing protocols and potentially upgrade infrastructure. Regulation also requires consumer education campaigns and annual employee fraud training, among other steps.

 

However, they can also identify broader opportunities to reduce fraud, and to communicate with customers in ways that strengthen corporate reputation and trust, increasing loyalty.

 

Increased competition

The European Commission has explicitly stated that it is aiming at “further levelling the playing field between banks and non-banks” with the implementation of PSD3 and PSR. Payment institutions will be able to access EU payment systems, with appropriate safeguards, reducing dependency on banks and offering services direct to customers and banks.

 

Furthermore, the new PSR will increase harmonization and enforcement, making rules and their application more consistent across Member States. This could particularly increase competition for incumbent banks and payment institutions that may have benefited from varying approaches across Member States where they operate.

 

Although meeting these requirements will be essential, all players in this competitive, and sometimes low-margin, market need to think strategically, too. New entrants may appear, pricing could become even more competitive and companies may need to focus even more carefully on customer experience to ensure they acquire and retain them. Collaborative thinking across different parts of payment companies will be essential.

Development of open banking

PSD2 introduced the concept of open banking with limited success. PSD3 and PSR aim to further encourage open banking, principally by removing the remaining obstacles to these services and by increasing customers' control of data.

PSPs will also have to provide customers with dashboards allowing them to see which companies have access to their data and allow or end such arrangements easily. This is principally designed to empower customers and safeguard privacy. In addition to fulfilling these requirements, companies also need to think about the broader implications. Open banking will increase competition, potentially including new entrants. These measures will also help in moving beyond banking into areas such as investment and insurance, which is important for the Financial Data Access (FIDA) regulatory proposal.

For example, dashboards might not just empower consumers by allowing them to cut access to their data easily, but in doing so encourage them to use data sharing in the first place, potentially widening the range of financial services providers they use.

Wider regulatory change

Although PSD3 and the PSR are major pieces of regulation for the sector, they also sit in a wider regulatory context. Most notably, and as mentioned above, they are being introduced in parallel with the Instant Payments Regulation (IPR) and the Financial Data Access (FIDA) proposal. This is expected to bring profound changes, especially in the areas of financial data sharing and promoting open finance beyond open banking, driving more competition in financial services.

In addition, the Digital Operational Resilience Act (DORA) will apply from early 2025 and requires a range of cybersecurity and organizational changes to meet its requirements.

Furthermore, steps to address requirements from PSD3 and the PSR in areas such as data sharing will have to be taken in ways that meet other, current regulations such as the General Data Protection Regulation (GDPR).

Clearly, there can be efficiencies and strategic benefits from adopting a holistic approach to the changing regulations, rather than meeting each in turn with separate programs. The ways in which the effects of the different regulations combine will likely shape how the market evolves.

Preparing for the future

To prepare for the changes that PSD3 and PSR will bring, a regulatory impact assessment is likely to be a good first step. It can help pinpoint how a particular company will be affected and help develop a further business model impact that identifies potential impacts in areas including customer behavior, competitive environments and product requirements.

By acting early and using such approaches, companies can go beyond meeting the requirements and develop strategies to overcome challenges and seize opportunities.

Summary

PSD3 and the PSR will have significant impacts on the EU’s fast-growing payments sector. They reflect how it has evolved and will shape its development in years ahead. While the new regulations bring significant compliance requirements, companies affected can benefit from looking at the broader implications. This can allow a more strategic approach that considers the effects both on business models and the competitive landscape, as well as helping facilitate coordination across different parts of an organization.

PSD3 & PSR: uniform rules for enhanced protection

Unveiling PSD3 & PSR updates for elevating payments security. Learn more about our analysis & strategic approach.

Europe’s instant payments integration

What banks and payment service providers need to do now to comply in time.


Related content

Four enablers for harnessing the power of PayTech

Payments providers need to consider customer experience design, risk, technology, and data and analytics to achieve smart growth. Read our latest article.

    About this article

    Authors