How PSD3 and PSR will shape trends in EU financial services

Understanding upcoming regulations in their wider context can help payment service providers adopt a strategic approach to compliance.

In brief

• The third Payment Services Directive and the Payment Services Regulation will shape the development of the rapidly evolving EU payments sector.
• These regulations will introduce a range of compliance requirements for banks and non-bank payment service providers (PSPs) and will also impact business models.
• Understanding the intentions behind the regulations and their likely effects can help business leaders ensure a coordinated approach across their organizations.
  

Draft European Union (EU) payments regulations in the form of the third Payment Services Directive (PSD3) and the Payment Services Regulation (PSR) are expected to be voted on by the EU Parliament in 2024 and will have a major impact on open banking. They will create new compliance requirements for banks and non-bank payment service providers (PSPs) and will also reflect broader trends in financial services – and in some cases will accelerate these trends and present new business opportunities.

Understanding the new regulations in the wider context of the European Central Bank’s (ECB) retail payments strategy, in addition to the specific regulatory requirements, can bring real benefits to banks and PSPs. It can help management teams adopt strategic rather than compliance-led approaches, foster collaboration across departments, and encourage and facilitate more effective planning for change. Perhaps most importantly, it can help develop a strategy based on future opportunities and threats. For example, the new regulations will not just influence how current market participants operate but may also encourage new entrants.

When PSD3’s predecessor, the second Payment Services Directive (PSD2), was introduced in 2018, there were clear benefits for companies that took a holistic, strategic approach rather than only using a compliance perspective.

PSD3 and the PSR

PSD3 and the PSR will both amend and modernize PSD2. These regulations aim to:

• Combat fraud

• Improve customer rights

• Level the playing field between banks and non-bank financial players

• Improve open banking

• Increase access to cash via shops and ATMs

• Strengthen harmonization, with more consistent application of rules across EU Member States

Notably, the regulator is introducing both — a new directive and a regulation for the first time. While the directive focuses mainly on licensing requirements and gives some flexibility to EU Member States in the license-granting process; the regulation applies everywhere in the European Economic Area (EEA) and will strengthen the regulatory framework. 

In terms of the timeline, the PSD3 and PSR are expected to come into effect around 2026, though there is some uncertainty about the precise timing. Final text of the documents are expected later this year, and Member States are typically granted an 18-month transition period.

Development of open banking

PSD2 introduced the concept of open banking with limited success. PSD3 and PSR aim to further encourage open banking, principally by removing the remaining obstacles to these services and by increasing customers' control of data.

PSPs will also have to provide customers with dashboards allowing them to see which companies have access to their data and allow or end such arrangements easily. This is principally designed to empower customers and safeguard privacy. In addition to fulfilling these requirements, companies also need to think about the broader implications. Open banking will increase competition, potentially including new entrants. These measures will also help in moving beyond banking into areas such as investment and insurance, which is important for the Financial Data Access (FIDA) regulatory proposal.

For example, dashboards might not just empower consumers by allowing them to cut access to their data easily, but in doing so encourage them to use data sharing in the first place, potentially widening the range of financial services providers they use.

Wider regulatory change

Although PSD3 and the PSR are major pieces of regulation for the sector, they also sit in a wider regulatory context. Most notably, and as mentioned above, they are being introduced in parallel with the Instant Payments Regulation (IPR) and the Financial Data Access (FIDA) proposal. This is expected to bring profound changes, especially in the areas of financial data sharing and promoting open finance beyond open banking, driving more competition in financial services.

In addition, the Digital Operational Resilience Act (DORA) will apply from early 2025 and requires a range of cybersecurity and organizational changes to meet its requirements.

Furthermore, steps to address requirements from PSD3 and the PSR in areas such as data sharing will have to be taken in ways that meet other, current regulations such as the General Data Protection Regulation (GDPR).

Clearly, there can be efficiencies and strategic benefits from adopting a holistic approach to the changing regulations, rather than meeting each in turn with separate programs. The ways in which the effects of the different regulations combine will likely shape how the market evolves.

Preparing for the future

To prepare for the changes that PSD3 and PSR will bring, a regulatory impact assessment is likely to be a good first step. It can help pinpoint how a particular company will be affected and help develop a further business model impact that identifies potential impacts in areas including customer behavior, competitive environments and product requirements.

By acting early and using such approaches, companies can go beyond meeting the requirements and develop strategies to overcome challenges and seize opportunities.