Decoding PSD3 and PSR: Navigating the next phase in the evolution of payments services
On 28 June 2023, the European Commission published its long-awaited payment services and financial data access package, aiming to ensure the EU’s financial sector is fit for purpose and capable of adapting to the ongoing digital transformation. The proposal involves amending and modernising the current Payment Services Directive (PSD2), which will become PSD3, and establishing, in addition, a Payment Services Regulation (PSR).
Leveraging on its expertise in adhering to PSD2 through the customisable technical solution of PSD2 for Banks, Finologee remains a steadfast ally in navigating the evolving EU payments landscape. In line with this, Finologee is monitoring the developments and potential new requirements closely, ready to adjust and provide assistance to financial institutions gearing up for the changes brought about by PSD3 and PSR.
In this article, the analysis will delve into the rationale behind reviewing PSD2, the key changes introduced by the PSD3 package and the subsequent stages in the legislative process.
Am I in scope, i.e. is the scope the same as for PSD2?
- In the PSD3 and PSR proposals, the scope of application of PSD2 is maintained, i.e. for instance credit institutions and electronic money institutions, and the list of regulated payment services remains largely unchanged.
Timeline: when do I need to start?
- If the final proposal is published by year-end, you might need to comply with PSD3 by the second half of 2025. After publication in the EU Official Journal, it will be applicable within 18 months.
- While PSD3 will need to be transposed into the local laws of each EU member state, which may lead to nuances in the approach to implementation, the PSR will be directly applicable in each EU member state.
How can Finologee support with the upcoming changes anticipated under PSD3/PSR1?
- With its expertise in PSD2, Finologee is ready to support financial institutions in managing the changes brought about by PSD3 and PSR. Notably, its support will encompass IBAN name checks, facilitating access to payment systems and accounts, and implementing strong customer authentication measures.
The payments package contains a set of strategic goals aimed at enhancing various aspects of the payments landscape. These objectives, with their potential implications for existing PSD2 rules services, include:
1. Strengthening user protection and confidence in payments
PSD3 proposes a series of improvements to ensure the security and trustworthiness of payment processes. These refinements cover a wider implementation of the SCA, the creation of a legal framework for sharing fraud-related information and the obligation to educate customers about fraud risks. Furthermore, PSD3 extends IBAN verification to all credit transfers and introduces provisions regarding the conditional reversal of liability for authorised push payment (APP) fraud. It also mandates payment service providers (PSPs) to enhance the accessibility of SCA for users with disabilities or challenges in this regard.
2. Improving the competitiveness of Open Banking services
An important requirement in the context of the further development of PSD2 is the establishment of a special interface for data access by account servicing payment service providers (ASPSP). This interface aims to facilitate access to user data by authorised parties.
Additionally, PSD3 introduces “permissions dashboards” that are integrated into the ASPSP user interface and allow users to oversee access permissions granted to third-party providers. Such a dashboard will provide the payment service user with a comprehensive overview of all active permissions, while also enabling the withdrawal of data access from any given Open Banking provider. Furthermore, the minimum requirements for Open Banking data interfaces will also be clarified.
In addition, under PSD3, account information service providers (AISPs) will have to mandate SCA at least every 180 days (as opposed to the 90 days mandated under PSD2) when their customers access aggregated account data in the account information service provider’s domain.
3. Improving enforcement and implementation in Member States
Another notable change proposed in PSD3 is that a significant part of PSD2 will be replaced by a directly applicable regulation. This is expected to improve enforcement and uniform implementation in the different member states, while aiming at direct implementation of the electronic money and payment institution licensing regimes.
4. Improving access to payment systems and bank accounts for non-bank payment service providers
The proposed PSD3 text strengthens the rights of payment institutions (PIs) and electronic money institutions (EMIs) to access bank accounts. As per the Settlement Finality Directive, PIs and EMIs are granted the opportunity to participate directly in all payment systems, including those designated by Member States. In this context, additional clarity is also provided on the authorisation and risk assessment procedures.
Raoul Mulheims, CEO and co-founder of Finologee: “Once the texts are finalised, Finologee is ready to address the specific needs of its clients and ensure full compliance with the new measures in a timely manner. Our strategy is deeply rooted in our extensive experience in transactional platform design and operational expertise, guaranteeing both the adaptability, scalability of our product as well as the underlying architecture and compliance with Luxembourg and European regulations.”
Both the PSD and the PSR will enter the ordinary legislative procedure, where the European Parliament and Council will have to adopt their respective positions before entering in trilogue negotiations to finalise the texts.
The transposition deadline for Member States and the start of the application period is 18 months after entry into force.
Finally, the proposal contains a review clause that provides for an assessment of the scope of PSD3 and the possible extension to payment systems and technical services five years after the transposition of the directive.
