On 29 April 2026, Finologee and MANZARI Legal hosted a joint webinar to unpack the finalised Payment Services Regulation (PSR) and PSD3 framework. Raoul Mulheims (CEO, Finologee) moderated the session, with Nadia Manzari (MANZARI Legal), Elisa Prado (Product & Regulatory, Finologee) and Jonathan Prince (Co-founder & CSO, Finologee) walking participants through the legal, operational and technical dimensions of what is changing for banks and payment service providers.

The final compromise texts for the Payment Services Package were published on 17 April 2026. Entry into force is expected in Q2 or Q3 2026, with general application 21 months later and the Verification of Payee provisions taking effect at the 27-month mark.

Watch the full webinar replay
State of readiness across the room

Audience polls during the session showed where the market is sitting. Only 22% of respondents reported running a formal PSR project with a clear plan; 33% had started gap-assessing without a formal project, and 29% were still working out what applies to them. On confidence in PSR knowledge, just 20% described themselves as following the file closely. The biggest concern across attendees was uncertainty around the final RTSs and guidelines (34%), with technical and operational readiness and fraud and liability tracking tied at 26% each. Cost ranked lowest at 11%, suggesting capacity and clarity, not budget, are the binding constraints between now and entry into force.

The new framework and fraud liability

Nadia Manzari opened by mapping the structural shift from PSD2 to the new dual-instrument architecture: a directly applicable Regulation (PSR) governing conduct-of-business rules, and a Directive (PSD3) covering licensing and prudential supervision. The most consequential change lies in fraud liability.

Under the PSR, transaction monitoring becomes a standalone obligation for both payer and payee PSPs, with explicit financial liability for non-compliance. SCA alone no longer constitutes sufficient proof of authorisation. A new spoofing refund right gives banks a 15-business-day window to refund the customer or provide a written justification when fraudsters impersonate the customer’s own PSP, placing the burden of proof squarely on the payment service provider. Mandatory fraud data sharing across PSPs, cross-sectoral cooperation with telecoms and online platforms, and a 10-second decisioning window for instant transfers further extend the fraud prevention perimeter well beyond banking.

Open banking under the PSR

Elisa Prado set out the regulation in operational terms, organised around the four pillars in the PSR: open banking, fraud and refunds, cross-sectoral cooperation, and Verification of Payee.

The fallback interface is gone: the dedicated API is now the only access channel for third-party providers. Functional and performance parity with the bank’s own customer channel becomes enforceable, covering standing orders, future-dated payments, payment status updates and pre-initiation data checks. Banks must build a new customer-facing consent dashboard within their online banking portal, with two-way notification infrastructure and a two-year permission history. The PSR also codifies twelve prohibited obstacles that banks must not impose on third parties, ranging from authentication friction to restrictions on payment scope.

Strong customer authentication evolves alongside it. PISPs can now choose the SCA method presented to the payer, and two-inherence biometric SCA (for example fingerprint plus facial recognition) is permitted for the first time, enabling passwordless authentication flows. Verification of Payee will require banks to check the payee’s name against the IBAN and warn the customer before a credit transfer is confirmed, extending to non-euro transfers under the PSR.

On implementation, a phased timeline runs from API performance standards at nine months post-entry into force through to VoP provisions at 27:

How Finologee supports PSR compliance

Jonathan Prince closed the session with a look at Finologee’s existing PSD2 infrastructure, which has served 35+ banks and PSPs across nine European countries since 2019. The platform operates from Luxembourg as a Support PFS regulated entity (CSSF-supervised licence 06/19), is ISO 27001 certified and runs under a DORA-aligned operational resilience framework.

For the 78% of webinar attendees who are not yet running a formal PSR project, the platform foundation already covers the heavy lifting. The Berlin Group XS2A gateway, SCA orchestration, consent lifecycle management, API lifecycle management and TPP authentication are in place. The PSR transition requires specific build work on Finologee’s side: expanded payment types, PISP choice of SCA method, ongoing payment status feeds, bidirectional consent change notifications and updated statistics reporting. Banks themselves need to deliver the consent dashboard, expose additional backend APIs to the platform, feed ongoing payment status, and audit their own flows against the twelve prohibited obstacles enumerated in Article 44., 

Ready to plan your PSR transition?

Existing Finologee clients will hear from us through the usual channels with the practical next steps. If you are not yet a client, get in touch with us to assess where we can help you prepare for the PSR transition.

Learn more

Share article on social media