top of page
Search
  • Writer's pictureRares Coste

PSD3: Pioneering the digital future of regulations for Payment and Electronic Money Institutions


Modernizing payments and the financial sector through new regulations

The European Commission (EC) has unveiled proposals to modernize payments and the broader financial sector, ushering them into the digital era. The newly proposed PSD3 regulations aim to bolster consumer protection and foster competition in electronic payments. Furthermore, they empower consumers to securely share their data, granting them access to improved, cost-effective financial products and services. Throughout these proposals, a central focus lies on safeguarding consumer interests, promoting competition, enhancing security measures, and cultivating trust.

Photo by Guillaume Périgois on Unsplash


PSD3 emphasizes the rigorous authorization and robust supervision of Payment Institutions (PIs) and Electronic Money Institutions (EMIs). The directive seeks to establish a comprehensive framework that ensures the stringent evaluation and approval process for these financial entities, as well as ongoing, vigilant oversight, to maintain the highest standards of regulatory compliance and consumer protection.

Over the years, the payment services market has undergone significant changes. The volume of electronic payments within the EU has steadily surged, surmounting €240 trillion in value by 2021, a substantial increase from €184.2 trillion recorded in 2017. The impact of the COVID-19 pandemic has expedited this growth. Additionally, the market has witnessed the emergence of new digital technology-enabled providers, particularly those offering 'open banking' services, which securely facilitate the exchange of financial data between banks and fintech companies. Simultaneously, more sophisticated forms of fraud have emerged, posing consumer risks and eroding trust.


In response to these developments, the current package of proposals seeks to ensure that the EU's financial sector remains resilient and adaptable amidst the ongoing digital transformation while effectively managing the attendant risks and capitalizing on the opportunities it presents, especially for consumers.

Proposed measures

European Commission displays two sets of measures. 

  1. Proposed Amendments to the Payment Services Directive (PSD3) and Introduction of a Payment Services Regulation (PSR) 

  2. Legislative Proposal for a Framework for Financial Data Access: This proposal establishes clear rights and obligations concerning customer data sharing within the financial sector beyond payment accounts.

Key provisions include: 

  • Customer Data Sharing: Customers can share their data with data users (e.g., financial institutions or fintech firms) in a secure, machine-readable format.  This facilitates access to new, cost-effective, personalized financial and information products and services, such as financial product comparison tools and online advice. 

  • Obligations of Data Holders: Financial institutions (data holders) must make customer data available to data users (other financial institutions or fintech firms).  This requires implementing the necessary technical infrastructure and obtaining customer permission. 

  • Customer Control and Data Protection: Customers retain full control over who accesses their data and for what purpose. Dedicated permission dashboards enhance trust in data sharing. Personal data protection aligns with the General Data Protection Regulation (GDPR). 

  • Standardization and Liability Regimes:  

  1. Standardization of customer data and technical interfaces for financial data sharing schemes.  Clear liability regimes and dispute resolution mechanisms in case of data breaches. 

  2. Incentives for data holders to provide high-quality interfaces for data users, including reasonable compensation in line with general principles of business-to-business (B2B) data sharing. 

What did PSD2 regulations bring into EC Financial institutions?  

Photo by Jonas Leupe on Unsplash


Scope and applicability: PSD2 expanded the scope of the original PSD1 to cover more payment services and providers. It introduced new categories of payment service providers, such as Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs).

Strong Customer Authentication (SCA): PSD2 introduced stricter requirements for authentication to enhance security for electronic payments. It mandated the use of SCA, which typically involves two or more factors from distinct categories (e.g., something the user knows, something the user has, and something the user is) for most online transactions. 

Access to Account (XS2A): PSD2 introduced the concept of Access to Account (XS2A) to promote Open Banking. It required banks to allow authorized third-party providers (AISPs and PISPs) access to customer account information through APIs, with customer consent. 

Security and Fraud Prevention: PSD2 set specific security standards for payment service providers to prevent fraud and protect customers' sensitive data. It also introduced requirements for transaction monitoring and reporting of security incidents. 

Payment Service User (PSU) Consent: PSD2 strengthened customer consent requirements for payment initiation and access to account services. It mandated explicit consent from the customer before initiating a payment or accessing their account data. 

Liability and Refunds: PSD2 clarified the liability rules for unauthorized or fraudulent transactions. It established guidelines for handling refunds and dispute resolution. 

What is PSD3 bringing? 

Through PSD3, regulatory authorities aim to strengthen the licensing procedures for PIs and EMIs, imposing rigorous requirements and due diligence measures to assess their suitability to operate within the financial ecosystem. The directive intends to enhance the scrutiny of their financial soundness, governance structures, risk management practices, and operational capabilities. 

Furthermore, PSD3 emphasizes establishing effective supervisory mechanisms to monitor the activities of authorized PIs and EMIs closely. This involves regular assessments, on-site inspections, and risk-based evaluations to identify potential vulnerabilities or deviations from regulatory guidelines. By fostering robust supervision, PSD3 aims to ensure the continued integrity and stability of these payment and electronic money institutions, mitigating risks that could impact financial markets and consumer interests. 

In summary, PSD3 represents a substantial step forward in regulating and overseeing PIs and EMIs, striving to bolster confidence in these entities, promote market integrity, and safeguard the interests of consumers and stakeholders across the financial landscape. 

Here at Nexttech International, we have successfully integrated and adhered to PSD1 and PSD2 regulations on behalf of our esteemed banking partners. Taking ownership of the entire software lifecycle process, we spearheaded the implementation of these regulations in Germany and the Czech Republic, positioning ourselves as pioneers in this domain. 

Our team of skilled professionals developed innovative software solutions that facilitated BaFin (Bundesanstalt für Finanzdienstleistungsaufsicht) exemptions for our German clients, enabling them to adopt PSD2 regulations swiftly and effectively with precision and accuracy. Emphasizing the utmost commitment to customer satisfaction, we prioritized the well-being of our clients' end-users while concurrently driving advancements in the payment industry's safety and technological prowess. 

By proactively ensuring the industry's adherence to robust security measures and embracing modern technology stacks, we have diligently contributed to fostering a secure, innovative, and efficient payment landscape. Our continuous efforts have not only elevated the level of compliance but also amplified the overall reliability and modernization of the payment ecosystem, positively impacting businesses and consumers alike. 

For institutions eager to seamlessly integrate and navigate the upcoming PSD3 regulations in a digital landscape, our dedicated team of experts stands ready to assist you in understanding and adopting these regulatory advancements effectively. Feel free to reach out to Rares Coste, our Delivery Manager, at rares.coste@nexttech.ro, and take a proactive step towards ensuring compliance, consumer trust, and a future-ready financial ecosystem. Together, we can shape a secure, innovative, and efficient payment landscape for the benefit of all stakeholders.





91 views0 comments
bottom of page