Back in 2007, the first Payment Services Directive (PSD1) was introduced, and in 2013, the need for further regulation was recognized. With that, plans for a revised Payment Services Directive (PSD2) were put in motion, paving the way for open banking. Revolutionizing the financial services landscape in Europe and the UK, PSD2 aimed to level the playing field for all participants – incumbents, challenger banks, neobanks, fintechs, and more.

Although PSD2 improves security with strong customer authentication (SCA) and enables innovative use cases, PSD2 in its entirety falls short – in particular, because of fragmented implementation across EU countries. Taking that into account, alongside feedback from all players and in-depth analysis of the 2022 market consultation, the European Commission (EC) has proposed the PSD3 revision and the Payment Services Regulation (PSR).

As part of the September 2020 European Digital Finance Strategy, and following calls from financial institutions (FIs), regulators, and consumers for the scope of open banking to broaden, the EC is also introducing the FInancial Data Access Regulation (FIDA) – an open finance framework that extends data accessibility to the whole range of products and services, including mortgages, savings, pensions, insurance, and consumer credit. We explore the payment regulatory package and FIDA below.

Regulatory change in motion

The introduction of PSD2 in January 2018 significantly impacted the European financial market, driving the adoption of open banking and resulting in a wide range of benefits, including the development of tailored products and services, safer transactions, and increased automation.

However, the various interpretations and implementations of PSD2 across the EU have limited the benefits and rollout of “open banking payments”, despite growth in electronic payments and increased digitalization, accelerated by Covid. On top of that, new players have entered the market, and fraud attempts have become more sophisticated.

Modernizing with PSR & PSD3

Fast forward to June 2023, and the EC released proposals for PSD3, announcing a single and uniform EU-wide regulation (PSR), laying the foundations for a more inclusive, collaborative, resilient, adaptable, and customer-focused financial services industry.

According to the EC, the package will “bring payments and the wider financial sector into the digital age, further improving consumer protection and competition in electronic payments, empowering consumers to share their data securely way so they can access a broader range of better and cheaper financial products and services, and placing consumers’ interests, competition, security and trust at their center”.

Impacting third-party providers, banks, payment service providers (PSPs), and merchants, PSD3 measures include (but aren’t limited to):

  • Modernizing PSD2, which will morph into PSR, consolidating and homogenizing business rules and lessons learned from PSD2, and establishing PSD3 as a framework to support National Competent Authorities for authorizing and supervising regulated players.
  • Reducing payment fraud by:
    • Strengthening consumer awareness.
    • Bolstering customer authentication rules.
    • Extending IBAN and payee name checks to all forms of credit transfers.
    • Requesting PSPs monitor transactions, and allowing them to exchange information, improving detection of fraudulent operations.
  • Enhancing consumer rights by increasing transparency in terms of account statements and ATM charges.
  • Giving non-banks access to EU payment systems, further leveling the playing field while fostering innovation.
  • Enforcing the performance of dedicated interfaces (application programming interfaces – APIs), but suppressing the burden of providing a “fallback solution”.
  • Harmonizing and simplifying the existing regulatory framework by transferring core definitions and rules from PSD2 into PSR, as well as consolidating the Electronic Money Directive with PSR and PSD3.

With open banking continuing to skyrocket – European users are expected to hit 63.8 million by 2024, up from 28.4 in 2022 – PSR/PSD3 will have far-reaching and long-lasting consequences. It will also ensure the sector is “fit for purpose and capable of adapting” as we move toward the era of open finance and data.

That being said, according to Tink, PSD3 may not be enforced until mid-2026.

Financial Data Access Regulation

Moving beyond the above, a new FIDA framework has been put forward. According to Deloitte, it will form the “legislative backbone for the EU-wide implementation of open finance” by expanding and better-managing data sharing beyond payment accounts. Methods include:

  • Granting consumers the right (but not the obligation) to authorize third parties to access nearly all their financial services data held by FIs and non-banks.
  • Ensuring data holders (for example, banks and insurance providers) have the right infrastructure in place to share information, should customers give their permission.
  • Standardizing data and technical interfaces via “financial data sharing schemes”.
  • Introducing clear data breach liability regimes.
  • Incentivizing data holders by allowing them to request “fair compensation” for making data accessible to data users within such schemes.

An initiative of the EU’s Digital Finance package, FIDA builds on and complements the cross-industry Data Act. Combined, they’re all about “encouraging data-driven innovation and a competitive digital ecosystem, benefiting consumers and cross-sector businesses”.

Driving forward with an experienced software provider

To adhere to current regulations, research by Sopra Steria and Forrester Consulting highlights that 40% of banks augment existing services with third parties, with 25% sourcing a solution exclusively from a third party (average figures across 15 capabilities). With PSD3, PSR, and FIDA on the horizon, compliance, strategic, operational, and technological requirements are changing. To meet those needs, forward-thinking third parties like Sopra Banking Software will need to update their offerings accordingly.

Our pre-existing platform uses cutting-edge technology to offer an end-to-end, cloud-native, and highly secure EU-compliant open banking solution. Alongside that, it’s designed to adapt to the open finance standards of tomorrow, helping our clients meet the challenges of the evolving landscape head-on.

For more expert content on industry outlooks and innovation, subscribe to our newsletter or visit our Insights page.

Bruno Cambounet

Head of Research

Sopra Banking Software