Introduction
The European commission unveiled a major legislative package in June 2023 to simplify and modernize retail payments in Europe. The core legal instruments of this reform are the Payment Services Regulation (PSR) and the Third Payment Services Directive (PSD3) that are aimed at updating and enhancing the current PSD2 framework.
The European Parliament approved amendments to both proposals in April 2024 and the Council stance is likely to be taken before trilogue talks. Combining PSR and PSD3 will lead to greater success in open banking, consumer protection, and fraud prevention and greater harmonization in regulations among EU Member States.
The paper is dedicated to PSD3, its significant changes, impact on regulation, and what payment institutions (PIs) and electronic money institutions (EMIs) are to be ready about.
Overview of PSD3 and Its Purpose
PSD3 modifies and refines regulations on payment services within the EU with the aim of:
- Substituting PSD2 requirements of authorization and supervision
- Incorporating electronic money institutions as a subsidiary of payment institutions
- Undoing the Second Electronic Money Directive (EMD2)
- Bringing in more transparent cash withdrawal service principles
- Enhancing business stability and protecting necessities
This is aimed at yielding a stronger secure and forward-thinking payments ecosystem.
1. Authorization Requirements Under PSD3
Simplified Re-Authorization Process
Although in the initial plan of PSD3, all authorized PIs and EMIs were to receive a new authorization the amendments proposed by the European Parliament present the simplification of the process of authorization of already authorized entities.
The basic authorization processes do not change significantly as compared to PSD2 however PSD3 contains new rules that are related to documentation and compliance.
New Authorization Elements
Authorized PIs and EMIs should prove to be in compliance with the following:
Winding-Up Plan
In the event of failure institutions have to provide a proportionate winding-up plan that would provide measures to maintain orderly closure. These are continuity of critical services and outsourced functions.
Business Continuity Arrangements
PI should record business continuity processes according to DORA (Regulation EU 2022/2554) the testing and review mechanisms.
Security and Data Sharing
In PSR institutions involved in data-sharing arrangements related to fraud it is necessary to submit:
- An accomplished impact assessment of data protection
- Where appropriate conclusions of the National Competent Authorities (NCAs) on the secure data access interfaces.
Passporting Information
PIs will have to report EU jurisdictions in which they either operate or intend to apply.
2. Updated Initial Capital Requirements
PSD3 modulates the initial capital requirements in line with inflation. A key change is the option for:
- Payment Initiation Service Providers (PISPs).
- Account Information Service Providers (AISPs).
To deposit initial capital rather than the obligatory professional indemnity insurance. This will deal with challenges that institutions experience in insuring them in the process of authorization.
3. Own Funds Calculation Changes
PSD3 keeps current own-fund methods of calculation (A, B, C, and D), however, with structural changes:
- The payment institutions are forced to use Method B as a default method.
- Approaches A and C can be confined to high-value low-volume business models
- Application of methods other than NCA validation is necessary.
The European Banking Authority (EBA) is likely to release the Regulatory Technical Standards (RTS) that will explain the eligibility requirements.
4. Strengthened Safeguarding Measures
Where as the protection of principles are comparable to PSD2, PSD3 presents mechanisms of limiting concentration risk:
- PIs can hedge funds directly with a central bank but with approval.
- Refusals of opening safeguarding accounts should be justified by the central banks
- The institutions need to diversify the protection mechanisms (e.g., different credit institutions).
- Material safeguarding changes have to be notified to NCAs beforehand.
The EBA shall come up with the RTS on the protection of risk management structures.
5. Other Notable PSD3 Changes
Cross-Border Services
PSD3 simplifies the passporting provisions in the complicated cross-border situations, where there are multiple Member States and third-country establishments.
Cash Withdrawal Services
Retailers are allowed to make cash withdrawals without permission in case:
- The withdrawal is EUR less than 50 (EUR 100 suggested by Parliament)
- The purchase and sale is done at the store level
There is a possibility that independent ATM deployers will be under a less strict registration regime than complete authorization.
Next Steps and Implementation Timeline
PSD3 is likely to be adopted in late 2025. Member States will then have 18 months of transposing it into national law.
The current approvals will stay valid to:
- After PSD3 becomes effective, 24 months.
- Possibly 30 months in case of re-authorization applications submitted within 24 months.
NCAs are supposed to give out grandfathering and deadlines of compliance.
Preparing for PSD3 Compliance
In order to prepare well the payment and e-money institutions should:
- Carry out a regulatory impact study
- Determine holes between existing frameworks and PSD3 requirements
- Early update governance protection and ICT policies
- Proactively work with NCAs
The advance planning will eliminate compliance risks and ensure that the institutions are accustomed to the changing landscape of the EU payments.
Conclusion
The introduction of PSD3 is an important move towards the modernization of payment services in the EU. PSD3 will boost trust, security, and innovation in the payments industry by improving the authorization standards, enhancing the protection, and matching the digital resilience needs.
In the case of payment institutions and electronic money institutions, prompt intervention and preparation will be critical to stay afloat and competitive in the second generation of EU payments regulation.
