PSD3: How will it change cross-border payments in Europe?
The EU is developing a new amendment to its payment regulations, called PSD3, that could have a significant impact on cross-border payments, both at home and further afield. This report explores the potential consequences of PSD3 and how payment providers are responding to it.
The European Union has been working to build a system of faster and more secure payments, both domestically within its member states and across borders. One of its biggest steps towards this comes in the form of PSD3 – the second update to the Payment Services Directive that the EU first introduced in 2007.
The directive is one of many established by the EU that require its member states to achieve a certain goal, but allows them to decide how it is adopted. On 28 June 2023, PSD3 was introduced in a new legislative proposal by the European Commission (EC), the EU’s politically independent executive arm that draws up new proposals for European legislation and implements decisions of the European Parliament.
In addition to PSD3, the EC proposed the introduction of the first Payment Services Regulation (PSR1), which is not a directive, but a regulation that applies directly in member states without requiring national implementation. PSR1 will include specific proposals on preventing fraud, enhancing customer authentication and improving APIs used in open banking. The EC says it wants to help drive the EU and the wider European Economic Area (EEA) towards more seamless, efficient and secure cross-border payments between EU member states.
PSD3 is set to continue a movement towards making payments easier on the continent, as well as supporting incoming regulations on instant payments, continuing a trend towards these systems worldwide – for example, UPI in India, Pix in Brazil or FedNow in the US.
This report explores what PSD3 is and how it relates to cross-border payments, as well as adding context around the current state of the cross-border payments market in Europe.
Topics covered:
- What is PSD3?
- What will the benefits of PSD3 be?
- PSD3’s impact on open banking
- Levelling the playing field between banks and non-banks
- EU payments initiatives: the story so far
- What does the European cross-border payments landscape look like?
- What are cross-border payments companies doing to prepare for PSD3?
- Conclusion
What is PSD3?
PSD3 is an evolution of an existing directive that has been in place since 2007. The original directive, PSD1, was meant to establish an EU single market for domestic and cross-border payments, spanning credit transfers, direct debits and card payments, both euro and non-euro.
The directive applied from 25 December 2007, and EU countries were required to incorporate it into national law by 1 November 2009. Many of the rules set by PSD1 were related to transparency and consumer rights around payments. For example, payment service providers (PSPs) enabling transactions in the EU were obliged by the directive to execute these transactions within one working day.
In 2015, the EU implemented the second Payments Services Directive (PSD2), which was designed to reflect the introduction of new digital payment services. A big part of this new regulation was ensuring that there was a ‘level’ playing field between older PSPs (e.g. banks) and new providers, as well as broadening the scope to include cross-border payments beyond the EEA.
Under PSD2, the scope of the regulation was widened to catch any transaction where either the payer or the recipient’s payment services provider is located in the EU, regardless of the currency used.
The new regulation also introduced specific new measures linked to Strong Customer Authentication (SCA) – a set of rules introduced by the EU that require banks in the EEA to perform additional checks to verify the identity of consumers when they make payments. These measures are being introduced as part of a framework for open banking, which refers to the concept of financial data being shared with payment providers through an API.
During a 2022 evaluation, the EC found that PSD2 has been effective in some ways, such as increasing the efficiency, transparency and choice of payment instruments for consumers. However, when it came to establishing a level playing field, it was noted as being less successful.
This was because many non-bank payment providers still lack access to the payment infrastructures that enable payments to be settled and there are still too many obstacles to open banking. The EC’s evaluation also noted that while cross-border payments services are growing, many payment services remain largely national – a concept that doesn’t gel with the EU’s focus on creating one single payments market.
Finally, the EU noted that PSD2 is not equipped to handle new types of payments fraud that have emerged, such as ‘spoofing’, which usually comes in the form of scammers obtaining payments based on false information used to disguise their identity.
To replace PSD2, the European Commission has proposed PSD3, as part of which it is establishing PSR1. The goal is to plug some of the gaps in the existing regulation to enable better, faster and more convenient payments.
After legislation is passed, each EU/EEA country will be given a deadline to transpose it into national law. While the EU has not specified a timeline, previous implementations of the directive have led payments companies to predict that PSD3 could be finalised in late 2024 or early 2025, which would mean that it would come into force in 2026.
What will the benefits of PSD3 be?
A big aspect of PSD3 has been the move to try to combat and mitigate payments fraud, which has become a growing topic in payments recently. Measures include:
- Extending all credit transfers of International Bank Account Number (IBAN)/name matching verification services
- Strengthening transaction monitoring
- Enabling PSPs to share fraud-related information with each other
- Obliging PSPs to raise awareness of fraudulent activities amongst customers and staff
- Extending refund rights in certain situations (for example, for victims of spoofing)
Michael Southgate, Chief Compliance Officer at cross-border payments platform Navro, explains that the rollout of a Confirmation of Payee (CoP) system to work across all IBANs could help tackle authorised push payment fraud. He also mentioned other proposed controls that aim to replicate schemes like contingent reimbursement, where sending PSPs may need to reimburse clients for fraud losses.
“This will mean firms need to massively increase their fraud controls and the levels of reimbursement that they pay to consumers,” he says. “This is likely to result in a lot of firms without controls, and that don’t have the funds to hedge against fraud, going out of business.
Will Marwick, CEO of global payments provider IFX Payments, agrees that the new IBAN checking system will help combat the fraudulent redirection of manual credit transfers, but cautions that companies should not consider it as a “fix-all” approach, as the CoP isn’t limited to only preventing certain types of fraud.
“This regulatory requirement won’t prevent other frauds such as romance scams so firms should really think about what else they can do to help protect consumers, such as data-sharing and more sophisticated onboarding and payment instruction assessments,” says Marwick.
Another aspect of the directive is providing transparency for consumers on ATM charges, account statements and across remittances from the EU to countries outside the EU. On this, the commission has proposed that PSPs need to inform users about the estimated charges for currency conversion in the same way as for credit transfers within the EU (i.e. a percentage mark-up over the latest available euro FX rates issued by the European Central Bank). They should also provide an estimate for the time that it will take for money to be received by the payee’s PSP in a third country (a country that is not a member of the EU) when it is sent from an EU country.
“These changes will improve transparency in international transactions, which is important for consumers to compare estimated currency,” says a spokesperson for the European Commission. “It will in turn promote competition and reduce the costs for international credit transfers and remittances, which is one of the objectives of the G20 Roadmap of 2020 on cross-border payments.”
Marwick adds that firms should acknowledge their need to be authorised by their respective national authority within 24 months of new rules coming into effect, as this will “demonstrate that they are meeting the new requirements well in advance of that deadline”.
This matter has already been discussed as part of previous regulation from the EU, particularly Cross Border Payments Regulation 2 (CBPR2), another regulation that was revised in 2019. First introduced in 2009, CBPR1 significantly cut charges on intra-Eurozone cross-border payments in euros, but fees for transfers to and from non-Eurozone states remained high.
CBPR2 introduced new transparency rules around Euro fees that required payment service providers to disclose their FX profit margins. This was to drive competition and help consumers consider how different payment methods might be leading to higher charges.
A number of providers already showcase information about currency conversion. Wise, for example, has prioritised transparency for consumers, showing its rate versus other competitors even if they provide a better deal. It may be more difficult however for providers to accurately provide an estimate to customers about how long transfers take to other countries, given that this can depend on a variety of factors, such as how much is being sent, the destination country and the payout method.
How can I track the speed of money transfers to and from the EU?
PSD3’s impact on open banking
Continuing a theme from PSD2, PSD3 is also looking to help expand open banking, which has benefits for cross-border payments. In particular, open banking allows for direct A2A transactions without users having to go through banks as an intermediary. It also means that, for customers who do allow access to their data, alternative, more cost-effective options for cross-border transfers can be offered to them by the applications they are using.
PSD2 gave open banking a more stable regulatory framework, and obliged banks to enable access to payments data for PSPs via a secure interface. With PSD3, the European Commission hopes to remove some of the barriers that still exist with open banking, including providing an actual list of prohibited obstacles to data access to banks .
The directive is expected to outline much more detailed requirements for the functionalities to be provided via open banking APIs. It will also require banks and payment account providers to set up a dashboard that allows open banking customers to see which companies they have granted data access to. The proposal also makes clear the need to build on PSD2 with “a framework for responsible access to individual and customer data”.
“PSD3 will act as a catalyst for digitisation and innovation throughout Europe as the European Commission look to modernise the existing payments infrastructure and eliminate the known open banking barriers to entry,” says Marwick.
Levelling the playing field between banks and non-banks
PSD3 is also expected to help non-bank service providers, which have grown since the entry of PSD2. However, these providers aren’t able to access the same payment infrastructures as banks, and often depend on having accounts with a bank in order to provide their services through. For example, PSPs have not been historically able to directly access the TARGET Instant Payment Settlement (TIPS) system, which enables real-time money transfers.
This creates an unlevel playing field, as providers are often competitors, and may also refuse to open accounts for them for reasons such as anti-money laundering controls, says Southgate. This issue was highlighted in a recent joint industry letter from the European Payment Institutions Federation, which called for an amendment to the SFD to extend direct access to non-bank payments providers.
PSD3 will hope to open things up, not just by tougher rules on banks allowing accounts for PSPs, but also rules around admitting PSPs to payment infrastructures (as long as they pass a risk assessment). In particular, the proposal last year said that it would allow “non-bank payment service providers access to all EU payment systems, with appropriate safeguards, and secure these providers’ rights to a bank account”.
Southgate explains that while national banks currently offer safeguarding accounts that are limited and don’t provide access to underlying payment systems, PSD3 would seek to allow direct access to these rails, enabling competition with banks. He says that the industry has already seen versions of this access, such as with Faster Payments in the UK.
However, one potential issue he flags is that it allows access only to the individual underlying payment rails, and not access to other tools such as hedging or FX services. “It also requires a new market entrant to build all of the connections, ledgers and other technologies separately, to maintain a Swift gateway and all of the required security for each of those payment rails,” he adds. “This would be quite the technological development.”
EU payments initiatives: the story so far
As well as CBPR2, PSD3 and PSR are moving alongside new rules around instant payments. Introduced in 2008 after the first PSD, the Single Euro Payments Area (SEPA) allows customers to make digital credit transfer and direct debit payments anywhere in the EU (as well as certain non-EU countries) quickly and efficiently. Its legal framework is linked to PSD2, as well as other EU regulations around cross-border payments and interchange fees.
According to the European Central Bank, SEPA payments are required to take no longer than one business day for electronic payments. However, this February, the European Council adopted regulation that will make instant payments fully available in euros to consumers and businesses in the EU and in EEA countries.
This regulation will allow people to transfer money within ten seconds at any time of day, both domestically and across borders. It also requires banks to offer services that can send and receive instant payments in euro, with any applicable charges being no higher than those that apply for standard transfers.
Eimear O’Connor, Chief Product Officer at Form3, says that the introduction of PSD3 could help speed up the uptake of instant payments across the region.
“We believe the new regulation will continue the journey towards ‘normalising’ the use of instant payments across the SEPA region, by providing the tools to strengthen the instant payment proposition offered to consumers and ultimately resulting in further cannibalisation of payments routed via traditional clearings such as STEP2,” she says.
O’Connor adds that new regulations could create a “carrot and stick situation”, by mandating companies to offer instant payments as a solution to customers for the first time on the pay and receive side, as well as influencing the pricing offered to be on par (or more favourable) than traditional payments. This, she says, allows consumers to receive “quicker payment, with guaranteed reachability, for the same price”.
New regulations also grant access for payment and e-money institutions to payment systems, through amendments to the Settlement Finality Directive (SFD) – an EU directive that guarantees that transfer orders within the EU are legally settled. The SFD applies to a list of participants, which had previously excluded payment and e-money companies.
Beyond introducing new rules, the European Central Bank has also been working towards the development of a digital euro – reflecting the work of a number of countries worldwide to develop a central bank digital currency (CBDC). After the European Commission presented a legislative proposal for a potential digital euro, the European Central Bank is currently in a preparation phase (launched in November 2023) during which it is laying out the foundations for issuing a digital euro.
CBDCs are at various stages of development worldwide. Proponents in the EU have said that they could help make cross-border payments cheaper and more secure, as well as help the region regain control of the payment sector from major foreign players like Visa or Mastercard. However, some members of the European Parliament have suggested scrapping the digital euro scheme altogether, as they believe it is too costly and does not add enough value to payments in the region, compared to the existing digital payment system.
What does the European cross-border payments landscape look like?
FXC Intelligence’s data gives an impression of how much money countries in the EU, as well as the wider EEA region, are sending both to each other and countries further abroad. This is particularly relevant to the EU’s payment directives, which over time have extended their reach to cover cross-border payments between the EEA and other countries.
Large amounts of money have been passing across borders both within and beyond the EU in recent years. For example, FXC’s market sizing data shows that across consumer-to-consumer (C2C), consumer-to-business (C2B) and business-to-business (B2B) payments, countries in the EEA sent $11.94tn to other countries globally in 2022 (the latest confirmed annual figure), which includes outbound flows to countries within the EEA.
Excluding payments sent to other countries within the EEA, the total amount sent across these segments was $4.64tn, highlighting the importance of cross-border payments within the EU. It also highlights the importance of B2B payments specifically, which made up 88% of total EEA outbound flows (including intra-EEA), compared to C2B payments, which accounted for 11%. C2C, meanwhile, had just a 1% share.
Access inbound and outbound cross-border payment flows data with FXC Intelligence
The cross-border payments landscape in Europe has been punctuated by several deals recently that identify the potential of the region and B2B payments. Intermex, the US-based remittances provider that focuses on the LatAm market, recently moved into Europe through the acquisition of La Nacional. Meanwhile, the National Payments Corporation of India also recently brought UPI – India’s instant payment service – to Europe for the first time.
As FXC has covered in previous reports, the global B2B and consumer money transfers market continues to grow and therefore regulating more cost-effective, faster payments will be more important. Ultimately, PSD3 is aimed at building more standardisation and harmonising national payment systems across the EU, which in turn complements the development of instant payments systems and the union’s aim to build a single payments market.
What are cross-border payments companies doing to prepare for PSD3?
PSD3 is targeting a more level playing field between banks and non-banks. However, to achieve this, countries in the EU may also require companies operating in both the domestic and cross-border payments space to make changes to their services.
With the finalised proposal for PSD3 still incoming, it is not yet set in stone what those changes will be, but a number of cross-border payments companies have already spoken about what they are doing in preparation for PSD3.
Netherlands-based Adyen, for example, has said that it is working with regulators and card schemes in preparation for PSD3. It has also created a Delegated Authentication solution that will allow it to authenticate customers by itself instead of needing to outsource to a third party to do so itself.
Similarly, payment processor Stripe has said it has been talking to policymakers about the impact of Europe’s future payment rules. It had already worked with businesses to implement authentication processes to comply with new SCA rules under PSD2, for example through an authentication engine that uses machine learning to detect risk in real-time.
In a blog on its website, B2B payments provider Hokodo says it is looking to expand its open banking solution from the UK to Europe, as PSD3’s new rules will enable the development of “premium APIs” that will enable it to offer better B2B payments in Europe. It also added that PSD3’s additional security measures will allow it to offer larger credit limits to a higher number of buyers.
Southgate explains that Navro is working with external partners and providers to build out advanced fraud controls, as well as working with banking counterparties to build out CoP-style controls that will apply to the company’s virtual IBANs.
He says that the company is already well connected to payment rails via its partnerships with banks, so little will change with the open access that comes with PSD3. However, it will be looking to provide a more streamlined service for customers.
“As a curation layer, Navro is also not seeking to gain access to the underlying payment rails at this time,” says Southgate. “Instead we are looking to link together existing products and services from a range of providers (typically tier one banks) in order to create one single API and contract for our clients, giving them access to all of the services that they need.”
On Form3’s side, O’Connor says that the company is excited about the IBAN verification tool pitched by PSD3, which aligns with Form3’s CoP products. However, she says that many of its UK-based customers transacting overseas are trying to understand their obligations as, post-Brexit, it is unclear whether the UK government intends to introduce an equivalent UK law.
The international nature of payments mean it is likely that UK regulators are looking into it, she says, but until regulations change, it remains unclear if a remitter bank in France (for example) will need to check details in the same way when sending money to a recipient in the UK, where there is no obligation to join a CoP service.
“Due to instances like these, we see a clear requirement to continuously monitor EU regulatory developments (such as PSD3) as well as assessing the level of divergence that will be tolerated in respect to SEPA scheme membership,” adds O’Connor. “Until then, clients are generally taking the position of being ‘better safe than sorry’ and, as such, utilising one proposition such as Form3’s to access multiple markets and services make complete sense in order to minimise both costs and efforts.”
Conclusion
PSD3 is an acknowledgement of the need for greater protections against payment fraud, as well as the significant growth of new digital entrants into the payments market and offering services empowered by open banking. However, the EC’s proposals are still moving through Parliamentary stages, which means that it will take some time before the impact is felt in cross-border payments.
Within the European cross-border payments space, B2B payments are growing rapidly, as can be seen from the sheer difference in volumes being sent across borders compared to remittances.
Businesses require even more assurances over security when it comes to these payments, and so further consideration of fraud from PSD3 (i.e. in SCA rules, enabling data sharing and more refund rights for fraud victims) will be important here. The B2B payments space is currently open, with our market sizing data forecasting that B2B cross-border payments could have a total addressable market of $56tn by 2030.
For consumer payments meanwhile, the regulation will aim to expand upon rules introduced by other EU regulations to help drive more transparency across pricing across money transfers. This will hopefully help provide more clarity for consumers sending money abroad.
