Understandably at this very early stage, PSD3/PSR is absent from the focus of bank investors and analysts. This will change as the proposed regulations reach the final stages of approval – through the Commission, Parliament and EU Council trilogue – likely by the end of next year or in 2025.

With the risk of oversimplifying, I divide banking and financial regulation in two broad categories. The first, which I call protective regulation, includes the prudential rules (on capital, liquidity etc.) which try to keep banks, their depositors, and the system out of trouble but which also create high barriers to entry into the sector. I call the second category progressive regulation, which forces the banking and financial system to evolve by opening it up to more competition – lowering entry barriers. PSD3/PSR clearly belongs to the progressive regulation category.

PSD3/PSR in a nutshell

PSD3/PSR is a substantial enhancement of PSD2 (adopted five years ago) and is designed for the digital age. The European Commission notes that electronic payments in the EU grew by 30% between 2017 and 2021 to EUR 240bn in value. The trend was amplified during the Covid-19 period and fuelled the emergence of a plethora of new digital payments providers. Of course, fraud risk also grew for wider categories of users.

The proposed payments regulatory package aims to combat and mitigate payment fraud, improve consumer rights, and strengthen harmonisation and enforcement. Importantly, it also targets levelling the playing field between banks and non-banks, as well as improving the functioning of open banking.

The package proposes transferring the rules governing the activities of payment institutions (PIs) from PSD2, which saw a substantial degree of regulatory fragmentation following its implementation by Member States into PSR. Being a regulation rather than a directive, the PSR will be universally applicable across the EU. The single framework’s perimeter will encompass e-money institutions (replacing the 2009 E-money Directive). After a grace period of around two years after the PSR kicks in, all existing PIs will have to be re-authorised by their national competent authorities (NCAs).

Importantly, all PIs, not just the banks, will have direct access to the EU’s payment systems (including those steered by central banks), which could substantially reduce non-bank PI’s dependence on banks. Furthermore, banks will be required to provide a payment account to PIs – something many are currently reluctant to do. In exchange, eligible PIs will see a much higher degree of regulation and supervision. Among other things, they will have to present to regulators a wind-down plan, not dissimilar to a bank’s living will, to protect consumers from the impact of a failing institution.

The proposal also includes a set of rules to harmonise the implementation of open banking. While PSD2 kick-started open banking in Europe – requiring banks to open their payment processes to Third Party Payment Services Providers (TPPs) – progress has been slow and inconclusive due to differing national interpretations of the directive. One key area of difference has been the structuring of APIs (applied programming interfaces), preventing the fluidity of open banking. PSR is pushing for more standardisation across banks and other PIs for API and modified customer interface (MCI) parameters, which should help open banking gather speed across the EU.

New and serious challenges for banks

When implemented, and assuming that its final version is not significantly watered down from the current proposal, PSD3/PSR will add a new layer of compliance for banks, related to re-authorisation requirements and meeting the new PI supervisory rules, as well as risk management including heightened fraud risk. These will top up other IT costs – such as those of building harmonised payment platforms and APIs to meet the new regulatory standards. This will all add to banks’ cost bases, especially in the case of institutions that are lagging in digitalising their activities and operations.

Equally, direct competition with non-bank PIs, which will be less dependent on banks, may create headwinds for banks’ payment-related revenue bases. Payment-related fees are generally low-risk or no-risk earnings for a bank. Some independent studies calculate that they can represent up to 20% of retail/SME banking revenues; a steady source of income that banks cannot afford to see diminishing.

When open banking becomes more mainstream, negative trends for banks that are digital laggards will become even more threatening. The competitors will not only be non-bank PIs with direct access to payment flows –some, like Adyen, Stripe, or Nexi already exist – but other banks too with more advanced digital footprints and technologically progressive strategies.

Furthermore, the proposed new regulations will require PIs to become separate legal entities supervised by NCAs if they are part of non-financial non-payment groups. This could provide an opening to US big tech firms like Apple, Amazon, and Alphabet to the EU payments and financial landscape, under the protection of local regulators. (Chinese big techs are in my view less likely to be accepted in Europe on a larger scale).

At the same time as it announced the PSD3/PSR project, the Commission also published a Financial Data Access (FiDA) proposal, which will enable consumers and SMEs across the EU to authorise third parties (data users) to access their data held by banks and other financial forms (data holders).

Unlike PSD2, which provides such authorisation only for payments data, FiDA will include all financial data – loans, mortgages, savings, insurance, pensions, etc – subject to customers agreeing to share their data with specific data users.

Data users will only be authorised to read the data, not to perform transactions on behalf of customers. But I anticipate that at some stage comprehensive data sharing under FiDA and open banking under PSD3/PSR will intersect and be combined.

In time this could lead to a structurally different banking and financial ecosystem, highly disruptive and threatening for many incumbent banks. In fact, the Commission specifically refers to the need to boost ‘open finance’ in its FiDA proposal.

Download Sam Theodore’s latest The Wide Angle here.