Voice of the Industry

Insights into European payment regulations for 2024 (and beyond)

Wednesday 27 March 2024 09:54 CET | Editor: Oana Ifrim | Voice of the industry

The article offers insights into the regulatory changes slated for 2024, providing a roadmap that will influence the evolution of payments

I know we're all pretty up-to-speed with the latest in European payment regulations this year, but I figured I'd give a quick recap.

In the rapidly evolving European payments landscape, understanding and adapting to regulatory changes are essential for businesses and entrepreneurs. Compliance ensures transaction security and improves credibility, providing a competitive advantage in the global market. Failure to comply can lead to severe penalties, therefore, staying informed and compliant is paramount in 2024 and beyond.

Below I'll break down some of the key regulatory changes that will be guiding the course of payments in the years to come:

EU Anti-Money Laundering (AML) / Countering the Financing of Terrorism (CFT) Package

Efforts to combat money laundering and terrorism financing are a top priority globally, in the EU, and at national levels. However, current laws unintentionally burden legitimate public-benefit organisations like foundations with excessive reporting requirements and hinder their access to essential services due to bank de-risking practices. This limits their ability to provide humanitarian aid, social services, education, cultural support, and fight climate change, as well as hampering governmental accountability and anti-corruption efforts.

On July 20, 2021, the Commission unveiled its series of legislative proposals designed to improve the European Union's regulations concerning anti-money laundering (AML) and combating the financing of terrorism (CFT). This package includes:

  • A regulation introducing a novel EU anti-money laundering authority (AMLA), endowed with the authority to enforce sanctions and penalties.
  • A regulation revising the existing regulation governing fund transfers, to improve transparency and traceability in crypto-assets transfers.
  • A regulation outlining AML obligations for the private sector.
  • A directive focusing on AML mechanisms.

On 18 January 2024, the EU Council and European Parliament reached a provisional agreement on two important pieces of the EU AML and CFT package: the new AML/CFT Regulation (which contains directly applicable rules on Beneficial Ownership) and 6th EU AML/CFT Directive.

With the new package, all rules applying to the private sector will be transferred to a new regulation, while the directive will deal with the organisation of institutional AML/CFT systems at a national level in the member states.

The provisional agreement on an AML regulation will, for the first time, exhaustively harmonise rules throughout the EU, closing possible loopholes used by criminals to launder illicit proceeds or finance terrorist activities through the financial system.

The agreement on the directive will improve the organisation of national AML systems.

Next steps for AML/CFT regulations

The texts will be finalised and shared with member states' representatives in the Committee of Permanent Representatives and the European Parliament for approval. If accepted, the Council and the Parliament will formally adopt them before publication in the EU's Official Journal and enactment.

Instant Payment Regulation

Europe is undergoing a significant overhaul of its instant payment capabilities, aiming to streamline systems and improve experiences across the Single Euro Payments Area (SEPA). This initiative seeks to position Europe as a key player in unified payment innovation.

Established in 2002, the Single Euro Payments Area (SEPA) aimed to streamline euro-denominated bank transfers and facilitate cross-border payments within the European Union. In 2008, the SEPA Credit Transfer (SCT) scheme allowed electronic euro payments between any bank accounts in the SEPA area, though processing could take a day. As digital technology advanced, demand grew for faster payment solutions to replace traditional, slow bank transfers.

In response to this demand, the European Payments Council (EPC) introduced the SEPA Instant Credit Transfer (SCT Inst) scheme in November 2017. This scheme enables instant euro payments, with funds being credited to the recipient's account within seconds, 24/7/365.

Despite its potential, adoption has been slow and despite industry desires for instant transactions, the fragmented market has hindered progress. 

Currently, instant payments account for just 7% of all electronic payments in Europe and, despite being launched in 2017, as of 2023 only 15% of euro credit transfers are instant (SCT Inst).

Regulatory bodies like the European Central Bank, the European Commission, and the European Payments Council are leading efforts to drive improvements in this space.

The proposal

In November 2023, the Council of the EU announced a provisional political agreement with the European Parliament on the instant payments proposal. This agreement aimed to improve the availability of instant payment options in euro for consumers and businesses in EU and EEA countries, within the context of completing the Capital Markets Union. The proposal, initially drafted by the European Commission in October 2022, introduced amendments to the 2012 Regulation on the Single Euro Payments Area (SEPA) by incorporating specific provisions for instant credit transfers in euro.

The updated regulations aimed to modernise the 2012 SEPA Regulation, ensuring that instant payments in euro were quick, affordable, secure, and efficiently processed across the entire EU. Instant payments offered swift solutions for citizens, meeting various needs such as receiving funds promptly during emergencies or settling shared costs instantly. 

Under the new regulations, payment service providers (PSPs) dealing with euro credit transfers were required to offer instant payments to all customers at comparable costs to traditional transfers. They were also responsible for confirming payments reached the intended beneficiary and raising alerts in case of potential errors or fraud before completing transactions.

Moreover, the rules ensured effective sanctions screening through a harmonised procedure, mandating instant payment providers to check clients against EU sanctions lists at least daily, rather than screening individual transactions.

The regulation

From the European regulator's perspective, there's a clear intent to accelerate the adoption of instant payments, addressing the current status quo and sovereignty issues in the European payment landscape.

This regulation obliges banks and PSPs to comply, ensuring that both EU citizens and companies benefit from instant payments. It represents a significant milestone, establishing instant payments as the new norm across the EU.

On 7 February 2024, the European Parliament endorsed a regulation mandating instant payments, requiring credit transfers to be executed within ten seconds across the EU. The text was adopted with 599 votes to 7 and 35 abstentions..

Subsequently, on 26 February 2024, the European Council adopted the Instant Payments Regulation, fully enabling instant payments in euro for consumers and businesses in the EU and EEA countries.

Like the Proposal, the Regulation will amend the SEPA Regulation.

 In a nutshell
  • Banks and other PSPs across the EU are required to offer customers instant credit transfer services for sending and receiving payments. The cost must not exceed the fee charged for non-instant euro credit transfers.
  • Instant credit transfers can be sent 24/7/365 and must arrive in the recipient’s account within 10 seconds. Payers must also receive notification within 10 seconds of the transaction's status.

Fraud prevention and AML measures include:

  • Conducting sanctions screening procedures at least once daily.
  • Providing a Confirmation of Payee service to verify the match between the IBAN and the beneficiary's name, alerting the payer of potential mistakes or fraud before payment.

The requirement to offer instant credit transfers in euro when already offering credit transfers in euro is maintained, and PSPs cannot impose charges that are higher than charges imposed for non-instant credit transfers (in practice, this means that instant payments will usually be free of charge).

The Instant Payments Regulation enables payment service providers, including banks and mobile payment providers licenced in the EU, to offer real-time or near-real-time payment solutions, facilitating euro transfers within 10 seconds.

These rules, agreed upon by the Council and the European Parliament in 2023, allow people to transfer money within ten seconds at any time, including outside business hours, within and across EU member states. PSPs offering standard euro credit transfers will also be required to provide instant payment services at no extra cost.

The regulation will be implemented in two stages, with a shorter transition period in the euro area and a longer one in EEA countries. It not only makes instant euro payments universally accessible and affordable but also improves trust by mandating providers to verify the match between the IBAN and the beneficiary's name provided by the payer.

Additionally, the rules aim to bolster European payment firms' competitiveness against US giants Visa and Mastercard.

The Proposal amends the Settlement Finality Directive (SFD) to enable payment institutions and electronic money institutions to join designated payment systems. Under PSD2, it also allows these institutions to deposit remaining funds at the close of the business day in separate commercial or central bank accounts, and mandates measures for fund safeguarding, internal controls, and a winding-up plan for participation in designated payment systems.

Where we stand

On 19 March 2024, the Official Journal of the EU (OJ) was updated with a publication regarding Regulation (EU) 2024/886 of the European Parliament and of the Council of 13 March 2024 amending the SEPA Regulation, the Cross-Border Payments Regulation, the Settlement Finality Directive, and the Second Payment Services Directive (PSD2) as regards instant credit transfers in euro. 

The regulation enters into force on the twentieth day following its publication in the OJ, namely 8 April 2024, which sets a tight deadline for compliance.

The timeline for adoption is aggressive. PSPs in the euro area will then need to be ready to receive instant credit transfers in euro within 9 months and send instant credit transfers within 18 months.

Banks and PSPs of EU non-Eurozone countries will be required to receive instant credit transfers in euro within 33 months and send them within 39 months.


Payment Services Directive Revision 3 (PSD3) and Payment Services Regulation (PSR)

On 28 June 2023, the European Commission introduced a package of three proposals to improve the payment services market and make financial data more accessible. The package includes a proposal for a new Payment Services Directive 3 (PSD3), a proposal for a Payment Services Regulation (PSR), and a proposal for a Financial Data Access Regulation (FIDA).

Since the implementation of PSD2 in 2015, the retail payment services market has undergone significant transformations. The usage of cards and other digital payment methods has surged, while cash transactions have declined. Moreover, there has been a notable increase in the emergence of new players and services, such as digital wallets and contactless payments.

While PSD2 has undeniably achieved many of its objectives, the Commission has identified areas where its goals have not been fully realised. Specifically, despite the strides made by PSD2, consumers still face risks of fraud and lack confidence in payment systems. Additionally, the Open Banking framework operates with imperfections, EU supervisors possess inconsistent powers and obligations, and there exists an uneven playing field between banks and non-bank PSPs.

The initiative aims to tackle each of these challenges head-on.

What are the key aspects of PSD3 and PSR? 

  • Strong Customer Authentication (SCA) and Open Banking standards: much like its forerunner, PSD3 focuses on improving SCA and the use of Open Banking services. This focus aims to facilitate seamless and secure transactions, instilling confidence in consumers transacting in the digital landscape.
  • Data protection and privacy: the regulation prioritises safeguarding user information and privacy. It aims to establish clear guidelines for communication between banks, customers, and merchants, ensuring robust data protection practices.
  • Addressing current challenges: PSD3/PSR will, together with the proposed regulation regarding instant payments, increase the innovation for cross-border payments. Furthermore, the updated directive could ensure that the legal framework encompasses all significant market players in the payments ecosystem, including technology companies.
  • Fraud protection: PSR protects against payment fraud and aims to ensure top-level consumer protection, including instant payments. The directive supports the EU’s Retail Payments strategy’s objective of broad adoption of the highest security standards.
  • Promoting innovation and growth: PSD3/PSR aims to overcome the fragmented approaches adopted by different EU member states by creating a unified regulatory framework. The new regulations will support the EU’s Retail Payment Strategy’s goal of facilitating cheaper international payments, adopting global messaging standards, and fostering connections between PSPs.
  • IBAN/name matching verification service: PSPs of payees, at the request of the PSP of the payer, must verify whether the IBAN and the name of the payee as provided by the payer match. The Commission intends to align this new obligation with its Instant Payments Regulation, where a similar provision imposing the verification of discrepancies between the name and IBAN of a payee for instant credit transfers in euro is proposed.

Next steps for PSD3 and PSR

The European Parliament and Council are reviewing PSD3 and PSR; once finalised, they will enter into force by 2024/2025, with Member States transposing PSD3 and firms complying within 24 months.

Financial Data Access Regulation

On 28 June 2023, the European Commission introduced the Open Finance Framework, a part of the Digital Finance Strategy, emphasising the access and reuse of customer data with consent in diverse financial services.

The framework, including the proposed Financial Data Access Regulation (FIDA), aims to modernise the financial sector by facilitating secure sharing and customer data access. 

FIDA focuses on consumers and businesses, establishing rights and obligations for managing customer data sharing beyond payment accounts. It addresses rules on access, sharing, and use of specific customer data categories, along with the authorisation and operation of financial information service providers.

FIDA introduces some key novelties:

  • Empowering customers to control the use of their financial data.
  • Allowing financial institutions to charge other service providers for data access granted by customers.
  • Promoting high-quality APIs and improving overall data quality.

FIDA is set to drive Europe’s transition to Open Finance, working with PSD3. The two initiatives complement each other by fostering the opening up of choice and control over customers’ financial data. 

Next for FIDA and Open Finance in Europe

Reflecting on the enormous legislative progress of 2023, we can only expect that 2024 will be a game-changer for Open Finance. Indeed, the Open Finance Framework lies among the EU legislative priorities for 2023-2024, as shown in the Joint Declaration  on EU Legislative Priorities for 2023 and 2024.

In the months ahead, we expect both the Parliament and the Council to advance their individual stances and contribute to the formation of the final version of FIDA.

Building on the work already done, policymakers are now expected to give a notable emphasis on creating a regulatory framework that promotes open and secure access to financial data, likely to encourage innovation and competition within the financial industry. 

Digital Operational Resilience Act (DORA)

DORA, effective from January 16, 2023, and enforceable from January 17, 2025, aims to harmonise cybersecurity regulations in the European financial market. It introduces comprehensive ICT risk management, early warning indicators, and emergency plans, with companies having 24 months to comply, bolstering digital security.

DORA's scope encompasses a broad array of financial and related entities, spanning credit institutions, investment firms, payment and electronic money institutions, central counterparties, trade repositories, alternative investment managers, (re)insurance undertakings, intermediaries, crypto-asset service providers, issuers, and crowdfunding service providers.

Businesses are required to enhance or construct robust systems and protocols, subjecting them to thorough testing, and ensure the implementation of measures to safeguard operational and personal data from potential harm. Neglecting this responsibility could result in sanctions, potentially affecting top management, and causing substantial harm to operations and reputation.

Central Electronic System of Payment Information (CESOP)

CESOP, aimed at combating electronic VAT fraud in cross-border payments within European ecommerce, mandates banks and payment service providers to report payment data to financial authorities. Beginning January 1, 2024, this data will be centralised for fraud prevention purposes.

Markets in Crypto-Assets (MiCA)

MiCA, the EU regulation governing crypto-assets and stablecoins issuance and services provision, stands out as one of the most anticipated pieces of legislation in recent years, marking the world's first comprehensive regulatory framework of its kind and setting a precedent for global jurisdictions. It will become applicable 18 months after its entry into force, with provisions related to e-money tokens and asset-referenced tokens taking immediate effect. A fully applicable framework for crypto-assets legislation in the EU is expected by late 2024 or early 2025.

In conclusion

Amidst rapid changes in European payment regulations, businesses must stay informed and ensure compliance for operational security and competitiveness. These regulations focus on improving security, protecting consumers, and fostering innovation. Adhering to these provisions enables businesses to navigate the evolving payment landscape successfully.

About Oana Ifrim

Oana is a Lead Editor at The Paypers. Her expertise lies in the areas of Banking and Fintech innovation, with a particular focus on Open Banking, Open Finance, Embedded Finance, and Banking-as-a-Service. In her role, she manages content and conducts interviews with key experts in the abovementioned fields. Additionally, she represents The Paypers at various banking and fintech events, webinars, and panels. Moreover, she oversees trends research and content production, providing strategic planning and coordination for large-scale, industry-specific research, reports, and projects. If you wish to get in touch with Oana, she can be reached via email at oana@thepaypers.com or on LinkedIn.


Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: instant payments, cross-border payments, AML, fraud prevention, regulation, PSD3, FIDA, MiCA, Open Finance, SCA, data privacy, compliance
Categories: Banking & Fintech
Countries: Europe
This article is part of category

Banking & Fintech

Industry Events