The Banking View | PSD3 and PSR: evolution, not disruption

Andrea Monteleone from J.P. Morgan Payments discusses how Europe’s new payments framework drives harmonisation, fraud resilience, and bank–fintech collaboration.

Europe’s regulatory landscape is undergoing a major shift with the introduction of PSD3 and the Payment Services Regulation (PSR). How does J. P. Morgan see these changes, both operationally and strategically?

PSD3 will drive an evolution, rather than a revolution, in the market for payment services in Europe.

This evolution aims to modernise the foundational regulatory framework for the provision of payment services and drive pan-European harmonisation, foster competition and innovation, and improve Open Banking, fraud prevention, and the protection of end users.

J.P. Morgan Payments welcomes these efforts and expects the market to gain significant benefits from the upcoming changes. We see PSD3 and PSR as an opportunity for providers of payment services to enhance their products and solutions.

Moreover, PSD3 and PSR are part of a broader regulatory agenda which is rich yet consistent. This means that, rather than causing disruption, the implementation of these changes has the potential to unlock synergies and opportunities for providers to future-proof their offerings.

While some institutions view PSD3 and PSR primarily as regulatory obligations, others see opportunities for new partnerships and revenue streams. Where do you see the most strategic opportunities for banks under this new framework?

PSD3 and PSR offer many opportunities for banks. Increased harmonisation will drive efficiency gains and simplify compliance, particularly for those players operating across multiple European countries. From this perspective, updating the rules for the provision of payment services through a regulation directly applicable in all Member States – without need for “translation” into national laws – removes, by design,  the risk of fragmented requirements and associated frictions.

The PSR provides additional opportunities, such as improving payment service providers’ (PSPs) capability to fight fraud, enhancing transaction monitoring and introducing the possibility to share information for fraud prevention purposes.

The simplification and standardisation of Open Banking can also help unlock the potential that regulators foresaw when the framework was introduced under PSD2. While these regulatory changes will remove some of the existing obstacles, the limited uptake of Open Banking over the last decade suggests that they may still not be sufficient.

Lastly, PSD3 and PSR create an opportunity to improve cross-border payments, particularly their transparency, not only within the European Economic Area but also with third-countries, aligning with the goals of the G20 Roadmap.

With multiple regulatory initiatives progressing simultaneously (from PSD3 and PSR to DORA and MiCA), which developments are currently the most challenging for banks to operationalise? How are institutions prioritising resources and internal efforts to manage this growing regulatory workload?

We fully recognise that regulatory compliance is the mechanism through which policy goals – such as safety, security, and trust – are operationalised. We don’t take compliance lightly, and we consider it a pillar of how we deliver value to our clients. On the other hand, our commitment to meeting a dense regulatory agenda absorbs a significant amount of resources which could be otherwise invested in other initiatives equally aimed at delivering the best solutions to clients.

To strike a balance and steer an efficient operationalisation of regulatory requirements, collaboration between regulators and markets is key. We must partner to capitalise on market efforts as an efficient and effective way to achieve policy objectives. Industry initiatives like the FPAD functionality and the Frida scheme, for example, broadly align with upcoming regulatory requirements for fraud prevention.

Market players must adopt a mindset that views compliance not as a burden or pure cost, but as an opportunity to enhance their value propositions. A good example is the Verification of Payee (VoP) requirement, introduced by the Instant Payments Regulation and further expanded by the PSR cost center 560744 (London LE). As PSPs are required to avail this verification service to their clients, they can leverage the investment in compliance to develop and offer value-added fraud prevention services built around VoP.

The proposed PSR introduces new expectations for cooperation between Payment Service Providers and Electronic Communications Service Providers to combat fraud such as spoofing and impersonation scams. From a banking perspective, how effective do you believe these cross-sector measures will be in reducing fraud, and what practical challenges remain in coordinating between banks and telecom providers?

In 2024, the payment fraud rate in the European Economic Area was 0.002% of the total value of transactions. Nonetheless, total fraud reached EUR 4.2 billion, a 17% increase year-on-year. Fraud can erode confidence in the digital economy, diminish user trust, and add unseen costs to transactions.

Moreover, fraudsters are increasingly leveraging technological advancements to launch sophisticated attacks, including AI-powered scams, which are difficult to fight.

J.P. Morgan Payments welcomes the introduction of a framework that involves all stakeholders to tackle these threats. This approach offers a coherent response to the complex and evolving nature of fraud and fosters collaboration across the ecosystem.

While fraud often manifests during payment transactions, it is frequently initiated much earlier. Some scams are built over months, with fraudsters systematically weakening victims’ defenses through different channels.

This suggests that payments legislation alone may not be sufficient, as it covers only the “last mile” of a much longer chain. Providers of payment services cannot combat fraud in isolation.
Fraud information-sharing agreements and platforms, along with the inclusion of other stakeholders beyond PSPs in fraud prevention frameworks, can help drive concerted efforts and increase the ecosystem’s ability to fight fraud. Participants will be enabled to leverage richer information to act upon.

Finally, Artificial Intelligence (AI) is not only a weapon for bad actors. PSPs should embrace the potential of AI to enhance their ability to detect and prevent fraud. At J.P. Morgan Payments, we firmly believe in the potential of AI and leverage it as a key component of our trust & safety solutions.

PSD3 and PSR expand access to payment infrastructure for non-bank providers. Do you see a future where financial services are increasingly delivered through platforms and technology companies while banks operate more as regulated infrastructure providers in the background?

Opening access to payment systems is a global trend designed to drive competition and innovation, ultimately benefiting payment service users. However, these goals must be balanced against equally important objectives: the stability, security, and resilience of payment systems, where banks play a critical role as “gatekeepers”.

Direct access to payment systems is costly and operationally complex. It involves building connectivity, complying with AML/CFT and sanction screening requirements, and meeting liquidity and currency needs.

For many, if not most, non-bank financial institutions, the burden of direct access would likely be bigger than the potential benefits. A few non-banks may have the scale, capabilities, and business rationale to pursue direct access and potentially to develop their own access solutions, but they still cannot offer key bank services.

Consequently, we see the regulatory change as a driver of evolution and increasing the sophistication of relationships between banks providing access and non-banks.
We see banks becoming providers of holistic suites of solutions, rather than just providing access to payment systems, spanning from full-fledged agency to modular models where banks avail strategic components of access.

As such, PSD3 and PSR will not disrupt the relationship between banks providing indirect access and non-banks; instead, they are expected to foster more strategic partnerships.

Technology innovation cycles now move far faster than regulatory timelines. Do you think the current regulatory model is capable of keeping pace with developments such as AI-driven financial services, embedded finance, or agent-based commerce?

The Law of Accelerating Returns teaches that technology progress accelerates exponentially. If regulatory timelines struggle to keep pace today, they will face even greater challenges tomorrow.

This requires a shift in regulatory approach towards being principle-based and more technology-neutral. Regulators should define the direction for the market evolution, defining principles, limits, and rules of the game, while allowing flexibility in implementation.

Enhanced collaboration between regulators, authorities, and the market is essential to ensure a sustainable evolution of payments, one that can deliver tangible benefits for all stakeholders. This allows regulators to leverage the expertise of industry players to more effectively pursue their policy objectives.

In this context, J.P. Morgan Payments also supports the development of innovative solutions by the public sector, provided the private sector is involved, and the commercial landscape is considered. We believe that public and private sectors, working together, can tap into the full potential of innovation to improve payments collaboratively.

Looking ahead, what are the areas that regulators should look into for the future of payments?

The payments industry is continuously evolving. As technological advancement progresses – breaking down barriers across industries – future changes may take forms that we may not even expect.
Regulators face the difficult task of channelling this transformation, tapping into its potential while countering associated risk. Navigating such a transformation is likely to become a business-as-usual task for regulators.

Two key questions stand out for the future of payments.

Firstly, as Agentic AI progressively penetrates payment flows, this will call the entire industry to rediscuss many aspects of what a transaction is, and how we interpret concepts like fraud, liability, authorisation, and cybersecurity, etc.

Secondly, as more payment solutions are being developed (e.g., stablecoins, deposit tokens, CBDCs), while existing payment methods continue to evolve (e.g., A2A, Open Banking), will regulators remain neutral or steer the market toward specific directions? Will this lead to fragmentation or harmonisation across jurisdictions?

We believe the answers to these questions will play a significant role in shaping the development of payments in the future.

About Andrea Monteleone

Andrea Monteleone is an Executive Director with the EMEA Payments Industry Advocacy team at J.P. Morgan Payments, which he also represents in industry bodies and boards. Previously, he served as a senior expert at the World Bank’s payments practice, advising policymakers worldwide on payments development and innovation. Earlier in his career, he held product management and strategy advisory roles at a global payment card corporation.

 

 

About J.P. Morgan Payments

J.P. Morgan Payments combines treasury services, trade & working capital, and card and merchant services capabilities to help clients pay customers or employees in different currencies around the world. It processes over USD 10 trillion payments daily, operating in over 160 countries and over 120 currencies.