Payments regulation in 2024: A year of evolution

by Brett Carr, associate, Latham & Watkins.

Share this post

The UK and EU payments sectors continued to draw increasing regulatory scrutiny throughout 2023. Indeed, the need to deliver compliance with new regimes, such as the consumer duty in the UK, required a great deal of the firm’s attention and resources throughout the year.

Whilst waiting for the release of anticipated EU proposals, the UK remained in information-gathering mode with the launch of various new work programmes, including HMT’s ‘Payment Services Regulations Review and Call for Evidence’, ‘Consultation Response on Payments Regulation and the Systemic Perimeter’, and ‘Future of Payments Review: Call for Input’, to name just a few. This work will feed into the UK’s ongoing assessment of whether and how divergence might make sense for the UK market.

In the EU, the focus was firmly on the June 2023 announcement of the third Payment Services Directive (PSD3) package, with many characterising the proposals as an ‘evolution’ and not a ‘revolution’. In the spotlight for the sector was the proposal for:

  • A Payment Services Directive (PSD3): To repeal and replace PSD2 and the second electronic money directive (EMD2) with an amended and modernised directive.
  • A Payment Services Regulation (PSR): To move much of PSD2 and EMD2 into a directly applicable regulation to enhance application coherence in EU member states. 

Pathway to implementation of PSD3 and PSR

Notably, the first proposals for PSD2 were published in 2013 and (mostly) came into application in 2018. Legislation of this nature takes time, and during 2024 we can expect to see ongoing negotiations of the text between the various EU institutions and potentially significant changes.

The pathway might take shape as follows:

  • Now: Review by the European Parliament and the Council of the EU. The final versions of the legislative texts of PSD3 and the PSR could be agreed as early as late 2024 or early 2025. However, European Parliament elections in Q2 2024 may delay this work.
  • Potentially 2024/2025: The proposed PSD3 and PSR will enter into force on the 20th day after the publication of the final texts in the Official Journal. Member states will then need to start work to transpose PSD3 into national law. Meanwhile, the European Banking Authority will focus on producing the various guidelines and technical standards.
  • Potentially 2026: 18 months after entry into force, the proposed PSR will start to apply. Before this point, member states must have transposed PSD3 into national law, which will also start to apply and PSD2/EMD2 authorised firms must have made their reauthorisation applications. Firms will have an additional six months (24 months after the PSD/PSR comes into force) to comply with the new payee verification (confirmation of payee style) requirements.

[For further insight and analysis, watch the Latham & Watkins PSD3 webcast]

The continuing UK reform agenda

The pace is not expected to slow, and the UK sector can expect a busy transition from 2023 to 2024 with some significant changes on the horizon.

Top of mind for many in the sector is:

  • Government’s intention to make significant progress on work to replace the Payment Services Regulations 2017 (PSRs) and Electronic Money Regulations 2011 as part of its Future Regulatory Framework Review (FRFR).
  • HMT’s work on amendments to the PSRs to amend payment service contract termination rules, enhancing customer protections.
  • Financial Conduct Authority (FCA)’s expected consultation on strengthening requirements for safeguarding of customer funds, which is due under the FRFR; many stakeholders expect a client asset sourcebook (CASS)-like regime that will replace the high-level rules of the PSRs.
  • PSRs’ new rules on authorised push payment (APP) fraud reimbursement and its 31 October 2024 deadline for implementation of confirmation of payee services by direct and indirect participants in Faster Payments and clearing house automated payment system (CHAPS).
  • Joint Regulatory Oversight Committee’s work on the next phase of open banking through its recommended roadmap of actions, alongside the government’s developing plans for smart data schemes and work on the long-term regulatory framework for open banking.

Evidently, firms must continue to meet the pace of complex regulatory and technological change whilst keeping one eye on the horizon for what is yet to come in 2024 and beyond.

Brett Carr is an associate at Latham & Watkins.

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Continue reading

This content is only available to subscribers - please see instructions below!

Subscribe to continue reading

Already a subscriber? Please log in to continue

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?