PSD3 – Be careful what you wish for

Share this post

Even in post-Brexit UK, the Payment Services Directive (PSD) continues to throw its long shadow over everything related to payments, so the EU’s plans for and discussions about the content of the next thrilling instalment the third Payment Services Directive (or PSD3 to its friends) remain of huge interest and importance to those of us in the payments world.

As someone who has been involved with this since it was floated as the European Commission’s “New Legal Framework for Payment Services in the Internal Market” some 19 years ago (and yes, I do feel old!), it could be said that PSD runs through my veins. I can testify that many of the provisions in PSD 1 & 2, and indeed in the 2nd E-Money Directive (2EMD) were either directly requested by, or at least heavily influenced by, the UK. Indeed, there are still a few words of my drafting in PSD2. It will therefore be interesting to see what PSD3 looks like and how much of it will be echoed by the UK’s review of the PSRs and EMRs.

The European Banking Authority (EBA) has recently issued its detailed response to the European Commission’s request for proposals on the changes required in PSD3  and for payments anoraks like me, its 126 pages make enthralling reading.

You will be relieved to see that I do not intend to go through all of the recommendations in this article (there will be follow up pieces for that), but there are a couple of recommendations that are worth highlighting.

EU Member States

Any UK Authorised Payment Institution (API) or E-Money Institution (EMI) with customers in the EU will be (or should be) aware of the question of how the provision of such services is treated by Competent Authorities in different EU Member States. It is therefore not surprising that the EBA has proposed that PSD3 clarifies how to identify the place of provision of (payment) services when they are provided online. They do, however, acknowledge that this is an issue which goes much wider than payments and points to several previous references to the issue they have made over the past few years.

The importance and wide repercussions of the EU policy on this will be of huge interest to UK companies with EU resident customers post-Brexit, across the financial service landscape. At the moment they may be relying on the “characteristic performance” and/or “non-solicitation” tests (see my colleague James Borley’s article for more details) for the provision of online services for EU resident customers. If the EU settles on a definition which says that the place of provision is dependent upon the user’s place of residence, this will dramatically reduce the ability of UK financial services firms to service EU resident customers. Given that we know that a number of EU Member States (e.g. the Netherlands) take that view, this must be seen at the very least, as a strong possibility, so watch this space.

Distributors under 2EMD

Another area where the EBA is, very sensibly in my view, seeking clarification is on the nature and status of distributors under 2EMD. They point out that the business models in the sector have evolved and some distribution models now share many of the features and characteristics of agents of payment institutions.

The lack of mandated registration of distributors (as opposed to agents) has led to a patchwork where some Member States show distributors on the public register whereas others, as with the UK, do not. In the UK this means that some EMIs register businesses issuing under their authorisation as an agent, where a proper analysis would show that the business being undertaken would fall within the definition of distribution, purely in order to provide reassurance to customers, through checking the name of the FCA Register.

This request for clarification from the EBA, goes alongside their suggestion that the Payment Services and E-Money Directives be combined into PSD3, which provides the opportunity for clarification of the agent/distributor conundrum. We know that HM Treasury and the FCA have been considering combining the Payment Services Regulations and E-Money Regulations as part of their review in this area, so it will be interesting to see to what extent there is commonality between the UK and EU approaches.

In conclusion…

Clearly, this is the first stage of the PSD3 process and getting to the final agreed version will be a long and tortuous process, not to mention the potential for differing interpretations by Competent Authorities, notwithstanding the EBA’s role in setting guidelines and technical standards. However, keeping an eye on the proposed changes and where possible, lobbying against unhelpful proposals is important, and can work. As I frequently said regarding PSD1, if you think the final version was bad, you should have seen some of the earlier proposals.

Article by Compliancy Services

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?