What’s behind the PSD3 directive? Sii Poland’s guide to the new payment regulations

In June 2023, the European Commission implemented a series of changes in the payment market to verify and modernize existing regulations under the PSD3 directive. These changes were presented as part of an entire legislative proposal package. The retail payments strategy includes provisions for updating guidelines to meet market and consumer needs and to keep pace with technological developments. Discover Sii Poland experts’ approach to managing and implementing the new regulation.

Enhanced security and Strong Customer Authentication

PSD3, like its predecessor, will focus on Strong Customer Authentication (SCA) and open banking standards to secure consumer transactions within banks and through non-bank retail merchants. For instance, SCA will make services like cashback more efficient and secure, allowing consumers to withdraw cash at stores without making a purchase.

Broader scope and enhanced consumer protection

While PSD2 regulated all digital payments and open finance in the EU and EEA, PSD3 will expand these principles, focusing on consumer protection, open banking, and anti-fraud measures like phishing and smishing prevention.

Combating fraud with advanced measures

One of the proposed changes is to give victims of Authorized Push Payment (APP) fraud the right to a refund. This regulation will require payment service providers to match recipient data with the bank account holder’s details, allowing them to share fraud-related information. As fraudsters have been using new methods, such as impersonating companies or institutions due to stricter transaction verification rules, PSD3 aims to address these evolving threats.

Facilitating open banking and financial data access

Open banking will enable new players to enter the market and provide innovative payment services. The “Regulation on a Framework for Financial Data Access” is critical to these changes.

— This regulation will oversee access to customer data, manage who can access the data for what reasons, and standardize customer data across the EU. One of the challenges of the previous directive was the inconsistent implementation of regulations across different EU countries, which the new one aims to resolve — comments Artur Walendzik, Banking Domain Expert at Sii Poland.

Addressing barriers for non-bank payment providers

Non-bank payment service providers frequently encounter challenges, including difficulties opening bank accounts, directly hindering their operations. The new PSD3 and PSR regulations are designed to create a more level playing field by simplifying the entry process for these providers to compete in the market. Under these changes, banks will be required to offer clear justifications and a detailed appeals process if they deny opening accounts, thereby diminishing barriers for non-bank entities.

Sii Poland’s expertise in global banking compliance projects

Sii Poland has significant experience implementing global compliance projects for major financial institutions. One notable project involved Aion Bank in Belgium, where Sii experts performed comprehensive Know Your Customer analysis (KYC) for high-risk customers and Politically Exposed Persons (PEPs). The project covered the periodic review process, developed new templates, established a client outreach process, and identified potential risks, thereby ensuring compliance with regulatory requirements and improving process efficiency.

Additionally, Sii Poland worked with an American Fortune 500 financial services company, providing critical support for data privacy compliance. The team conducted risk assessments for third-party subcontractors and managed data privacy incidents, ensuring adherence to strict Service-Level Agreements (SLAs) and bolstering the client’s data protection measures.

As part of the projects carried out for Arion Bank in Iceland, Sii Poland took part in establishing satellite offices in Warsaw and Łódź. These facilities were equipped with dedicated infrastructure, secure internet connections, and stringent physical security measures to comply with the appropriate sector-specific standards fully. This setup allowed the client to maintain high-security levels for their operations in Poland, at the same time demonstrating Sii Poland’s capability to deliver robust, internationally compliant customized solutions.

Staying ahead with PSD3 compliance

— The implementation of PSD3 in Poland is anticipated by 2026 — explains Michał Żelazowski, Head of Financial Services, Banking & Insurance at Sii Poland. – Although the timeline for the legislative process is tight, businesses and financial institutions are encouraged to familiarize themselves with the new regulations early. Staying informed and compliant with PSD3 is crucial for all stakeholders — he explains.

As the regulatory landscape develops, businesses and consumers can expect improved protections and new opportunities in the payment market.

Ensure your business is ready for PSD3. Contact Sii Poland for expert advice and solutions to efficiently adjust to the new payment regulations.