European Payment Regulations: Trajectory for 2024 & Beyond

In the modern European payments landscape, staying compliant with the latest regulations is a key priority for businesses. After all, it isn’t just about ticking boxes - it is about ensuring transaction security and building a fault-free reputation. However, keeping track of the rules and guidelines can be a challenging task due to the pace at which they are changing.

Worry not - we have done the research for you! This guide lists some of the main regulatory shifts that have been evolving over the past few years and are expected to continue shaping the future of payments in Europe in 2024 and beyond. Keep reading to ensure your business has all the necessary legal measures in place to avoid fines and foster consumer trust!

6 Key Ongoing Regulatory Initiatives in Europe’s Payment Scene

While there may be variations in some payment regulations across different European jurisdictions, there are six major regulatory initiatives that will inevitably impact businesses and PSPs across the continent in the foreseeable future, namely:

1. Instant Payments Regulation

Since its establishment in 2002, SEPA has been streamlining euro bank transfers within the EU. In fact, SEPA Credit Transfer (SCT) enabled electronic euro payments already in 2008, but at the time, they could take up to a business day to process. Naturally, as tech advanced, consumer demand for faster transactions has risen.

To meet this pressing need, the European Payments Council introduced the SEPA Instant Credit Transfer (SCT Inst) scheme in 2017, which enables instant euro payments 24/7/365. Yet, the adoption of this scheme has been slow, with only 15% of euro credit transfers being instant as of 2023.

To overcome this bottleneck, on February 7, 2024, the European Parliament endorsed a regulation requiring credit transfers to be executed within 10 seconds across the EU. Besides, on February 26, 2024, the European Council adopted the Instant Payments Regulation, fully enabling real-time payments for consumers and businesses in the EU and EEA countries.

Later this year, on March 19, the EU’s Official Journal was updated with Regulation (EU) 2024/886, which amended various financial legal initiatives, including:

• The SEPA Regulation
• The Cross-Border Payments Regulation
• The Settlement Finality Directive
• PSD2

This measure is a necessary step to further promote instant credit transfers in euros. It went live on April 8 and has a tight implementation timeline, with Eurozone PSPs being tasked to enable the receipt and sending of instant credit transfers within 9 months and 18 months, respectively. As for non-Eurozone PSPs, the deadlines for the same objectives are 33 and 39 months, sequentially.

2. AML/CFT Package

In response to these issues, on July 20, 2021, the European Commission introduced a series of legislative proposals aimed at improving the EU’s regulations on anti-money laundering (AML) and combating the financing of terrorism (CFT). This package covers the following topics:

• The introduction of a novel EU anti-money laundering authority (AMLA) that is set to hold the power to enforce sanctions and penalties.
• A full revision of the existing fund transfer regulation aimed at promoting transparency and traceability in digital asset transactions.
• An outline of AML obligations for the private sector.
• A directive governing AML mechanisms.

After multiple discussion rounds, on January 18, 2024, the EU Council and European Parliament reached a provisional agreement on the two key components of the EU AML and CFT package: the new AML/CFT Regulation and the 6th EU AML/CFT Directive.

Based on it, all rules that were applicable to the private sector are to be transferred to a new regulation, harmonizing regulations across the EU and closing potential loopholes that criminals use to launder money or finance terrorist activities. The directive, on the other hand, will address the organization of institutional AML/CFT systems at a national level across member states.

Once these documents are finalized, they will be shared with member states’ representatives in the Committee of Permanent Representatives and the European Parliament for approval. If accepted, they will be formally adopted by the Council and the Parliament, published in the EU’s Official Journal, and enacted.

3. PSD3 and PSR

On June 28, 2023, the EU Commission published new information regarding potential regulatory updates aimed at enhancing the payment services market and improving access to financial data. The suggested package of measures consists of proposals regarding the following initiatives:

Third Payment Services Directive (PSD3) & Payment Services Regulation (PSR)

PSD3 and PSR are set to address these challenges through:

• Improving Strong Customer Authentication (SCA) and Open Banking standards to enhance transaction security
• Prioritizing data protection and privacy to safeguard user information
• Implementing fraud protection measures and ensuring top-level consumer protection
• Introducing an IBAN/name-matching verification service
• Promoting innovation and growth by creating a unified regulatory framework and supporting cheaper international transactions

Once the European Parliament and Council review this proposal, it will proceed into its implementation phase in 2024-2025, with compliance from relevant parties required within 24 months from the moment it goes into full force.

The Financial Data Access Regulation (FIDA)

On the same day, the European Commission also announced the launch of the Open Finance Framework. As part of the European Digital Finance Strategy, its goal is to enhance consumer data access and reuse in various financial services.

One of the key aspects of this framework is the Financial Data Access Regulation (FIDA). It will focus specifically on consumer and business rights when it comes to managing shared data beyond payment accounts. For instance, it will introduce new elements like customer-controlled data usage, fees for data access, and improved API standards.

Overall, FIDA’s ultimate goal aligns with that of PSD3 - both initiatives are set to drive Europe toward Open Finance while promoting transparency and control over financial data.

4. Digital Operational Resilience Act (DORA)

DORA was first published on January 16, 2023, and is expected to be fully implemented by January 17, 2025. The goal of this act is to make cybersecurity rules consistent across European finance and set up unified plans for managing digital risks, warning signs, and emergencies.

DORA covers a wide range of finance-related businesses, including banks, investment firms, and payment services, all of which are required to improve their systems and test them by the assigned deadline. If they fail to do so, they will undergo sanctions, which are likely to negatively affect their operations and reputation.

5. Central Electronic System of Payment Information (CESOP)

CESOP is an initiative designed to tackle electronic VAT fraud in cross-border transactions within the European eCommerce sphere by prompting banks PSPs to submit payment data to financial authorities. Since January 1, 2024, this collected information has been centralized and continuously implemented for fraud prevention purposes.

6. Markets in Crypto-Assets (MiCA)

MiCA is a relatively new EU rule governing crypto-assets and stablecoins. This regulation is big news, as it’s the first comprehensive law of its kind globally.

The EU plans to have the whole system in place by late 2024 or early 2025. While this initiative will go into full force 18 months after its final release, the provisions regarding e-money and asset-referenced tokens will take effect straight away.

Summing Up: The Strategic Importance of Compliance

As you can see, there are plenty of legislative measures and rules that businesses in the financial industry need to keep track of. While it may seem like a daunting task at first glance, it is crucial to remember that these regulations represent an opportunity for businesses to embrace innovation while safeguarding consumer interests.

In other words, navigating regulatory change is not just a necessity but rather a strategic imperative for businesses aiming to thrive in the dynamic payment ecosystem. By proactively embracing these changes, PSPs and FIs can position themselves as leaders in the ever-evolving realm of financial services, fostering business resilience and consumer trust.