Europe’s payments revolution is about to begin a new chapter. On 28 June 2023 the European Commission unveiled a wide‑ranging payments package that will supersede today’s PSD2 rule book with a third Payment Services Directive (PSD3) and a companion Payment Services Regulation (PSR). The draft measures aim to make digital payments safer, more competitive and more open, while dovetailing with a proposed Financial Data Access Regulation (FIDA) that will extend secure data sharing well beyond payments. For Malta’s fast‑growing community of payment, e‑money and crypto‑asset providers, the reforms promise both opportunity and disruption, demanding early strategic choices if firms are to convert compliance into competitive advantage.
A new chapter after PSD2
Since PSD2 took effect in 2018 transaction volumes have surged and open‑banking interfaces have become a fixture of European finance, yet rapid growth has also exposed loopholes. Fraud losses still exceeded four billion euro across the European Economic Area in 2022 despite the benefits of strong customer authentication, and non‑bank payment providers continue to struggle for reliable access to settlement systems and safeguarding accounts. The Commission has therefore proposed PSD3 to modernise licensing, mandate fair infrastructure access and strengthen consumer protection.
Legislative progress
The legislative timetable is moving quickly. The European Parliament adopted its first‑reading position on PSD3 and the PSR on 23 April 2024 with an overwhelming majority, sending the texts into trilogue negotiations with the Council and the Commission. Ministers are expected to agree their common stance later this year, and EU officials anticipate a final compromise early in 2025. Because both the directive and the regulation allow an eighteen‑month application period, Maltese institutions are likely to work under the new regime from mid‑2027, leaving roughly two years for implementation once the final text is published.
What PSD3 actually changes
PSD3 merges today’s separate payment‑institution and e‑money licences, making electronic‑money institutions a category of payment institution and removing the double authorisation burden. Non‑bank providers gain a statutory right of fair, risk‑based access both to payment systems and to basic bank accounts that hold safeguarded client funds. Consumer protection rises through mandatory refunds of certain authorised push‑payment scams and stricter strong customer‑authentication standards. Supervisors receive faster incident‑reporting channels and harmonised sanction powers, while the technical provisions are explicitly aligned with FIDA so that secure data sharing can expand into mortgages, investments and other products.
Implications for Maltese firms
For Malta’s payment and e‑money institutions the reforms are at once a challenge and a chance to leap ahead. Businesses licensed as electronic‑money institutions should map the forthcoming single licence onto their capital, safeguarding and governance arrangements now to avoid a last‑minute scramble. Product teams ought to prioritise high‑availability application programming interfaces and granular consent dashboards so that open‑finance use cases can launch on day one. Risk managers will need stronger scam‑detection analytics and automated refund workflows to meet the new strict‑liability standard, while commercial teams should document objective criteria when requesting settlement or safeguarding accounts from correspondent banks so that PSD3’s legal right becomes a practical tool for growth. Board‑level oversight will also tighten as supervisors gain broader powers to impose personal fines and apply more demanding fit‑and‑proper tests.
How FIMA will support the transition
The Fintech and Innovation Malta Association (FIMA) defines its mission as to unite, strengthen and facilitate innovation by encouraging collaboration between government, financial institutions and start‑ups and positioning Malta as a progressive fintech jurisdiction. Membership, available to licensed entities for an annual fee of €250, provides knowledge‑sharing events, direct channels to regulators and opportunities to publish thought leadership on FIMA’s website. As PSD3 approaches, FIMA is preparing workshops that will decode the final legislative text, co‑ordinate industry feedback during trilogues and lobby for proportionate implementation that reflects Malta’s scale.
From compliance to competitive edge
PSD3 is more than a tidy‑up exercise: it is Europe’s blueprint for a safer, more competitive and data‑driven payments future. Maltese institutions that refresh their licences early, modernise their interfaces and embed robust refund governance can transform mandatory compliance into strategic advantage. By engaging with FIMA’s working groups now, local fintechs have the opportunity not only to adapt to the new rules but to help shape the payments landscape of the coming decade.
