Engage
The EU's Open Banking Regulation Triumvirate in 2024
2024 is shaping up to be a signature year for all stakeholders in the broader open banking, open finance and embedded finance ecosystems. In Europe, three key regulations — a regulatory triumvirate — have been proposed and have clear implementation dates set with regulatory requirements for all stakeholders:
- Instant payments regulations (Instant Credit Transfers in Euro)
- Electronic Identity (eID) and digital wallets regulation (European Digital Identity Framework)
- Next evolution of the core open banking regulation (the Third Payments Services Directive)
For any open banking related organisation operating in Europe, 2024 will involve a significant work program to prepare for the new regulatory requirements coming in. Stakeholders operating in other jurisdictions including UK, Australia, and Brazil should be watching closely, as those countries also have similar agenda in relation to digital identity and instant payments1. In addition, specific regulatory components (such as the verification of payee requirements under instant payments regulation) have the potential to influence global approaches in a similar way to how the introduction of the General Data Protection (GDPR) regulation and Second Payments Services Directive (PSD2) influenced the global regulatory environment. European regulations will also impact global providers operating in Europe, although implementation deadlines are stretched somewhat for these players.
The three regulations working together also represent a fundamental shift from open banking towards open finance.
Regulation | Instant Credit Transfers in Euro | European Digital Identity framework | PSD3 (including Payments Services Regulation and Financial Data Access Framework) |
---|---|---|---|
Summary | Single European Payments Area (SEPA) Instant Payments require that up to €100k can be transferred within 10 seconds, anywhere in the SEPA zone, 24/7/365. All banks and payment providers are mandated. When making the payment, the payer should be able to verify that the payee information is correct before making the transfer (verification of payee) and will have rights to compensation if that is not available. Payers should also be informed within 10 seconds when a payment has been successfully made. | An EU Digital Identity modelled on the Electronic Identity and Trust Service (eIDAS) will be available to all European citizens, residents and businesses. It will be able to be used to store and confirm personal information. This will enable citizens across the EU to have a unique and secure European digital wallet while remaining in full control of their personal data. It can be used for both online and offline public and private services within the EU. | The evolution of the Second Payments Services Directive (PSD2) into the PSD3 includes a legislative package aimed at building on existing approaches. Payment service providers and fintechs will be given greater access to European payment systems. A financial data framework will be established. Some security and fraud measures will be strengthened. |
Official source | https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32024R0886 | https://oeil.secure.europarl.europa.eu/oeil/popups/ficheprocedure.do?reference=2021/0136(COD)&l=en | https://www.europarl.europa.eu/doceo/document/A-9-2024-0046_EN.html |
Governance | Agreed by European Parliament on 7 February 2024
| Act adopted by Council after European Parliament reading on 26 March 2024
| Committee report tabled for plenary, 1st reading on 21 February 2024 Agreed by European Parliament on 23 April 2024 |
Individual fintech and banks that met with decision-makers during the development of the regulation (banking and payments associations excluded) | Modulr Deutsche Bank Qonto Intesa San Paolo Wise Bank of Ireland Bizum Stripe | Google Apple | Apple Amazon Web Services American Express Mastercard TrueLayer |
Implementation dates
| From January 2025 all euro area banks must be able to receive instant credit transfers From October 2025, all euro area banks must be able to send instant credit transfers with mandatory verification of payee. By the middle of 2025, Member States will have to update their national laws to allow payment institutions and e-money institutions to access payment systems directly. | Financial institutions, and payment service providers must start preparing to meet the new regulatory requirements (2025). Though private user participation is optional, the aim is to equip over 80% of Europeans with digital wallets by 2030. | 2026 |
In addition, work on a digital European currency regulation also progresses, but we believe most stakeholders can keep a watching brief on this. We will discuss some aspects in a blog post later this week, but overall, we believe there needs to be more clarity around the potential use cases and problems that digital currency is planning to solve before the majority of stakeholders need to make commitments for major strategic work programs.
While there are some excellent articles and resources addressing each of these three regulatory processes, we found it challenging to locate a single overview that highlights the impact of all three regulations on the open banking ecosystem. Because of the way that the regulations have been developed and will be unfolding, we think it is important to consider all three together.
For example, the instant payments regulation stipulates that banks and payment providers must be able to receive instant payments for their customers by January 2025 (and be able to send from October 2025). Meanwhile digital identity regulations have requirements set for 2026. Banks and fintech would be better placed to begin building a digital identity and customer authentication/verification strategy that can be tested initially by meeting instant payments requirements and growing from there into a more comprehensive digital wallet. This could reduce duplication, augment organisational knowledge, and enable faster identification of potential business models in open banking if they were seen as phases of a single work program rather than as separate compliance activities.
Overall, these regulations highlight four common themes:
1. Enhanced digital security/fraud prevention
2. Strengthened consumer data rights
3. Shifting ecosystem roles for banks, fintech and other stakeholders
4. Expanded digital financial service opportunities and solidifying of embedded finance service delivery.
Join us over the coming days as we explore each of these themes, and how all stakeholders in the open banking/open finance ecosystem can prepare for the new regulatory environment across Europe.
See part 2 on security and fraud prevention here: https://platformable.com/blog/the-eu-open-banking-regulation-security-fraud-prevention
See part 3 on consumer privacy and changing ecosystem roles here: https://platformable.com/blog/ecosystem-roles-open-banking-eu
Article references
Regulatory milestones also face other countries, but those work programs focus more on standards and general financial data sharing. All the same, those countries including the US, New Zealand, Jordan, Colombia, and Kenya may want to keep track of the rollout in Europe, especially where it crosses over with those two topics. See our Open Banking Trends reports for more detailed information on upcoming regulatory milestones.
Mark Boyd
DIRECTORmark@platformable.comMariana Velázquez
SENIOR ANALYSTmariana@platformable.com