New payment services directive (PSD3): how to find the right balance between protection and flexibility?

After PSD2, which has been in effect in Europe since 2019, in June 2023 the European Commission presented its proposals for further modernising payment services and the financial sector as a whole. PSD3’s challenges include making payments in Europe more secure, increasing user trust in payment services and protecting them more, and boosting innovation, notably by accelerating the sharing of data between players.

This body of text will therefore open up new opportunities for individuals, retailers and companies in terms of financial inclusion, payment security and new services. 

For corporates in particular, PSD3 should result in new measures relating to an improvement in open banking services and the putting in place of new tools to fight and minimise fraud. 

At this stage of the discussions and requirements relating to the legislative timetable, we feel that it is important to focus on one of the topics corporate treasurers will need to prepare for: the implementation of “Verification of Payee” (or VoP), an additional level of security for outgoing transfers.

VoP: an additional layer of security for transfers

VoP will have to be put in place by financial institutions no later than 9 October 2025 for PSPs (payment service providers) within the eurozone, as required by the End Date regulation on SEPA instant transfers. As an extension of this, PSD3 – whose texts are currently being discussed – foresees the generalisation of this service to all other types of transfers at the end of 2026 (for intra-European transfers) and in 2027 (for transfers outside the EU zone), subject to the directive being adopted in early 2025. This is a particularly tight timetable given the challenges, and notably the operational and technical challenges!

In practical terms, VoP requires banks to provide a service verifying that the beneficiary’s IBAN matches their trade name / corporate name prior to any instant or standard transfer. The goal is to add an extra layer of security to guard against fraud and input errors. If the two cannot be matched, the client will still be able to override this step and enforce the transfer if they wish. They will also have the possibility of activating and deactivating this service upon request. All this at no extra cost.

An undeniable need for harmonisation and cooperation across Europe – and more?

This deployment entails close cooperation and coordination between all players in the eurozone payment services ecosystem, notably in terms of setting the rules relative to “no match” situations (when the IBAN does not match the trade name / corporate name) and “almost match” (when they only partially match). Moving forward together also represents the only way to minimise the impacts for clients, in regard to user experience and processing time, including the integration of high volumes of files in clients’ IT systems. 

The market authorities and interbank work groups thus have a major role to play in establishing a global vision of this topic and moving towards a harmonisation of protocols and procedures. Ideally – for both clients and banking institutions – a (very) swift European consensus will be achieved resulting in the implementation of a single mechanism for carrying out IBAN verifications. 

What are the implications for corporate clients?

The major challenge being the implementation of VoP on payment initiation channels via electronic file transfer, corporate treasurers are obviously stakeholders. To best prepare for future developments, they need to contribute to the thought process and be included by participating in market work in the various work groups. They can notably begin defining processes for enhancing the reliability of and pre-validating their databases of third-part beneficiaries, to avoid friction at time of payment and too great a number of rejections when VoP is deployed, in particular for mass transfers.

Although, at this stage, questions still remain regarding the deployment of the VoP service, it is clearly established that banks will strive to ensure the most seamless and harmonised system possible for their clients, while complying with their regulatory obligations.