PSD3 & PSR: New regulations. New risks. New opportunities.
Classification for decision-makers
With PSD3 and the accompanying PSR, the European Commission is laying the foundation for a harmonized, secure, and open payment ecosystem. The reforms tighten requirements for security, fraud prevention, customer authentication, data access, and interfaces—and define a significantly more demanding liability regime.
This affects all credit institutions, payment institutions, e-money institutions, and payment service providers. The changes have a profound impact on processes, systems, and governance structures. Many institutions are thus facing one of the biggest regulatory changes in recent years.
You can find out more in the white paper.
The key reform elements of PSD3 & PSR
- Extended verification of payee (VoP) requirement for all SEPA and real-time transfers
- Stricter requirements for strong customer authentication (SCA)
- Mandatory exchange of fraud data between payment service providers
- Uniform requirements for API standards, monitoring, and reporting
- Embedding in IPR, FIDA, and the European data strategy
New liability rules and operational implications
- Significantly stricter liability regime for authorized and unauthorized payments
- Greater burden of proof on the payment service provider
- Obligation to maintain consistent authorization documentation
Technical requirements and interface modernization
- Development of powerful, scalable architectures for VoP and fraud mechanisms
- Standardized APIs based on modern security protocols (OAuth 2.0, FAPI)
- Monitoring and reporting obligations in accordance with DORA
Fraud data exchange in practice
- Requirements for data pipelines, data layers, IT security, and DPIA
- Operational challenges during implementation
- Transformation of fraud models and control mechanisms
How KPMG & GFT support financial institutions with implementation
- Regulatory expertise (KPMG): Requirements analysis, governance, implementation planning
- Technical implementation expertise (GFT): Architecture design, platform adaptations, Smaragd-based solutions
- Specific implementation scenarios for fraud prevention, API modernization, and open finance requirements
Why act now?
The regulatory requirements are complex, heterogeneous, and deeply intertwined.Those who wait will later face tight deadlines, parallel system changes, and unnecessarily high transformation costs. Institutions that start early secure clear advantages:
Risk reduction
through robust fraud and API infrastructures
Planning reliability
by clarifying liability issues in a timely manner
Cost efficiency
through integrated, scalable technical solutions
Competitive advantage
in the open finance environment
KPMG & GFT - A good choice
KPMG and GFT combine regulatory depth and technological implementation expertise. The white paper shows how both partners work together to:
- Translate complex regulatory requirements in a structured manner
- Develop architectures that are scalable, secure, and pass audits
- Efficiently map critical requirements such as VoP, fraud detection, API governance, and reporting with solutions such as the Smaragd Compliance Suite
Download white paper now
Get the full 20-page white paper from KPMG and GFT on PSD3 & PSR – with clear recommendations for action, implementation examples, and technical implications for your institution.