The relationship between innovation, growth and regulatory compliance is not always easy. As regulators ramp up their oversight and supervision of payment and e-money firms, Arthur Cox is here to support you to ‘move fast and fix things.’

Move Fast: A Shifting Paradigm

As proven time and again, the financial cost to firms who take the worldview of ‘move fast and break things’ can be significant. In the words of Frei and Morriss (2023) in Move Fast & Fix Things: The Trusted Leader’s Guide to Solving Hard Problems:

“The most effective leaders solve problems at an accelerated pace, while also taking responsibility for the success and well-being of their customers, employees and shareholders. They move fast and fix things.”

As regulators work to keep up with the continuous innovation in the financial services and fintech industries, payment and e-money firms should expect to see a more sophisticated and technologically advanced approach to regulatory supervision and scrutiny. In preparation for this, we have set out some of the key changes and developments which these types of firms should expect to see over the next twelve months.

New Payment Directives and Regulations

A number of new directives and regulations will come into effect during 2025 as the European Commission works to create an efficient and integrated market for payment services and to foster competition and innovation in the e-money services sector, including:

• The Instant Payments Regulation (“IPR”) which applies to payment service providers (including payment institutions) (“PSPs”) who operate within the Euro-area and who send and receive instant credit transfers.
  • From 9 January 2025, PSPs must be able to receive instant euro payments i.e. within 10 seconds, requiring significant infrastructure and operational upgrades.
  • By October 2025, PSPs must be able to send instant euro payments, which means addressing verification of payee, bulk payments and liquidity management challenges.
  • Click here for more information on the requirements introduced by the IPR.  

• The finalised versions of the third Payment Services Directive (“PSD3”) and the Payment Services Regulation (“PSR1”) are expected to be published later in 2025 once finalised in trilogues, applying 18 months after publication in the Official Journal (most likely in Q2 2027). While PSD3 is intended to deal primarily with the authorisation and supervision of payment institutions, PSR1 introduces additional measures which are intended to:
  • Increase market competition
  • Improve client experience and protection (with a particular focus on combatting authorised push payment fraud)
  • Enhance security and fraud prevention measures; and
  • Streamline the regulatory framework for e-money firms by merging the existing PSD2 with the E-Money Directive.

Change in Supervisory Approach

As of January 2025, the supervisory model and operating structure of the Central Bank of Ireland (“Central Bank”) are undergoing a significant change programme. Among these changes is the introduction of Payment and E-Money Institutions Supervision Division, led by the former Head of the Central Bank’s Anti-Money Laundering Division.

It is too early to say exactly how the frequency and intensity of interactions between payment and e-money firms and the Central Bank may change. However, as with all leadership changes, it is the perfect opportunity for the Central Bank, as mentioned on their website, to engage with firms as they seek to regulate and supervise “the emerging risks to consumers and investors from the new ways in which they can buy, acquire, use and engage with financial services.

Supervisory Follow Up

Following on from the Dear CEO letters issued to Payment and E-Money Firms in both 2021 and 2023, and the resulting Safeguarding Audit that ensued, we fully expect the Central Bank to reassess whether the industry has matured and has moved away from the ‘tick-the-box’ approach to regulatory compliance which the Central Bank had observed in some firms.

By now, firms should be able to clearly demonstrate how they approached each of the concerns raised in the 2023 Dear CEO letter as well as how they have addressed any findings arising from the mandated Safeguarding Audit, to ensure that any additional controls and measures implemented are working. Any gaps which have not yet been addressed should be dealt with as a matter of priority.

How can we help?

Over the year, payment and e-money firms will need to grapple with a significant volume of regulatory change combined with an expected up-tick in regulatory engagement as the changes at the Central Bank take effect.

At Arthur Cox, our team of experts from across the firm are here to support you in implementing the required changes and to assess your maturity against the Central Bank’s expectations. To find out more about how we can help you, see our Payment and E-Money Firms Brochure or contact any member of the team directly.