Payment Services – 2023 Regulatory Outlook


2023 is expected to be a year of consolidation for the payments’ sector ahead of a major regulatory reform brought about by the so-called PSD3 beyond 2023.   Payment services firms need to be mindful of the worsening economic realities which may impact financial resilience.

Business Outlook – Expect economic headwinds

The pandemic has undoubtedly boosted payment services firms, drawing significant interest from investors into this growing sector.  The usage of digital payments has seen exponential growth year-on-year in the past three years.  However, heading into 2023, the economic landscape looks starkly different.  Due to the global economic downturn, it is quite plausible that payment volumes shall drop as consumer spending power continues to decrease, while firms offering deferred payment products may experience delays in customer repayments.  This may strain firms’ financial resilience leading to the need to refocus on cost-cutting measures.  Start-ups might face a steeper growth curve to achieve long-term sustainability. 

Meanwhile, payment services firms need to remain vigilant of the competitive threat posed by new payment technologies such as blockchain and Non-Fungible Tokens (‘NFTs’), the mainstreaming of payments through crypto assets as well as the ever-growing presence of big-techs in the payments sphere.

Regulatory Outlook – No significant changes expected but keep an eye on PSD3

With the EBA having exhausted its legislative mandates under PSD2, we do not expect any changes to the prudential regulatory framework in 2023. In the EU, all eyes are on the European Commission to see what legislative proposals emanate from its ongoing PSD2 review. In response to the European Commission’s Call for Advice on the review of PSD2, the EBA published in June 2022 an Opinion and a detailed Report putting forward more than 200 proposals. It is expected that any legislative proposals will set the wheels in motion for PSD3, which is however coming into force well beyond end 2023 in view of the long-wielded EU legislative processes.

In addition, the Commission’s 2020 retail payment strategy also emphasises the need for an EU-wide instant payments scheme. The Commission has proposed legislation to help bring this to life. The draft law aims to make instant euro payments available to all citizens and businesses holding a bank account in the EU by amending the 2012 SEPA Regulation. The text will be scrutinised by the European Parliament and Council over the course of 2023.

Supervisory Focus – Expect the continuation of 2022 MFSA Supervisory Priorities

While the MFSA is yet to issue its 2023 supervisory priorities document (which is usually issued mid-Q1 annually), we expect that the MFSA’s supervisory strategy to largely represent a continuation of the 2022 supervisory priorities.  Similarly, the EBA’s European Supervisory Examination Programme (ESEP) published in October 2022, focuses on recurring themes from the previous ESEPs, albeit considering emerging risks from the new economic realities.  Under convergence rules, national competent authorities are required to shape their supervisory priorities on the annual ESEP issued by the European Supervisory Authorities (ESAs). 

Based on the above and given the economic context, we expect the regulator’s focus on the following areas, at both the authorisation and on-going supervision phases:

  • Financial Resilience – the regulator will want to see that firms have sufficient capital, liquidity and resources to operate their business. In this context, an adequate capital plan is necessary to mitigate such risk;
  • Consumer protection – payment services firms need to ensure that clients’ funds are safeguarded in line with regulatory requirements at all times. Firms are required to have in place appropriate (bespoke) safeguarding policies and accompanying procedures;
  • Governance – firms are to ensure that directors and key function holders have adequate skills and experience for the role they hold, as well as being fit and proper persons. In this context, and in view of the shortage of skilled resources in the local market, talent acquisition and retention are key to ensuring a robust governance structure;
  • Operational Resilience – the pandemic and the Russian invasion of Ukraine has led to an enhanced level of cyber-security risks forcing payment firms to continue building their operational resilience by placing security at the forefront in system design. Firms are furthermore expected to ramp up their preparations to bridge any gaps with the newly introduced Digital Operational Resilience Act (DORA) which shall be fully applicable by Q1 2025.
  • Financial Crime Compliance – the regulatory drive to ensure that financial services firms are not exploited for money laundering and financing of terrorism activities is expected to be sustained in 2023.

UK business – End of the Temporary Permissions Regime and Regulatory Divergence

2023 is a watershed year for payment services firms operating a business model which incorporates UK business.  The post-Brexit UK Temporary Permissions Regime (TPR) is scheduled to cease at the end of 2023, with all applications made for full authorisation made by TPR firms expected to be processed by the UK Financial Conduct Authority (FCA) during the year.  UK industry analysts report that while the FCA has pledged to go through the backlog of applications in time, it is apparent that it is adopting a more assertive approach to authorisation, implying a higher incidence of refusals.

Following the publication of “Edinburgh Reforms” in December 2022, the UK has set in motion reforms which will lead the UK regulatory framework to diverge from the EU model.  The “Edinburgh Reforms” include 30 proposals aimed at taking advantage of Brexit freedoms.  This presents complexities to firms operating across the UK and the EU/EEA.  Where there is divergence, such firms will have to ensure awareness and compliance with both sets of requirements.


Sustainable Finance – ESG in payments

In the EU to date, various legislative acts have been introduced in the field of sustainable finance, none directly targeting payment and e-money institutions. These include the Sustainable Finance Disclosure Regulation (SFDR), the Non-Financial Reporting Directive Regulation (NFRD) and the Taxonomy Regulation. Additionally, the Corporate Sustainability Reporting Directive (CSRD) in the EU, although not directly applicable to payment and e-money institutions, makes such companies accountable to their shareholders on ESG matters.



Over time, ESG regulation is likely to increasingly affect payments firms, whether at the investor level, within an existing regulatory framework or as a completely new kind of requirement. ESG is likely to mean increased regulatory requirements, adding to the burden. However, ESG as a topic, if embedded into the business model, can be transformed into an opportunity.  Such firms are more likely to be perceived by consumers and investors as responsible and able to mitigate risks, thereby eventually increasing shareholder value. 

In conclusion, the general trend is clear: while there is no expectation for significant changes to regulatory requirements and supervisory expectations in 2023, payment services firms need to tackle various exogenous risks emanating from their operating environment.  In doing so, as regulated companies, they need to demonstrate their ability to invariably comply with applicable regulatory requirements.

Embark (Malta) Ltd can provide you with specialist advisory services in relation to your payment and/or e-money business.   We also provide ongoing regulatory compliance support to institutions on a retainer basis.

If you require any further information and/or assistance, contact us!

This article was authored by Pierre-Paul Gauci (Senior Advisor – Regulatory and Business)