PSD3 / PSR Readiness Checklist: Your Compliance Roadmap

Alejandro Martínez · 2026-06-23

### Why PSD3 and PSR Matter Now The Payment Services Directive 3 (PSD3) and the Payment Services Regulation (PSR) are reshaping how payment services operate across Europe. If you're a compliance professional or fintech leader, you've likely heard the buzz. But what does it actually mean for your daily work? Let's break it down. This checklist is based on the Malta Financial Services Authority's (MFSA) DEAR CEO letter, which outlines minimum expectations for authorized persons. It's not just about ticking boxes. It's about staying ahead of regulatory changes that could impact your business model. ### What's in the MFSA's Minimum Expectations? The MFSA letter highlights several key areas you need to address: - **Governance and oversight**: Your board must actively oversee PSD3 readiness. - **Risk management**: Update your frameworks to cover new requirements. - **Customer protection**: Enhanced transparency and dispute resolution processes. - **Operational resilience**: Strengthen IT systems and incident reporting. - **Data privacy**: Align with GDPR and new payment-specific rules. Think of it like this: regulatory compliance isn't a one-time project. It's an ongoing conversation between your team and the authorities. The MFSA is essentially asking, "Are you ready for the next wave?" ### Your PSD3 / PSR Readiness Checklist Here's a practical checklist to get started. Consider it your roadmap, not a final destination. #### 1. Assess Your Current Compliance Gap Start by mapping your existing processes against PSD3 requirements. Where are the gaps? Common areas include: - Strong customer authentication (SCA) exemptions - Open banking API standards - Reporting obligations for incidents Don't panic if you find gaps. That's normal. The key is to prioritize based on risk. #### 2. Update Your Policies and Procedures Your compliance manual likely needs a refresh. Focus on: - New definitions for payment services - Updated rules for third-party providers - Enhanced consumer rights, like refunds for unauthorized transactions Think of it as spring cleaning for your documentation. It's tedious, but it pays off. #### 3. Train Your Team Your staff needs to understand the changes. Run workshops or webinars. Cover topics like: - How PSD3 affects customer onboarding - New reporting timelines - Changes to liability rules Remember, compliance is everyone's job, not just the legal team's. #### 4. Test Your Systems Before the deadline, run simulations. Test your SCA implementation. Check your incident response plan. Make sure your APIs talk to other systems smoothly. A good rule of thumb: if it breaks in testing, fix it before go-live. ### Common Pitfalls to Avoid - **Waiting too long**: Start now. Regulators are watching. - **Ignoring smaller changes**: Even minor updates can trip you up. - **Not involving the board**: Executive buy-in is critical. > "Compliance isn't a cost. It's an investment in trust." — Dr Justine Scerri Herrera, Founder & Managing Partner ### Next Steps This checklist is a starting point. For tailored guidance, consider working with legal experts who specialize in fintech regulation. They can help you navigate the nuances. If your compliance team needs legal support and guidance on PSD3 compliance, reach out to contactmkfintech@kyprianou.com. Dr Justine Scerri Herrera and her team are ready to assist. Remember, the goal isn't just to comply. It's to build a resilient, customer-focused payment system that thrives under new rules.