PSD3 Private Banking Luxembourg: Payment Services Impacts

ByBertrand Mariaux Updated on

As at 22 June 2026, the EU package is based on the draft Directive on payment services and electronic money services (“PSD3”) and the draft Payment Services Regulation (“PSR”), in their final compromise-text form. The applicable Luxembourg baseline remains the amended law of 10 November 2009 on payment services, electronic money institutions and settlement finality (“2009 Payment Services Law”).

Must-know point: for a private bank, the main operational impact is not PSD3 alone. It is the future PSR, because conduct, transparency, fraud and account-access rules move into a regulation.

PSD3 mainly addresses authorisation, supervision and prudential rules for payment institutions and electronic money institutions. The PSR carries the most visible operational changes: user information, rights and obligations, fee transparency, fraud prevention, account access and open banking. For a private bank, the practical consequences may affect several parts of the client journey. General terms and conditions for accounts and payment services should be checked to ensure that pre-contractual information, fees, execution times and user rights remain aligned with the new requirements. Digital interfaces and banking applications may also require changes to display certain information more clearly or to integrate new fraud-prevention controls. Operational teams should review procedures for payment processing, complaints and security incidents, while compliance and legal functions should monitor the rules on account access by third-party providers. For a private bank, the issue is therefore documentary, digital, operational and organisational rather than only institutional.

Three checks matter.

First, map the payment services actually provided. Cash accounts, cards, transfers, account-information access and digital journeys should be matched against the current obligations under the 2009 Payment Services Law.

Second, isolate the likely fraud-control changes. The PSD3 / PSR package strengthens several prevention and detection mechanisms. Points to monitor include fraud-related information sharing between providers, consistency checks between the beneficiary’s name and IBAN, fraud through impersonation of the payment service provider (“spoofing”), and certain adjustments to liability and reimbursement rules. For a private bank, these developments may affect internal controls, payment-validation journeys and information provided to clients.

Third, review fees, exchange rates, merchant-name visibility and open-banking access. At this stage, it is generally preferable not to draft a definitive new contractual clause immediately, because the European texts have not yet been finally adopted, PSD3 has not been transposed, and the PSR is not yet applicable. It is more useful to prepare an internal document identifying the differences, or gap register, between the current requirements under the 2009 Payment Services Law, the contracts currently used by the bank and the changes likely to result from the future PSD3 / PSR package. This work allows the bank to identify adaptations before the new rules effectively apply.

Connect with Bertrand Mariaux on LinkedIn. You can listen to the related podcast on ApplePodcast, Spotify, YouTube, or wherever you get your podcasts.

References:

Council of the European Union, press release of 27 November 2025, Payment services: Council and Parliament agree to step up the fight against fraud and increase transparency (https://www.consilium.europa.eu/en/press/press-releases/2025/11/27/payment-services-council-and-parliament-agree-to-step-up-the-fight-against-fraud-and-increase-transparency/)

Council of the European Union, document ST 8220/26, Confirmation of the final compromise text with a view to agreement (https://data.consilium.europa.eu/doc/document/ST-8220-2026-INIT/en/pdf)

Council of the European Union, document ST 8222/26, draft PSD3 Directive (https://data.consilium.europa.eu/doc/document/ST-8222-2026-INIT/en/pdf)

Council of the European Union, document ST 8221/26, draft PSR Regulation (https://data.consilium.europa.eu/doc/document/ST-8221-2026-INIT/en/pdf)

Legilux, consolidated version of the amended law of 10 November 2009 on payment services (https://legilux.public.lu/eli/etat/leg/loi/2009/11/10/n1/consolide/20250411)

Bertrand Mariaux is a certified Avocat à la Cour (admitted lawyer in Luxembourg, Liste I and Paris), holding an LL.B and LL.M (Hons).
He is an experienced lawyer with extensive expertise in investment funds, regulatory compliance, corporate & criminal law. Bertrand regularly contributes to legal publications and speaks at industry events, with a particular focus on financial regulation and corporate governance.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *