How to harmonize conflicting AML and PSD3 mandates in Europe

Europe’s financial sector is at a turning point. On one side, strict Anti-Money Laundering (AML) regulations demand steadfast vigilance and compliance. On the other, the Payment Services Directive 3 (PSD3) is pushing for instant payments to meet the demands of an increasingly impatient digital economy. For both traditional financial institutions and emerging fintechs, this creates a high-stakes challenge: how to ensure payments are secure while moving at lightning speed.

The Clash: AML Rulebook vs PSD3

Aware of the growing threat posed to its financial system by money laundering, financial crime and fraud attacks, the European Union has recently overhauled its anti-money laundering (AML) framework. 

Regulation (EU) 2024/1624, commonly known as the Single Rulebook Regulation, harmonizes AML rules across all EU member states. Among the rules that are set to apply from July 10, 2027, there are Article 13, mandating exhaustive due diligence checks to verify customer identity and assess risk, as well as Article 35, requiring constant monitoring of transactions to identify suspicious activity. The stakes are high, with violations leading to hefty fines and reputational consequences that should not be underestimated. To ensure that violations or oversight are promptly investigated, the EU has also established a centralized EU authority. Headquartered in Frankfurt, the Anti-Money Laundering Authority (AMLA) is expected to commence operations in 2025.

At the same time, the Third Payment Services Directive (PSD3), rolled out by the European Commission in June 2023, is a direct response to growing consumer demand for faster financial services. Article 8 leaves little room for ambiguity: instant payments, in euros, are to be processed in under ten seconds. The European Parliament has backed this push, even proposing penalties for institutions that fail to meet these expectations. This consumer-first approach is a game-changer. For an everyday user, waiting days for a bank transfer feels incredibly outdated as a process. But for compliance teams, ten seconds can feel like a ticking time bomb, especially when AML checks typically require time to scrutinize transactions thoroughly.

Regulatory Provisions to Break the Deadlock

The tension between these two priorities did not go completely unnoticed by the regulators. In fact, a closer examination of the rules reveals that some provisions have been included or introduced at a later date to soften the blow.

Specifically, PSD3 allows financial institutions to delay suspicious payments by up to 72 hours. This gives compliance teams breathing room to conduct fraud checks while ensuring most legitimate transactions still move instantly. It’s a compromise that shows a regulatory understanding of the real-world challenges financial institutions face.

Meanwhile, the EU AML Single Rulebook introduces Article 75, which encourages institutions to establish information-sharing partnerships about suspicious transactions. By creating a network of collaborative oversight, this measure could help catch bad actors more efficiently without slowing down instant payments unnecessarily. You can think of it as the financial sector’s version of crowdsourcing intelligence.

Technology's Role in Bridging the Divide

While regulators tweak the rules, the private sector is also stepping up with solutions that marry speed and security. An increasing number of providers are offering advanced tools to helps FIs navigate the AML-PSD3 dilemma more confidently.

Among these tools, automated digital footprint analysis is growing in popularity and effectiveness. This type of solutions allow fraud and compliance teams to quickly assess the risk profile of customers by examining each user’s digital attributes, behaviors and patterns, from their email address and phone number, to their IP address and device. Within seconds, fraud and compliance teams can confidently assess whether an individual signing up for a service or receiving a payment is genuinely who they claim to be.

Digital footprint analysis usually relies on the use of Open-Source Intelligence (OSINT). Although OSINT has its roots in the 1940s, only in recent years its true potential has become evident. Over the past decade, unprecedented advancements in API and machine learning technology have accelerated the expansion of OSINT, making it possible to embed real-time and fully silent checks into every sign-up, login and transaction attempt as a vital first line of defence. 

These tools are crucial for detecting potential fraudsters and synthetic identities - aka those that are the result of a mix of fabricated and real personal information - before transactions are processed. Paired with customisable rule engines and predictive analytics based on machine learning, OSINT checks offer a powerful way to detect inconsistencies or suspicious users without impacting the speed of payment processing.

The Road Ahead

The AML-PSD3 dilemma isn’t going away anytime soon. But with the right mix of regulatory foresight, technological innovation, and industry collaboration, a balance can be struck. The ultimate goal is clear: payments that are not only fast but also safe. For consumers, this means greater trust in the financial system. For the industry, it’s an opportunity to redefine what modern finance looks like.

The road ahead is challenging, but it’s also full of promise. If regulators, institutions, and innovators can align their efforts, Europe’s financial sector might be able to have its cake and eat it too: delivering instant payments while maintaining robust defenses against fraud and money laundering.