Regulatory Compliance

EBA finds progress but warns of divergence in EU payment authorisation processes

Thursday, 18 December 2025 7:54PM UTC

The European Banking Authority’s follow-up review reveals strides in authorisation efficiency but highlights ongoing discrepancies risking uneven supervision and potential regulatory arbitrage across the EU's payments ecosystem.

The European Banking Authority’s follow-up peer review of national authorisation practices for payment institutions (PIs) and electronic money institutions (EMIs) under the revised Payment Services Directive (PSD2) finds measurable progress but persistent divergence that risks uneven supervision and regulatory arbitrage across the EU. According to the EBA, 29 national competent authorities (NCAs) were assessed for actions taken after the original 2023 peer review, with the follow-up focusing on authorisation processes, implementation of the EBA guidelines on authorisation, governance, anti-money laundering/combating the financing of terrorism (AML/CFT) controls and local substance. ^[2]^[1]

The report records improvements in efficiency at many NCAs achieved through clearer public guidance, enhanced pre-application engagement with firms and streamlined procedural steps. Industry observers and summaries of the EBA’s findings note greater transparency and consistency in some aspects of the authorisation pathway compared with earlier reviews, reflecting the EBA’s sustained push for convergence under PSD2. However, the follow-up also documents significant variation in how deeply NCAs scrutinise applications. ^[2]^[3]^[5]

Authorisation timelines remain highly divergent, even where processes have been clarified. The EBA’s data show times from submission to authorisation ranging from roughly 4–6 months in several states to as long as 27 months in one member state, with a median elapsed time of 9.5 months. The authority attributes many delays to incomplete or low-quality applications and the time required for applicants to remedy identified deficiencies, while also urging NCAs to ensure they have sufficient resources to carry out timely, robust assessments. ^[2]^[1]^[3]

On substantive assessments, the follow-up notes that several NCAs have addressed earlier shortcomings, particularly in business-plan reviews and AML/CFT controls, yet gaps persist. Notably, the assessment of local substance , the demonstrable operational presence and activities of firms in the jurisdiction in which they seek authorisation , remains inconsistent across supervisors. The EBA warns that such inconsistencies could facilitate "forum shopping" by applicants seeking the most permissive or least-demanding regime. ^[1]^[5]^[3]

The EBA repeats recommendations from its earlier peer work that competent authorities should review authorisation resources and processes, and apply common criteria when assessing governance and the suitability of management. Industry-focused summaries draw attention to the EBA’s endorsement of proportionate application of the "three lines of defence" model where appropriate, and to calls for clearer boundaries between categories of payment and e-money services to reduce supervisory ambiguity. ^[3]^[5]^[7]

While the follow-up highlights progress, it makes clear that further convergence is required to deliver a level playing field and to maintain the integrity of the internal market for payments. The EBA calls on NCAs to continue aligning practices, to upskill and resource authorisation teams where necessary, and to raise the quality of both supervisory scrutiny and applicant submissions to shorten timelines without diluting supervisory standards. According to national and industry commentaries, achieving those aims will be essential to prevent fragmentation and to safeguard AML/CFT resilience across the EU’s payments ecosystem. ^[2]^[4]^[6]

##Reference Map:

^[1] (JD Supra) - Paragraph 1, Paragraph 3, Paragraph 4, Paragraph 6
^[2] (European Banking Authority press release) - Paragraph 1, Paragraph 2, Paragraph 3, Paragraph 6
^[3] (EBA peer review summary) - Paragraph 2, Paragraph 4, Paragraph 5
^[4] (Magyar Nemzeti Bank press release) - Paragraph 6
^[5] (Better Regulation service summary) - Paragraph 4, Paragraph 5
^[6] (JD Supra duplicate) - Paragraph 6
^[7] (EBA Peer Review Work Plan 2022-2023) - Paragraph 5

Source: Noah Wire Services

More on this

https://www.jdsupra.com/legalnews/eba-follow-up-peer-review-report-on-3185073/ - Please view link - unable to able to access data
https://www.eba.europa.eu/publications-and-media/press-releases/eba-publishes-follow-peer-review-authorisation-payment-institutions-and-electronic-money - The European Banking Authority (EBA) published a follow-up peer review on the authorisation of payment institutions and electronic money institutions under the revised Payment Services Directive (PSD2). The review assessed actions taken by 29 national competent authorities (NCAs) following the 2023 report, focusing on authorisation processes, implementation of EBA guidelines, governance, AML/CFT controls, and local substance. While most NCAs improved efficiency through clearer guidance and streamlined procedures, authorisation timelines remain divergent, ranging from 4-6 months to 27 months in one member state, with a median of 9.5 months. Delays are attributed to incomplete or low-quality applications and the time applicants take to address deficiencies. The EBA calls for further convergence to ensure a level playing field and robust supervisory practices across the EU.
https://www.eba.europa.eu/publications-and-media/press-releases/eba-publishes-peer-review-authorisation-under-payment - The European Banking Authority (EBA) published a peer review on the authorisation of payment institutions and electronic money institutions under the revised Payment Services Directive (PSD2). The review found increased transparency and consistency in the authorisation process but identified significant divergences in competent authorities' assessments and the degree of scrutiny of applications. The review sets out measures to address these divergences, aiming to level the supervisory playing field and mitigate against 'forum shopping'. The EBA recommends that competent authorities review their authorisation resources and processes to ensure they can scrutinise applications within a reasonable timeframe and ensure applicants have a 'three lines of defence' model where appropriate.
https://www.mnb.hu/en/pressroom/press-releases/press-releases-2023/eba-publishes-peer-review-on-authorisation-under-the-payment-services-directive - The European Banking Authority (EBA) published a peer review on the authorisation of payment institutions and electronic money institutions under the revised Payment Services Directive (PSD2). The review found increased transparency and consistency in the authorisation process but identified significant divergences in competent authorities' assessments and the degree of scrutiny of applications. The review sets out measures to address these divergences, aiming to level the supervisory playing field and mitigate against 'forum shopping'. The EBA recommends that competent authorities review their authorisation resources and processes to ensure they can scrutinise applications within a reasonable timeframe and ensure applicants have a 'three lines of defence' model where appropriate.
https://service.betterregulation.com/document/625840 - The European Banking Authority (EBA) published a peer review on the authorisation of payment and electronic money institutions under the Payment Services Directive (PSD2). The review covered a three-year period from 1 January 2019 to 31 December 2021. It found that the authorisation process has increased in transparency and consistency, with most competent authorities enforcing EBA Guidelines. However, it also found that scrutiny of applications varied in consistency, particularly in the assessment of business plans, governance, and internal controls. The review recommends that EBA clarifies several processes, including the boundaries between different categories of payment and e-money services and the criteria competent authorities should use in assessing the suitability of management.
https://www.jdsupra.com/legalnews/eba-follow-up-peer-review-report-on-3185073/ - The European Banking Authority (EBA) has published a follow-up peer review report on the authorisation of payment institutions (PIs) and electronic money institutions (EMIs) under the revised Payment Services Directive (PSD2). The review assessed actions taken by 29 national competent authorities (NCAs) following the 2023 report to address recommendations on authorisation processes, implementation of the EBA guidelines on authorisation, governance, AML/CFT controls, and local substance. While most NCAs improved efficiency through clearer guidance, pre-application engagement, and streamlined procedures, authorisation timelines remain highly divergent, ranging from 4-6 months to 27 months in one member state, with a median of 9.5 months. Delays are attributed to incomplete or low-quality applications and the time applicants take to address deficiencies. The EBA calls for further convergence to ensure a level playing field and robust supervisory practices across the EU.
https://www.eba.europa.eu/sites/default/files/document_library/1022252/EBA%20Peer%20Review%20Work%20Plan%202022-2023%20%28October%202021%29.pdf - The European Banking Authority (EBA) published its Peer Review Work Plan for 2022-2023, in accordance with Article 30(8) of the EBA Regulation. The plan outlines the peer reviews to be conducted over the two-year period, including a peer review on the EBA Guidelines of the authorisation and registration under PSD2. These guidelines support the objective of PSD2 of contributing to an integrated payments market across the European Union, ensuring a consistent application of the legislative framework for payment services and electronic money institutions.

Noah Fact Check Pro

The draft above was created using the information available at the time the story first emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed below. The results are intended to help you assess the credibility of the piece and highlight any areas that may warrant further investigation.

Freshness check

Score: 10

Notes: The narrative is based on the European Banking Authority's (EBA) recent publication dated 5 December 2025, indicating high freshness. ([eba.europa.eu](https://www.eba.europa.eu/publications-and-media/press-releases/eba-publishes-follow-peer-review-authorisation-payment-institutions-and-electronic-money?utm_source=openai))

Quotes check

Score: 10

Notes: The narrative does not contain any direct quotes, suggesting originality.

Source reliability

Score: 10

Notes: The narrative originates from the EBA, a reputable organisation, enhancing its reliability.

Plausibility check

Score: 10

Notes: The claims align with the EBA's findings and are consistent with other reputable sources, indicating high plausibility.

Overall assessment

Verdict (FAIL, OPEN, PASS): PASS

Confidence (LOW, MEDIUM, HIGH): HIGH

Summary: The narrative is fresh, original, and originates from a reliable source. The claims are plausible and consistent with other reputable sources, leading to a high confidence in the assessment.

EBA
Payment Institutions
Electronic Money
PSD2
Regulatory Divergence