Konsentus Powering Trust in Open Ecosystems

When AML Meets Open Banking: How the New EU AML Regulation will Reshape Access, Assurance and Trust

AML reform is changing the rules of Open Banking. Discover how the new EU AML framework and PSD3 redefine access, assurance and trust for ASPSPs.

Share This Post

The introduction of PSD2 Access-to-Accounts in September 2019, marked a significant step in the development of Open Banking across Europe. For many Account Servicing Payment Service Providers (ASPSPs), its initial implementation was necessarily pragmatic and compliance-driven, focused on meeting regulatory deadlines and enabling access in line with new legal obligations.

The regulatory landscape has now evolved.

With the introduction of PSD3 and the Payment Services Regulation (PSR), alongside Regulation (EU) 2024/1624, the European Union has made clear that Open Banking must operate as trusted, resilient financial market infrastructure. The emphasis has shifted from initial enablement to ongoing assurance, from periodic validation to real-time control, and from fragmented national approaches to consistent, pan-European oversight.

In this document we outline:

  • How regulatory expectations have changed since PSD2
  • What PSD3/PSR and Regulation (EU) 2024/1624 require of ASPSPs
  • Why senior management engagement is essential
  • How Konsentus Verify Service supports ASPSPs in meeting these requirements with confidence

1) PSD2: an important foundation, but not the end state

PSD2 succeeded in opening access to payment accounts and encouraging innovation. However, the way it was implemented across the market reflected its transitional nature.

In many cases, ASPSPs:

  • Treated third-party access as an exception to core banking controls
  • Implemented point-in-time or static checks of third-party authorisation
  • Relied on manual processes or national registers that were not designed for real-time decisioning
  • Focused on technical enablement rather than long-term operational resilience

These approaches were understandable at the time. PSD2 was new, supervisory guidance was still emerging and Open Banking volumes were relatively low.

PSD3/PSR reflects the regulatory conclusion that this approach is no longer sufficient.

2) PSD3/PSR: Strengthening assurance & accountability 

PSD3/PSR are designed to create a more robust, harmonised and enforceable Open Banking framework across the EU.

Key regulatory themes include:

Continuous and real-time verification

ASPSPs are expected to ensure that only appropriately authorised and permitted Third Party Providers (TPPs) can access accounts, at the point of access, not retrospectively.

This requires:

  • Up-to-date knowledge of authorisation status
  • Clear understanding of regulatory permissions
  • Immediate awareness of withdrawals, suspensions or limitations

Greater consistency across the market

By reducing national discretion & strengthening EU-level harmonisation, PSD3/PSR increases expectations that controls operate consistently across borders.

Clearer responsibility for access decisions

With clearer rules comes clearer accountability. ASPSPs are expected to demonstrate that they have taken reasonable, proportionate and effective steps to prevent unauthorised or inappropriate access.

3) Regulation (EU) 2024/1624: integrating Open Banking into AML/CFT controls

Regulation (EU) 2024/1624 introduces a directly applicable AML/CFT framework across the EU, reinforcing the expectation that financial institutions understand and manage risks arising not only from customers, but also from ecosystem participants.

For ASPSPs, this means:

  • Open Banking interactions form part of the institution’s regulated risk perimeter
  • Weak third-party verification can expose institutions to AML/CFT risk
  • Institutions must be able to demonstrate effective preventative controls, not just remediation after the fact

The regulation reinforces the need for reliable, independent verification of third parties accessing customer accounts.

4) A management-level responsibility, not a technical exercise

Taken together, PSD3/PSR and Regulation (EU) 2024/1624 elevate Open Banking verification from a technical implementation detail to a core governance and risk management responsibility.

Senior management and boards must recognise that:

  • Open Banking is now a permanent feature of the financial system
  • Verification and assurance are critical to trust in that system
  • Fragmented, manual or outdated approaches introduce operational and regulatory risk

5) What effective verification looks like under the new framework

Under PSD3/PSR and the new AML/CFT Regulation, effective third-party verification is:

  • Real-time: decisions made when access is requested
  • Authoritative: based on trusted regulatory sources
  • Independent: not reliant on self-assertion by third parties
  • Consistent: applied uniformly across jurisdictions
  • Auditable: providing clear evidence for supervisors
  • Scalable: supporting current and future Open Banking & Open Finance models

These characteristics are increasingly difficult to achieve through in-house or ad-hoc solutions originally designed for PSD2.

6) Konsentus Verify Service: enabling trust & confidence at scale

Konsentus Verify Service provides ASPSPs with independent, real-time verification of regulated third parties, supporting compliance with PSD3/PSR and Regulation (EU) 2024/1624.

The service enables ASPSPs to:

  • Verify TPP identity, authorisation, and permissions at the point of access
  • Maintain up-to-date awareness of regulatory status across jurisdictions
  • Apply consistent controls across Open Banking interactions
  • Reduce operational complexity and manual effort
  • Provide clear, auditable evidence to regulators and internal stakeholders

By embedding Konsentus Verify into access and API workflows, ASPSPs move from reactive checks to continuous assurance.

7) Konsentus Verify Service: supporting regulatory reporting

Konsentus Verify data feeds support regulatory reporting,  ensuring that the bank’s AML system can produce complete, auditable and time-accurate evidence showing how Open Banking access is controlled in line with Regulation (EU) 2024/1624.

By feeding verified TPP authorisation status, permission scope, access approvals/denials and lifecycle changes directly into AML systems of record, ASPSPs can demonstrate to supervisors that Open Banking is treated as an AML-relevant delivery channel, that preventive controls operate before data exposure and that ongoing monitoring is in place.

  • Compliant with evolving AML regulations using a system built on deep Open Banking & Open Finance regulatory industry expertise
  • Evidence-based TPP records
  • Real-time data verification
  • Fully traceable and audit-secure
  • Ongoing AML monitoring

8) Preparing for Open Banking and beyond

Regulatory and market developments indicate that data sharing will continue to expand beyond payments. Institutions that invest now in resilient, scalable verification capabilities will be better positioned to adapt to future regulatory change and evolving business models.

Konsentus Verify supports this forward-looking approach by providing a verification framework designed not only for today’s requirements, but for the future evolution of Open Banking and Open Finance.

The transition from PSD2 to PSD3/PSR, alongside the introduction of Regulation (EU) 2024/1624, marks a clear shift in regulatory expectations. Open Banking now requires continuous trust, demonstrable control and operational resilience.

ASPSPs that recognise this shift and invest accordingly will be better placed to meet regulatory requirements, manage risk effectively and support innovation with confidence.

Konsentus Verify Service enables that confidence supporting institutions as Open Banking becomes an embedded, enduring and trusted part of the European financial system.

Our team is closely monitoring AML and Open Banking regulatory developments and would be pleased to support you in assessing your AML and access-control readiness, strengthening verification controls and shaping a resilient strategy for the years ahead. Get in touch to find out more.

Get in touch
Picture of Brendan Jones

Brendan Jones

COO Konsentus

Subscribe To Our Newsletter

Keep up to date with all our news and publications.

More To Explore

Simplify Compliance, Strengthen Security

Discover how our trusted solutions ensure secure, compliant, and efficient interactions across open ecosystems

Find out more
Konsentus Rebrand Button - Konsentus Dot-23-23

Find out how our technology can protect your customers within open ecosystems.

This field is for validation purposes and should be left unchanged.
Name(Required)

Opt-in

On completion of this form you will be sharing your personal data with Konsentus Ltd (company number 1115059) (“Konsentus”/”we”/”us”). We will process such information for the purposes of sending you the requested information. We may also send you marketing communications and information which we consider may be of interest to you from time to time. This may include sending information by email, or us contacting you by telephone, where relevant details are provided. We rely on our legitimate interests as the lawful basis for processing your data in this way. Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to receive a copy of the data we hold about you. You also have the right to opt out of marketing communications at any time using the details in an email sent to you or by contacting us at insights@konsentus.com.