The European Banking Authority (EBA) has introduced a significant shift in the payments landscape with the Instant Payments Regulation (IPR), aiming to modernize euro transactions within the Single European Payment Area (SEPA). While the regulation presents several challenges, particularly regarding compliance and infrastructure upgrades, it also unlocks new business opportunities for banks and payment service providers (PSPs) willing to innovate.
In February, the EBA released its final draft of the Implementing Technical Standards (ITS), saying it had postponed the requirement of reporting charges for credit transfers, payment accounts, and rejected transactions under the EU’s IPR until April 2026. This recent decision provides financial institutions with additional time to fine-tune their strategies. However, with key deadlines approaching, banks must act swiftly to ensure compliance with the new regulation and capitalize on the opportunities.
Regulatory landscape: key deadlines and objectives
The IPR came into force in April 2024 to create a faster, more transparent, and cost-efficient payment system within the SEPA.
Under the IPR, banks and PSPs must process euro credit transfers in real-time (within 10 seconds, 24/7, year-round) and ensure that instant payments cost no more than SEPA Credit Transfers. They must also implement Verification of Payee (VoP) to enhance transaction security and prevent fraud.
Banks and PSPs must meet several key deadlines under the IPR. These are:
- January 2025: Banks and PSPs must be able to receive instant payments.
- October 2025: Instant payments must be accessible via all existing banking channels for standard transfers, including mobile apps and online platforms. Banks must also comply with VoP requirements to verify the identity of the payment beneficiary.
- April 2026: The deadline for reporting obligations, initially set for April 2025, has been extended, offering institutions an extra year to adapt.
According to the IPR, VoP must also comply with the EU’s General Data Protection Regulation, as it requires payers to be notified of any discrepancies between the payment IBAN and the intended payee’s name when making instant transfers.
VoP: A major compliance challenge
Among the various IPR requirements, the VoP stands out as one of the most technically demanding. It is designed to prevent fraud by ensuring that the beneficiary’s name matches the IBAN provided. If there is a discrepancy, the payer must be notified before completing the transaction.
While VoP is a major step forward in fraud prevention, it also introduces significant operational challenges, including:
- Integration across all payment channels
Banks must ensure VoP functions seamlessly across retail, corporate, and mass payment systems. This is particularly complex in corporate banking, where bulk transactions often involve multiple counterparties.
- Compliance with GDPR and data security
Because VoP relies on matching personal customer information, it must comply with General Data Protection Regulation (GDPR) requirements. Banks must ensure that data is handled securely while maintaining high-speed processing capabilities. The challenge will even be greater in cross-border payments, where different jurisdictions have varying data privacy regulations.
- Finding the right Routing and Verification Mechanism (RVM)
The success of VoP depends on Routing and Verification Mechanisms (RVMs), which facilitate name-checking across different banking systems. However, banks have limited visibility on available service providers, making it challenging to select the right partner. The market for RVMs is still evolving, and financial institutions must carefully assess which solutions will be the most scalable, cost-effective, and secure.
- Tight implementation timeline
Although the deadline for full VoP implementation is set for October 2025, many financial institutions fear this timeline is too short. Unlike traditional payments, VoP requires instantaneous name verification, which means banks must invest in real-time processing capabilities and ensure seamless API integrations with their existing systems.
A recent EY report highlighted that many banks have only recently begun evaluating potential VoP solutions, raising concerns about whether they will be fully prepared by the deadline.
Technical solutions: Finding the right approach
Compliance with the IPR will require significant investment in technical and operational upgrades for real-time payment capabilities, according to the EY report. “Banks and payment companies must enhance infrastructure, implement robust fraud detection and sanctions screening, and design user-friendly interfaces for instant payments,” it says.
- Centralized vs. Decentralized models for VoP: Key decisions include selecting the RVM, which banks use to send and receive VoP requests, and whether to adopt centralized or decentralized operational models.
The centralized model simplifies processes, as banks do not have to develop a real-time API, but only need to export their client database to the RVM providers.
On the other hand, for the decentralized model, Banks and PSPs must provide a real-time API on top of their client database, and connect with external RVM providers. This is a more up-to-date option, but it requires a real-time core banking system.
- Emerging technologies to support VoP: Other solutions include artificial intelligence and machine learning, which can be used for fraud detection and name-checking by analyzing real-time transactions as part of the VoP obligations. Meanwhile, API solutions can make integration seamless, improving the customer experience by enabling instant verification and reducing errors.
Strategic benefits: Turning compliance into a competitive advantage
Beyond meeting regulatory requirements, VoP creates new opportunities for banks to innovate and differentiate themselves in the market.
- Stronger fraud prevention: Reduces fraudulent transactions, chargebacks, and operational costs.
- Improved customer trust: Enhances transparency and security, reinforcing the bank’s reputation.
- New revenue streams: Banks can monetize VoP within SEPA Direct Debit (SDD) mandates, offering premium security services to businesses making high-value payments.
- Expansion into global payments: While VoP is currently focused on SEPA transactions, it is expected to be extended to TARGET2 (T2) and SWIFT cross border payments, improving international payment security.
According to a Swift survey in 2024, many small- and medium-sized enterprises see VoP as a game-changer that will reduce operational risks, improve cash flow, and enhance competitiveness. Furthermore, the introduction of the Payment Services Directive 3 (PSD3) in parallel with IPR is expected to bring further innovation in financial data sharing, open finance, and enhanced consumer protections. Institutions that approach these regulatory shifts as opportunities rather than constraints will position themselves as leaders in the future of digital payments.
Preparing for the future of payments
The IPR and VoP mark a turning point for European payments. Beyond regulatory compliance, they offer banks a strategic opportunity to enhance security, streamline transactions, and improve customer trust.
To stay ahead, financial institutions must modernize their infrastructure, implement seamless verification systems, and leverage VoP to create value-added services. Those that move early will not only meet regulatory expectations but also strengthen their market position and unlock new growth opportunities. With the October 2025 deadline fast approaching, the time for action is now. Banks that embrace this transformation proactively will shape the future of digital payments rather than just adapting to it.
How SBS can help
Our VoP solution is designed to simplify the process for banks and is natively compatible with both Surepay and Worldline RVMs. Banks only need to integrate our API to verify the beneficiary of a credit transfer across all applications before initiating the payment.
Our solution centralizes requests, logs relevant details about each request and response, and links them to the underlying payment, enabling banks to trace & retrieve past verification details when needed. It also supports verification for payments within bulk transactions and considers potential client opt-outs.
Our solution covers both the Requesting and Responding aspects of the VoP process:
- Requesting: An API is provided to banks to initiate VoP requests. This API triggers a real-time call to the RVM for verification.
- Responding: Our solution supports both decentralized and centralized response models:
- Decentralized Mode: The RVM calls an API that retrieves the name linked to an IBAN from the bank’s account/client database.
- Centralized Mode: Banks provide an export of their account/client database to the RVM for processing.
Through our partnership with Worldline for verification of payee, banks can focus on building trust with its customers while relying on SBS to take care of everything else.