Join the Community

21,469
Expert opinions
43,716
Total members
378
New members (last 30 days)
131
New opinions (last 30 days)
28,520
Total comments

EU mandatory regulation is on the money

Be the first to comment 2

EU mandatory regulations for instant credit transfers within the Single Euro Payments Area (SEPA) are right on the money.  The key requirement is verification of payee. Today this is absent in the UK, apart from ten mandated banks plus a few more. IBAN (International Bank Account number) is being supplemented to identify the actual owner of the account. 

The UK’s Payment System regulator (PSR) has mandated regulations starting in October 2024 for all UK based banks. The EU directive comes into force late 2024, early 2025. 

The reason is simple, fraud. In particular bank account authorised push payment fraud (APP fraud) described by UK banks as an “epidemic of scams”.  While 70% scams originate across social media – Facebook, airbnb, etc. To collect the money, scammers need a bank account. Bank accounts are a prerequisite. New UK and the EU regulations endeavour to desist scammers address fraudulent payments and address liabilities and reimbursement issues.

The UK and EU regulations are aimed at the retail/consumer market.  The larger corporate market is regarded as not Government responsibility. The corporate or their banks should implement their own FinCrime solutions to protect themselves. 

The UK is has in excess of one million APP frauds a year. The Crime Survey, England and Wales reveal less than one in seven offences are reported to the police and WHICH? 40% are not reported to the banks. The EU, with just 11% of instant payment volume plan a six times increase in less than three years.  The reason: uniformity of instant payments could add 2% GDP to every country. Instant payments accelerates cross border economics and rightly concern is the potential for increased APP fraud.

EU Framework

The EU regulation lays out the framework for the money movement by identifying the flow and the responsibilities of the participants in the ten (10) second transfer of money and notification. Starting with the point of interaction(POI) between the Payment Service Users (PSU) and Payment Service Providers (PSP) for euro and cross-border payments. The goal is uniformity of rules that can be used by countries with their own currencies to make domestic and international payments anytime.

The POI arrives when the PSU needs to make an instant payment. The Payer collects the payment details from the Payee and sends the payment instructions to the PSP. The PSP verifies those instructions for the euro or cross border payment (Confirmation of Payee)[CoP]. The results are presented back to the Payer with new clarification of liability and refund: 

If a match, the Payer approves the transaction of the instant payment. 

If not, the Payer is to be responsible and clear about making the payment given the apparent doubt.

The new regulations set the bar for verification. If a PSP fails to provide verification and any misdirected or scammed instant payments occur the PSP has to refund the payer immediately.  

Mandated verification of all PSUs for anti money laundering (AML) could lead to a daily, Know Your Customer (KYC) verification. 

The UK has seen a dramatic rise in mule accounts. Mules, a scammers network, enable fraudulent money to be laundered. EU can learn how the UK is tracking and closing these accounts.

The UK has new mandates on verification (CoP) and refunds going live in October 2024. The new EU regulations are set out in stages commencing late 2024. 

Incentives to be compliance

Fines for non-compliance of EU regulations are up to 10% of worldwide revenue.

Penalties are planned for PSP senior management if compliance is not auditable.

The UK regulator, this year, fined a large bank $70 million for being non-compliant to one of its regulations. Being non-compliant to EU regulations that fine could have been up to $5 billion. 

Can PSPs make money?

The EU reports PSUs are very sensitive to the level of charges and PSPs are strongly advised to keep instant credit charges low. The regulator advises PSPs to price in line with or under existing payment schemes. Solutions encompassing additional features or services can be priced differently from basic payment methods and are encouraged by the EU.

Pricing could follow two examples plus rewards*:

1. Bank accounts charging monthly for a bronze, silver or gold-type bank account service/offerings.  

2. SWIFT-type subscriptions based on monthly minimums tied to volume of payments. 

*Rewards to include points that can be converted into money back schemes and included offerings, e.g. mobile phone insurance. 

Can PSPs meet the EU timeframes?

From a technical approach, the odds favour cloud based and API technologies to meet the deadlines.  Instant payments require immediate checks on data and passage through the various legacy systems without delay. 

Data within the bank can be difficult to locate and access as most of the legacy systems were built for batch processing.  That enables reports to be made ready before the start of the business day.  This is clearly not appropriate in the world of 24x7x365 instant payments.

Both regulations are mandatory and Bank/PSPs have to comply. The question they are facing given the penalty incentives for non-compliance is do they do it themselves or use a third party. 

Call to action:

PSPs must provide the facilities to give the correct and timely information at POI to the PSU to avoid being responsible for fraudulent transactions.

 

Details

Clarification of liability and refund:

PSUs to be shown the verification of the payee account details including account name. The PSP should inform the PSUs about the implication of PSP liability and that PSU refunds rights do not apply should they proceed when ignoring a notification provided. Should the PSP fail to offer verification then the PSP must refund the PSU for a defective payment immediately. PSUs that are not consumers can opt out of bulk payment service verification.

New:

PSU to be allowed to set and change, without difficulty, payment limits.

PSP to daily verify PSU status against listed persons or entities (AML).

Commission to report on progress at POI.

Member states with own currencies can limit the transaction €25,000.

EBA to draft implement technical and uniform reporting standards.

 

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Join the Community

21,469
Expert opinions
43,716
Total members
378
New members (last 30 days)
131
New opinions (last 30 days)
28,520
Total comments

Trending

Abhinav Paliwal

Abhinav Paliwal CEO at PayNet Systems- A Neo Banking Software Platform

What Are Digital Wallets? Exploring Their Rising Popularity

Donica Venter

Donica Venter Marketing coordinator at Traderoot

Why Bankers Need to Think Like Entrepreneurs

Dmytro Spilka

Dmytro Spilka Director and Founder at Solvid, Coinprompter

Can The Payments Industry Use AI To Detect Fraud In 2024?

Now Hiring