EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
How EY can help
-
Our payments professionals can help your business enhance innovation, drive growth and improve performance. Find out more.
Read more
The tight timeline poses significant challenges for banks and payment firms, but that should not be their only concern at this critical point. As they race to meet the key requirements, they should also view this as an opportunity to innovate – to help ensure they can stay ahead in Europe’s evolving payments market for years to come.
1. The 10-second, 24/7 rule
From 9 January 2025, EU banks and payments companies must comply with the SEPA Instant Credit Transfer (SCT Inst) scheme, ensuring euro-denominated instant payments can be received, funds are available to the payee, and confirmation is sent to the payer’s Payment Service Provider (PSP) within 10 seconds. This is critical for real-time payment capabilities across the Single Euro Payments Area (SEPA).
Compliance involves significant investments in infrastructure and operations. Many institutions have complex, legacy systems that cannot support 24/7/365 instant payments. As a result, they are upgrading their core banking systems or adopting new technologies. This also involves reviewing Service Level Agreements with third parties (e.g., banking partners, connectivity providers, cloud providers) to ensure resilient operations at all times. Additionally, PSPs need to revise operating models to mobilize support teams when incidents occur.
Addressing all these requirements remains a formidable challenge given the need for significant technological upgrades, operational adjustments and interoperability with other banks and payment systems across SEPA. PSPs that take this opportunity to upgrade their core systems and payments engines can future-proof their operations for faster processing and more efficient cross-border settlements.
2. Sanctions screening
Banks and PSPs must enhance their screening processes for customers and SEPA Instant transactions against EU sanctions lists. This includes two primary obligations:
- Immediate identification of designated persons: PSPs must identify whether customers are subject to targeted financial restrictive measures “immediately”.
- Screening of SEPA Instant transactions is not permitted: Firms are not permitted to perform screening of transactions to verify whether the payer or the payee
are persons or entities subject to targeted financial restrictive measures.
These measures are critical for mitigating risks associated with the instantaneous nature of these payments. However, they bring complex challenges to organizations that are not prepared to operate seven days a week and on holidays. While not mandated by the regulation, most PSPs will still perform transaction screening within the 10-second timeline.
Solutions lie with technology providers upgrading their tools to offer seven-day-a-week and ad-hoc screening, with improved processing of false hits. Additionally, PSPs and solution providers leveraging GenAI can enhance the speed and accuracy of detecting potential hits, positioning themselves as leaders in financial crime detection.
3. Fraud management
The introduction of instant payments heightens the need for robust real-time fraud detection and prevention measures. The European Banking Authority’s (EBA) assessments up to 2022 indicate that the risk of fraudulent transfers is up to 10 times higher in instant credit transfers compared to regular credit transfers(pdf) . The evolving nature and types of Authorized Push Payment (APP) fraud, with eight identified types in the UK alone, necessitate proactive risk management by banks and payment companies. The regulation emphasizes two key areas:
- Real-time fraud monitoring: Implementing systems capable of detecting and mitigating fraudulent activities as payments are processed.
- Addressing new fraud risks: Strengthening authentication processes and deploying transaction-level risk assessments.
These requirements typically demand significant technological upgrades and operational adjustments. Smaller institutions or those with outdated fraud detection systems may struggle to scale up their capabilities. PSPs that leverage this compliance requirement to enhance their overall fraud management framework will be better positioned for future compliance with the upcoming Payment Services Regulation (PSR), which will impose even stricter fraud requirements on payment providers.
4. Verification of Payee (VOP) service
From October 2025, banks and payment companies will also need to be able to send instant payments. This involves addressing several critical factors, including the Verification of Payee (VOP). VOP helps ensure that the IBAN provided for a transaction matches the intended recipient’s name. Implementing it introduces multiple challenges, such as identifying a solution or a service provider with the necessary geographic coverage and managing corporate banking complexities.
The European Payments Council (EPC) published a VOP “scheme” that provides a Union-wide set of rules and standards to encourage implementation of a consistent API-based messaging capability and interoperability. The scheme is based on the key principle of reachability for responding banks, supported by the implementation of European Directory Services (EDS) to facilitate smoother cross-border reach. The EPC has mandated the VOP scheme and the use of EDS for all SEPA Credit Transfer (SCT) and SCT Inst scheme participants to help ensure common interoperability standards.
However, many banks are concerned that the October deadline may be too short, and third parties intending to offer routing and/or verification mechanisms for the VOP scheme have only recently been asked to register interest. Selecting and implementing a third-party solution takes time and requires thorough due diligence and functional and technical testing. Identifying a solution provider that offers a seamless integration experience (often via API) and can be embedded into payment channels is key to creating a distinctive customer experience and differentiating in the market.
5. Managing liquidity and bulk payments
Bulk instant payments
Managing bulk payments involves handling large packages of individual credit transfers sent together. Banks must conduct and provide VOP results for all transactions (unless corporate clients opted out) and then unpack and execute each payment order within 10 seconds (or even within 5 seconds according to the upcoming 2025 SCT Inst rulebook).
Currently, banks and PSPs are exploring various methods to facilitate the bulk instant payments process, such as offering corporate clients the ability to pre-validate their batch of beneficiaries before sending the bulk package for execution. This should improve the customer experience while minimizing friction in the payment process. The adoption of such methods is yet to be seen, but PSPs that can respond adequately to the evolving needs of their corporate clients will be in a strong position to compete in the international market.
Liquidity management
Having constant availability of funds to process instant payments year-round is crucial. This requires reviewing liquidity forecasts, particularly for nighttime and weekend operations; maintaining sufficient reserves in various currencies; and offering spot rates to clients at any time, even when foreign exchange markets might be closed. While historical trends can help forecast liquidity needs, PSPs must also consider that instant payments may change customer behavior and transaction patterns.
Although it’s not expected that corporate clients will start operating over weekends and nighttime solely because of instant payments, the upcoming lift of the EUR100,000 cap presents an opportunity for corporate clients to leverage the 10-second rule to strengthen trust in their business relationships.
Conclusion
While the January 2025 deadline to receive Instant Payments 24/7 is a significant milestone for many organizations, the October 2025 deadline promises to be even more challenging. The changes required to offer instant payments as a product, implement a VOP system, and strengthen fraud prevention mechanisms are substantial. From scanning the market and selecting the right providers to making necessary changes in customer channels and user interfaces, PSPs face a busy 2025 with a tight deadline.
Meeting regulatory requirements is one thing, but ensuring a seamless user experience across all channels will undoubtedly be the hot topic of the upcoming year. PSPs that can successfully manage these challenges and provider superior user experience will be best placed to lead in this evolving payments landscape.