The EU’s Verification of Payee (VoP) service aims to improve fraud prevention during credit transfers. Unfortunately, it can also disrupt corporates’ pre-authorized payment flows. With the support of the European Association of Corporate Treasurers (EACT), treasurers have suggested some adjustments to the European Commission to avoid a widespread corporate opt-out from the service. In this interview Hervé Postic, CEO of Mahouarn, who has been appointed by the Association Française des Trésoriers d’Entreprise (AFTE) to act as a voice for French treasurers, explains the problems and the changes that treasurers are proposing.
What’s the background to the proposed changes?
Hervé Postic: The EU’s Instant Payments Regulation (IPR – Regulation (EU) 2024/886) provided a framework for the VoP service, which came into force in the euro area for standard and instant SEPA credit transfer orders last October. In its current state, this fraud-prevention mechanism remains technically difficult to reconcile with bulk payments. As a result, many large corporates are not fully benefiting from the new service.
In recent months, EACT has relayed the concerns of French, German, Belgian and Luxembourgish treasury professionals and urged the European Commission to make some changes.
What are the main problems as it stands?
VoP is a check performed before a credit transfer is executed to ensure that the payee’s name matches with the IBAN that has been provided. When the payer enters this information, their bank sends a verification request to the payee’s bank, which compares the data and returns a matching outcome (match, close match or no match). On this basis, the payer can then confirm the payment, correct the information if necessary or decide not to go ahead with the credit transfer. This helps reduce the risk of fraud before the transaction proceeds.
This process is useful for protecting individuals, especially given the rise of instant credit transfers. It is suited to interactive journeys (such as making payments on the internet or an app). However, it is much more disruptive for corporates that are used to entering their orders through an automated, non-interactive and therefore pre-authorized channel such as an API or a file-based submission protocol like EBICS, Swiftnet FileAct or FTP.
To avoid slowing down corporate payments, the IPR allows companies to opt out of the verification service, although they can reactivate it at any time. In practice, most banks have opted out by default the service for all payment files transmitted by their corporate customers. This is unsatisfactory, because it means corporates are not able to make the most of a useful fraud-prevention tool.
What changes are treasurers proposing?
They have proposed two adjustments, which have been taken on board by the Commission.
The first concerns the submission of single payment orders via host-to-host channels. The current drafting of VoP only allows corporates to opt out of multiple payment orders. In other words, a single payment order transmitted via EBICS or FileAct must be re-authorized after the payee’s details have been verified. The EACT argued that a more coherent approach would be not to base whether opt-out is permitted on whether an order is single or multiple, but on whether the communication channel is interactive or not.
The second aims to allow corporates to benefit from the VoP service on their pre-authorized file submissions without having to re-authorize each order, provided that the matching check returns match, close match or impossible to verify. Payment service providers would still be obliged to communicate to the payer the name of the payee associated with the IBAN in the event of a close match.
It may be the case under the second aim that a corporate and its payment service provider contractually agree that if a VoP provides a certain outcome, the payment service provider will proceed with the execution of a payment order without seeking additional instructions. In such a scenario the payment service provider would not be considered liable for not having provided the VoP service, nor for losses incurred by the payer that could have been avoided by not proceeding with the payment.
The aim of these proposed amendments is to avoid corporates shunning VoP by offering a way of implementing the new service that is better aligned with their real-life payment management practices.