ARTICLE
25 August 2025

Verification Of Payee Requirements (VoP) Under The EU's Instant Payments Regulation (IPR)

PL
PwC Legal Germany

Contributor

PwC Legal Germany logo
In today’s rapidly evolving marketplace, our clients are increasingly concerned with business collaborations, restructuring, mergers and acquisitions, financing and questions of social responsibility. They need legal security when dealing with such complex issues. That is why we work closely with PwC’s tax, human resources and finance experts and draw on the resources of our legal network in more than 100 countries to deliver comprehensive advice. Whether a global player, a public body or a wealthy individual, each client can rely on a personal account manager to address his or her specific legal needs. This dedication helps us ensure our client’s long-term business success. PwC Legal. More than 220 lawyers at 18 locations. Integrated legal advice for the real world.
Explore Firm Details
From 9 October 2025, payment service providers (PSPs) in the EU will be required to offer payers a "Verification of Payee" (VoP) service prior to authorising a credit transfer.
Germany Finance and Banking
Melissa Meußer and Michael Huertas
Your Author LinkedIn Connections

Co-author of the article is Julia Siebrecht

QuickTake

From 9 October 2025, payment service providers (PSPs) in the EU will be required to offer payers a "Verification of Payee" (VoP) service prior to authorising a credit transfer. Payers who are not consumers may waive this VoP service but are allowed to opt back into provision of such service.

This VoP service obligation is part of the Instant Payments Regulation (IPR), adopted by the European Parliament and the Council on 13 March 2024 however the VoP requirement applies to all credit transfers and not just to instance credit transfers. In short, applying VoP aims to reduce fraud risks in payment transactions, enhance the security of SEPA credit transfers and strengthen consumer trust in instant payments. Where a payer authorises a credit transfer following it having been warned by the PSP of an incorrect unique identifier, the payer is liable for the transfer to an unintended recipient. The European Payments Council (EPC) has published a dedicated VoP Scheme Rulebook1, which will enter into force on 5 October 2025 — just days ahead of the regulatory deadline.

The IPR generally an the VoP principles specifically will not only reshape payments in the EU but equally require PSPs and others to update their policies, procedures and client-facing documentation as well user interfaces. This Client Alert explores the key issues arising from the VoP requirements and key implications for payments transactions in the EU. This Client Alert should be read together with our further Client Alerts on the IPR and payments generally as well as related thought leadership from PwC.

Key issues

The EU's IPR2, was adopted by the European Parliament and the Council on 13 March 2024, seeks to expedite the implementation of instant payment systems across the EU. The IPR applies to all euro-dominated credit transfers within the EU and includes the following main requirements:

  • Mandatory Instant credit transfers (Art. 5a): PSPs offering euro credit transfers (SEPA Credit Transfers) must also provide instant credit transfers (SCT Inst), enabling customers to send and receive funds immediately.
  • Equality of charges (Art. 5b): Charges for instant credit transfers must not exceed those for standard credit transfers of the corresponding type.
  • VoP service (Art. 5c): PSPs must offer the payer a free service to verify the payee´s identity of the payee. This requirement applies to both standard and instant credit transfers.
  • Regular sanctions screening (Art. 5d): PSPs must check, at least daily, whether any of their payment service users are persons or entities subject to sanctions.
  • Implementation deadlines vary: Firms in the euro area must implement the VoP requirements by 9 October 2025. For firms outside the euro area, an extended implementation deadline of 9 July 2027, applies.

VoP service: purpose and functionality

VoP is an automated mechanism that compares the name of the intended payee with the corresponding IBAN. This extra step is intended to reduce the risk of fraud and prevent incorrect transfers. The result is based on a "traffic light" system with the following possible results: "match," "close match," "no match," or "other" according to a "match criteria".

If there is a "close match" or "no match", the payer can still initiate the payment. The obligation to conduct VoP checks applies not only to SEPA instant transfers, but also to all SEPA credit transfers within the EU/EEA that involve payment accounts. SEPA instant transfers or SEPA transfers to accounts that are not payment accounts (e.g. loan accounts, fixed-term deposit accounts or instant access savings accounts) or that are routed to recipient banks not (yet) subject to verification requirements (e.g., outside the EU/EEA or where the euro is not the national currency) are therefore not verified.

In accordance with Article 5b of the IPR, the VoP service must be offered free of charge to the payer.

Supervisory guidance: BaFin FAQs

BaFin is one of the first EU national competent authorities that has published a list of frequently asked questions on the IPR3. Key points raised by BaFin include:

  • VoP must be fully integrated into all customer channels, including online banking, mobile applications, and APIs.
  • The payer must receive the verification result before initiating the payment transaction.
  • Implementation of VoP solutions will generally require extensive testing and technical roll-outs but equally updating the client-facing general terms and conditions (T&Cs) and obtaining explicit customer consent.

Technical and organisational implementation considerations

Given the above, the following technical and organisational implementation considerations might arise for certain firms:

  • Real-time capability and performance: VoP responses must be delivered within seconds, even under high-volume scenarios such as bulk payments. Processes must be designed to ensure reliable, high-performance operation at all times. Real-time requirements place high demands on system performance, particularly in the context of sanctions screening as well as other functionality of existing payment and/or core banking systems.
  • Misclassification: Considerations on potential liability risks in the event of a "false match" or a "false no match," including possible financial losses, customer disputes, and reputational damage. In this context, it is important to ensure that customer data is up-to-date and accurate in order to avoid misclassification.
  • Usability: End customers must be able to access query results quickly, understand them clearly, and take prompt corrective action. This requires concise, action-oriented guidance, as the absence of such guidance increases the risk of payments being cancelled or wrongly flagged as fraudulent, potentially leading to customer dissatisfaction and service-related complaints.


Additional use cases for small companies: onboarding and KYC validation services

During digital onboarding - for example, when opening bank accounts or signing contracts for services such as electricity, insurance or mobile phone contracts - an IBAN is often requested but typically not verified in real time. This creates a gap that may lead to failed payments, delayed service activation or even fraudulent activity through the misuse of another person's account details.
VoP can possibly close this gap by confirming in seconds whether the user genuinely owns the specified account and whether the account holder's name matches the contractual partner. By integrating this step into the onboarding process, firms, in particular small(er) companies, may be able to strengthen fraud prevention, improve payment reliability and enhance the overall customer (onboarding) experience.

EPC Directory Service (EDS)

The European Payments Council (EPC) has responded to these changes with the publication of the EPC VOP Scheme Rulebook and the EPC Directory Service (EDS), which the VoP scheme will rely upon.

The EDS creates a centralised platform that stores essential information for secure identification, authorisation, reachability, and interoperability of EPC scheme participants. It includes identifiers like bank identifier code (BIC) and legal entity identifier (LEI) plus routing data. Participants can locally store EDS data to avoid bottlenecks. EDS is set to go live in early September 2025, ahead of the VoP procedure starting in October 2025. Key functions include data access via a web GUI or EDS APIs and downloading participant information.

Outlook

The introduction of payment recipient verification promises customers a safer and more trustworthy future for payment transactions. For PSPs, however, it may pose a number of challenges in changes to operations and documentation.

It remains to be seen what the full impact of VoP will be on everyday payment behaviour and what the first liability cases might look like. Will VoP deliver the hoped-for increase in security while also speeding up payment transactions, or will it ultimately prove to be a paper tiger if customers automatically approve payments? This is a question that the market as well as supervisors will likely need to address if VoP is to deliver on its stated aims.

Footnotes

1. Available here

2. Please see detailed timeline here.

3. BaFin FAQ available here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Melissa Meußer
Melissa Meußer
Photo of Michael Huertas
Michael Huertas
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More