Instant Payments: Navigating IBAN-name check requirements

The draft European regulation on instant credit transfers in euro* aims to enhance the availability, accessibility, security and consumer trust in instant payments (IPs) by introducing new obligations for banks and other payment service providers (PSPs). One significant change that is put forward by this regulation is stricter checks on IBANs accuracy for instant credit transfers in euro.

To combat fraud and bolster trust in this emerging payment method, the newly introduced “IBAN-name check” requirement empowers payers to verify the validity and match of payees’ payment account identifiers (the IBAN), the account holder’s name, as well as the beneficiary’s account actual existence before validating an outgoing payment. This security measure adds an additional layer of safety and protection to the existing payment process, making (instant) credit transfers even more reliable.

* The draft regulation is currently being discussed among the Commission, the Parliament, and the Council.

As part of the overall IBAN-name verification process, the following process and features will need to be implemented by PSPs:  

1 – The payer provides the payment details of the payee, namely his name and IBAN within the bank’s payment service user interface.  

2 – The payer’s bank then needs to perform checks on the validity or discrepancies of such information. In this context, the payer’s bank may need to retrieve this information either from the beneficiary’s bank or via a third-party provider. The way to proceed and the associated setup are currently not defined in the draft regulation.  

3 – The “IBAN-name check” feature will verify the account details provided and display the results to the payer. Should any verification issues arise, the payer will be notified via the bank’s interface. 

4 – With the verification results at hand, the payer can make an informed decision regarding payment authorisation. It remains entirely within the payer’s discretion whether to proceed with the payment, even if any verification errors were identified

This process ensures that payers have the means to confirm the legitimacy of the payee’s payment details before proceeding with an instant credit transfer. By providing greater transparency and control over transactions, the IBAN-name check feature will contribute to a safer and trustworthy instant payment ecosystem for all stakeholders. 

Lingering uncertainties surround the implementation of the IBAN verification system and how the banking sector will handle its features, leaving some questions still unanswered. The draft regulation presently focuses solely on the obligation of the payer’s bank, without specific details about the payee’s bank and its potential role and obligations in the process. For instance, it is still unclear whether exposing a service, data and/or an interface to run live IBAN-name checks will become mandatory for the beneficiaries’ banks. Indeed, neither does the latest draft of the proposed regulation address roles and responsibilities other than the ones of the payers’ banks’, nor does it provide guidance on the channels and end-point types to be set up and used for the matter. 

Given that PSPs in the euro area will be required to implement matching systems between the names and IBANs of beneficiaries 12 months after the regulation takes effect, devising a technical solution for this requirement presents a genuine challenge today. The urgency to comply raises questions about the potential introduction of a new scheme or guidelines similar to those seen with PSD2, or whether existing service providers, who already cater to a large portion of payers’ and beneficiaries’ banks, will seize the opportunity to incorporate this service into their existing offerings. 

Given the lack of definition and guidance on the actual setup and implementation for the IBAN-name check feature, several options have been evaluated over the last months by market stakeholders. For the time being, the following setups and approaches have been put forward:  

1 – Moving towards a national database/solution 

National-level central databases for IBAN-name checks in each member state would potentially provide an easy-to-adopt and convenient solution for most market players. In the Netherlands, Nordic countries, the United Kingdom and Italy, either retail banks or public authorities have already established such solutions over the last decade. However, from an EU perspective, this fragmented approach may pose challenges for cross-border transactions due to varying databases and data sources to be addressed by payers’ banks, potentially compromising compliance with the overarching European regulation. Also, in terms of efficiency, setting up this kind of framework can take years, whereas a well-defined approach detailing the requirements, but letting the choice of the technical and operational setup to regulated entities/market is more efficient and faster in most cases (see the PSD2 implementation).  

And finally, given the specificities of the Luxembourg banking landscape focusing on private bank and depository bank activities, as well as non-traditional operations such as e-money issuing and new generation payment services, a central database approach might not be the most suitable setup due to the dominant presence of non-retail banks and PSPs in the Luxembourg banking sector.  

2 – Moving towards a pan-European approach 

A pan-European approach for IBAN-name checks presents the advantage of collaboration among European member states, leading to a unified database with standardised data sources that facilitate cross-border transactions and regulatory compliance. However, the complexity of coordinating multiple countries and data sources may pose challenges and result in a lengthier implementation process. Reaching an agreement on allowing customer data to be held outside the originated country is to be considered as crucial point. An option could be to rely on regulators and/or European authorities playing an active part in the setup. 

3 – A peer-to-peer model with mandatory IBAN-name check APIs for banks 

As for the PSD2 implementation rolled out in 2019, the definition of a pan-European scheme for peer-to-peer (non-centralised) data requests and mutual authentication/authorisation could provide an efficient and manageable strategy for the IBAN-name check feature’s rollout with all EU PSPs. A decentralised setup aligns with current best practices and expectations for interaction-focused data exchange, substantially reducing and avoiding the risks, flaws and typical inefficiencies of a single player/context setup. However, the governing rules of such a framework would need definition through regulation and/or level 2 measures. Ideally, the setup should also take into account key learnings from the 2019 PSD2 implementation phase. 

4 – Relying on historical data  

Relying on reliable and historical data, sourced from reputable European authorities and payment system providers, emerges as another compelling approach for IBAN-name checks. Opting for this data-driven approach would potentially streamline the implementation process since the data is already available and maintained by reputable entities, making the setup smoother and very efficient. However, the downside to this kind of strategy is the lack of guarantees and certainty if the results of IBAN-name check results are truly accurate: if not provided by the beneficiary’s bank, directly or indirectly (through a 3rd party player or central database), the payer’s bank cannot be fully liable for data accuracy. Considering the draft regulation’s goals of combating fraud and money laundering, relying solely on historical data might not be a suitable solution. 

5 – The role of interbank payment and messaging schemes

If the final definitions and requirements in the regulation, along with potential level 2 measures such as regulatory technical specifications (RTS), permit, the most pragmatic and efficient setup might involve existing schemes and networks such as TARGET2, STEP2 and SWIFT and the players that operate them adding an IBAN-name check verification layer and end-points to their services. This kind of setup could be made interoperable, both between these schemes, and also with existing databases and technical interfaces/providers that would enable banks to connect and meet the regulatory requirements quickly and efficiently.  

After the publication on 26 October 2022 of the legislative proposal on Instant Payments by the European Commission, the European Parliament’s responsible committee has approved the proposal on 28 June 2023. In parallel, the EU Council reached its negotiating mandate in May 2023.  

First discussions between the Commission, the Parliament and the Council took place on 20 July. A provisional agreement has been reached on a majority of issues. The institutions parties agreed that topics relating to the payee verification, such as IBAN-name check for multiple payment orders and electronic orders, provisions on the ‘degree of matching’ and alternatives to the use of payee name for the verification will be further discussed and prepared at technical level for the agreement at the next political trilogue which should take place after the summer break.   

If all the positions can be aligned by then, the final text on Instant Payments should be ready before the end of 2023. Then, after the entry into force of the regulation, banks in the Euro area will have 12 months to comply with IBAN-name check requirements.   

As one of the key players in Luxembourg providing software-as-a-service bank compliance platforms to more than 40 financial institutions with its mutualised infrastructure for meeting PSD2 and CEDRS (account and safe-deposit holders reporting to the regulator) regulatory requirements, Finologee has kicked of the definition and implementation process of a new platform component to address the needs of its clients and other in-scope entities that will have to implement the IBAN-name check feature. The final setup and value proposition will depend on the regulation once stable and related level 2 measures. Also, Finologee’s is contributing to relevant working groups and task forces and consulting with other industry players to make sure the Luxembourg bank community will be ready on time for the upcoming regulation implementation.  

The key ingredients to Finologee’s bank compliance product strategy:  

• One-stop-shop for best-in-class FinTech  

Finologee has built an infrastructure that combines in-house components and best-in-class FinTech products, leveraging both proprietary and partner connectivity and expertise. At the same time, Finologee can assist banks in improving data aggregation and retrieval as already performed for PSD2 or CEDRS products.   

• Reliability & Performance 

Finologee’s customers rely on Luxembourg’s prime FinTech platform operator (PSD2 for Banks, Digicash, Mpulse, KYC Manager, ENPAY) trusted by more than >100 banks and institutional clients, handling more than 25 million transactions a year  

• Customisation and flexibility  

The company has adopted a tailor-made and flexible approach taking into account every client’s specific setup and data structure. It offers multiple connectivity solutions to its clients (SFTP, PSD2 API, CEDRS API, Customer API) to ensure the most appropriate setup for data collection and transmission.   

• Total Neutrality  

Finologee has no affiliation with a particular bank or other players. In this way, the company can ensure that its clients’ goals and its own goals are perfectly aligned and that strategic product or priority decisions are made without bias.  

• High-end & compliant hosting and operations    

Finologee apps run on Luxembourg’s leading datacenter and managed hosting services operator EBRC’s high performance and compliant infrastructure. This joint setup provides the service level that matches your requirements best and ensures premium customer care services.