Driving Financial Sovereignty: EU Council Passes Regulation for Euro Instant Payments

On 26 February 2024, the European Council adopted a new regulation (the Instant Payments Regulation) making instant payments in euro fully available to consumers and businesses in the EU and in EEA countries.

The introduction of the new regulation will enhance the strategic independence of the European economic and financial sector by reducing reliance on financial institutions and infrastructures of third countries and specifically US operators Visa and Mastercard. Over-dependence on such entities can create risks to the stability and sovereignty of the European financial system. By promoting Euro Instant Payments, the European Union aims to diminish this reliance and strengthen its own financial autonomy.

The Instant Payments Regulation will allow payment service providers, including each organization that is licensed to provide payment services within the European Union such as Banks, Payment Services Providers or Mobile Payment Providers, to offer real-time or near-real-time payment solutions, enabling customers to transfer euro-denominated money within 10 seconds. Instant payment will be available at any time of the day, every day of the year, even outside of traditional business hours. Additionally, it will establish Regulatory Technical Standards for interoperability between different instant payment systems and payment service providers, facilitating seamless transactions across various financial institutions and borders. The regulation will also mandate the verification of the International Bank Account Number (IBAN) to prevent payment errors or unauthorized transactions by confirming its structure, validity, association with the intended recipient and authenticity.

Key aspects of the Instant Payment Regulation for financial institutions include:

Interoperability: financial institutions must ensure that their systems are interoperable with other instant payment service providers, which may involve adapting and updating their technological infrastructures.

Security and Data Confidentiality: financial institutions are required to implement enhanced security measures to protect their customers' sensitive data during instant transactions, and they may be responsible for securing information throughout the payment process.

Regulatory Compliance: financial institutions must comply with all regulatory requirements outlined in the Instant Payments Regulation, which may require additional efforts in terms of documentation, monitoring, and reporting. For example, financial institutions must maintain comprehensive documentation of their instant payment operations, policies, and procedures to demonstrate compliance with regulatory requirements. They may be required to submit regular reports to regulatory authorities or undergo audits to ensure adherence to regulatory standards.

Risk Management: financial institutions must establish effective risk management mechanisms to prevent fraud, errors, and cyber-attacks in instant transactions. This may involve implementing additional controls and verifications throughout the payment process. For example financial institutions may require users to provide multiple forms of authentication, such as passwords, biometrics (fingerprint or facial recognition), or one-time codes sent via SMS or generated by authenticator apps. An extra layer of security to verify the identity of users initiating instant payment transactions will be added.

Fee Transparency: financial institutions are required to clearly inform their customers about the fees and costs associated with instant payments, which may require adjustments in their communication and billing to ensure full transparency. Financial institutions may also be required to adjust their general conditions or terms of service to ensure fee transparency.

In summary, financial institutions are directly affected by several aspects of the Instant Payments Regulation, including interoperability, data security, regulatory compliance, risk management and fee transparency. Therefore, they must adapt to the new regulatory and technological requirements to offer compliant, secure, and efficient instant payment services to their customers. Financial institutions must also integrate AML compliance measures into their overall approach to instant payments to mitigate regulatory risks and safeguard the financial system from abuse.

The proposed Regulation will enter into force 20 days after its publication in the Official Journal of the European Union. Banks and non-bank financial institutions are subject to varying timelines for upgrading their systems to accommodate instant payments and IBAN name-checking, depending on their institutional classification and currency of operation.

For payment service providers within the eurozone, the initial milestone occurs nine months following the enactment of the Regulation. If the Regulation takes effect in March 2024, for instance, banks must meet the following criteria by December 2024:

1. Capability to receive instant payments
2. Assurance that fees for instant payments align with those for regular credit transfers
3. Implementation of daily sanction screenings.