European instant payments in harmony: Traditional wisdom meets innovative thinking

Customers are increasingly accustomed to instant payments through various mobile offerings, and there is a similar "instant" expectation for non-mobile payments that's causing customers and legislators to put pressure on organizations to modernize the payments ecosystem. One of the biggest challenges these organizations face is evolving regulations related to payments. For example, the EU Council and Parliament has given the green light to new rules for "instant payments" and the "EU AI Act" in addition to the "DORA" mandate.

To modernize, remain competitive and be compliant with regulations requires organizations to work with a "trusted" technology partner who can help to bring together their traditional payment practices and innovative solutions. A cloud-based infrastructure that uses IBM Cloud® for Financial Services can be the answer to ensure the security, privacy and flexibility needed to keep up with these changes in the industry. Let's explore the new regulations to see how IBM can help with payments modernization while prioritizing resiliency, regulatory mandates and performance for mission-critical payments workloads.

What are the key regulations driving the change and what are their implications?

1. EU Parliament's approval of the EU AI Act (March 2024)

The EU AI Act aims to harmonize rules on AI systems across 27 member states to protect fundamental rights, democracy, the rule of law and environmental sustainability from high-risk AI, while boosting innovation and establishing Europe as a leader in the field. The law will apply to any companies doing business in the EU and allows for penalties of up to 7% of global turnover or EUR 35 million, whichever is higher, for those that don't keep their use of AI under control.

The EU AI Act provides a much-needed framework for ensuring transparency, accountability and human oversight in developing and deploying AI technologies. Privacy and data security are the primary concerns regarding AI in instant payments transactions. Customers are concerned about how AI systems might utilize or handle their personal and financial information improperly.

2. EU Council's regulatory mandate on SEPA instant payments (February 2024)

Single Euro Payments Area (SEPA) harmonizes the way cashless euro payments are made across Europe. It allows European consumers, businesses and public administrations to make and receive the payments (credit and debit) transactions under the same basic conditions.

How is "instant" defined in the mandate?

• All participants will be able to process SEPA Instant Credit Transfer (SCT Inst) payments 24x7x365, which enforces infrastructure resiliency.
• The SEPA payment will be in your account within 10 seconds, which enforces automation and performance.
• The mandate requires robust implementation of security and data privacy through fraud detection and fraud prevention. For example: Confirmation of payee (an overlaying informative flow before authorizing and instructing an outgoing SCT Inst) and implementation of AML and CTF sanctions when processing SCT Inst.

Which countries can participate? According to the EPC, the following countries currently participate in SEPA:

What's the timeline? It's clear that banks will need to act quickly to comply with the new regulations.

December 2024:

• Banks of EU and Eurozone countries are required to support receiving SEPA instant payments.
• Banks, payment institutions (PIs) and electronic money institutions (EMIs) can screen entities and individuals only once a day.

December 2025:

• Banks of EU and Eurozone countries are required to support sending SEPA instant payments.
• Banks of EU and Eurozone countries are required to support international bank account number (IBAN) name verification on instant payments.

December 2026:

• Banks of EU non-Eurozone countries are required to support receiving SEPA instant payments.

March 2027:

• PIs and EMIs of EU and Eurozone countries are required to support sending and receiving SEPA instant payments.

June 2027:

• Banks of EU non-Eurozone countries are required to support sending SEPA instant payments.
• Banks of EU non-Eurozone countries are required to support IBAN name verification on instant payments.
• PIs and EMIs of EU non-Eurozone countries are required to support sending and receiving SEPA instant payments.

How is it different from a regular SEPA Credit Transfer?

• SCT SEPA Credit Transfer: SEPA credit transfers are processed in batches. That means you send your SEPA payment to your bank at various times during the day. These transactions are typically put into a "big batch" and submitted to the clearing and settlement at the end of the business day.

• SCT Inst: The processing of SEPA instant payments will be at a transaction level. As soon as a payment service provider (PSP) recognizes (parameters to be confirmed) that the SEPA transaction is an instant payment, they will process and clear the payment (and potentially settle it) in real time.

3. EU Commission's adoption of Digital Operational Resilience Act (DORA), 2022

The European Commission adopted DORA to harmonize information and communications technology (ICT) regulations in the financial services sector in the European Union (EU), imposing common requirements in all EU member states in the following areas:

• ICT risk management and governance
• Incident reporting and management
• Operational resilience testing
• Management of ICT third-party risk

What's the timeline? DORA comes into effect in January 2025, covering EU Financial Institutions and associated ICT service providers.

The road ahead: Challenges and opportunities

Adding a new payment rail takes at least 9 months. Also, there are additional requirements such as fees for these new instant payments must stay in line with non-instant transfers, functionality will be in place to verify clients against sanctions list on at least a daily basis and match the IBAN and the name of the beneficiary.

With varying timelines for PSPs based in euro and non-euro countries, the transition presents a complex landscape of regulatory, technical and operational challenges.

How can IBM help?

For organizations that have not yet taken action to adopt instant payments, the timelines for doing so are likely to be challenging. The IBM Cloud-based payments-as-a-service offering will help to meet these timelines, avoiding penalties and enabling financial institutions to fully comply with the new regulation quickly and easily.

• A proven solutionwith IBM Cloud: It is optimized for regulated industries, addressing the complex and evolving needs of the payments industry.
• Responsible AI: IBM watsonx® products help to comply with the EU AI Act and upcoming legislation worldwide to unlock the incredible potential of responsible AI.
• Embrace and implement regulatory changes: The first cloud optimized for the unique needs of regulated industries with the laws, DORA principles, and regulations built in from the outset-informed by the industries themselves.
• Scalable 24x7x365 service with built in resiliency: Instant payments require a modern infrastructure built specifically for the purpose of settling payments in real time. Our steadfast focus on resiliency means you can deploy with confidence.
  • IBM Multizone Regions, comprised of 3 data centers, limit the adverse effects of any failover to a single data center.
  • IBM Cloud Satellite enables deployment anywhere.
• Performance: Our platform-centric approach is open, secure and flexible, starting where you are. Easily automate payments and manage cash across the SEPA zone by using your existing banks.
• Total cost of ownership: Hybrid cloud offers the power of choice and performance with workloads anywhere to maximize performance from x86, Power-to Cloud-to Quantum.
• Collaboration and innovation through ecosystem: Deploy preconfigured, customized security and compliance controls across your enterprise and third-party ecosystems.

The upcoming EU instant payments regulation requires financial institutions to ensure their payment systems' high availability and performance is adequate to process payments in real time, 24x7x365. While pricing mandate concerns are valid, the total relationship value must be considered, and instant payments are a key factor in attracting and retaining highly valued business clients.

Selecting a trusted, technical partner that offers a cloud-native end-to-end payments solution can help to quickly advance modernization initiatives. IBM Cloud offers payment solutions that include direct connectivity to instant payments networks, mandated regulatory and compliance updates and pre-integration with AI and fraud solutions. Leveraging a technology partner that delivers a security-rich and resilient cloud will lower the total cost of ownership, helping to prepare financial institutions for both current and future demands.