Who is in scope?

The new rules apply to payment service providers (PSPs), as such are defined under the EU Payment Services Directive II (Directive (EU) 2015/2366, as amended – PSD II), including notably:

  • credit institutions;
  • electronic money institutions (EMIs);
  • payment institutions;
  • the European Central Bank;
  • national central banks; etc.

The Regulation captures instant credit transfers, i.e., immediately processed transfers of euro-denominated money, which becomes visible in the recipient’s account within ten (10) seconds after a payment order, at any time of any day (even outside business hours).

Key provisions

Obligation to send and receive instant credit transfers

The Regulation introduces an obligation for any PSP sending and receiving credit transfers to:

  • be able to also perform instant credit transfers in euro (through the same payment initiation channels used for non-instant credit transfers); and
  • make its payment accounts available at all times (twenty-four (24) hours a day and on any day), for the purpose of executing such instant credit transfers.

For this purpose, payment orders in relation to instant credit transfers will, in principle, be considered to have been received at the moment received by the payer’s PSP, irrespective of the hour or day.

Subject to the competent authority’s prior permission and up until 9 June 2028, the above obligation will not apply to PSPs located in non-eurozone states, as regards euro-denominated credit transfers beyond a certain limit per transaction (to be established by the competent authorities and be equal to or exceed the amount of EUR 25,000), from non-euro denominated payment accounts.

Processing instant payment orders

The payer’s PSP is required to, immediately upon receipt of a payment order by the payer:

  • assess whether the funds corresponding to the relevant payment amount are available;
  • reserve or debit such amount from the payer’s payment account;
  • immediately forward the payment transaction to the payee’s PSP.

Then, the payee’s PSP must, within ten (10) seconds upon receipt of the payment order by the payer’s PSP:

  • make the payment amount available on the payee’s payment account (in the currency of that account);
  • inform the payer’s PSP that the payment transaction has been completed.

Immediately upon receipt of the above confirmation of completion or within ten (10) seconds upon receipt of the payment order, the payer’s PSP shall inform the payer whether the relevant payment transaction amount has been made available to the payee’s payment account. If the payer’s PSP has not received confirmation of completion by the payer’s PSP, then the former should immediately restore the payment account of the payer to its original state.

Verification of the payee

In addition to the above instant payment service, the payer’s PSP shall provide a verification service in relation to the identity of the payee, immediately upon receipt of the relevant payee information by the payer and before requesting the authorisation of the relevant credit transfer by the payer. In particular, the payer’s PSP will have to request the payee’s PSP to confirm whether the payment account identifier or other data elements (i.e., fiscal number, Legal Entity Identifier, etc.) and the name of the payee match; where they do not match (or almost match), the payer’s PSP shall notify the payer accordingly.

In line with the provisions of PSD II, no liability of a PSP shall exist for the defective execution of an instant credit transfer on the basis of an incorrect unique identifier. However, where the defectively executed transfer is a result of the payer’s PSP’s failure to verify the payee’s identity, then the payer’s PSP shall without delay refund the payer the amount transferred and restore the debited account in its original state. Where such payer’s PSP failure is due to the payee’s PSP non-compliance with its identity verification obligations, then the latter will be held liable to compensate the payer’s PSP for the financial damage caused.

Screening of payment service users (PSUs)

In addition to the above payee identity verification obligation, PSPs shall also verify whether any of their PSUs (either payers or payees) are subject to targeted financial restrictive measures, immediately upon the entry into force of any new such measures or amendments thereof.

A PSP that fails to conduct such screening shall be required to compensate any other PSP involved in the relevant transaction for any financial damage caused by penalties imposed on that other PSP under the relevant restrictive measures (i.e., for its failure to freeze assets of listed persons or entities).

Additionally, breach of the above screening obligation may result in the imposition of administrative fines of at least 10% of the total annual net turnover of the preceding business year (for a legal person) or up to EUR 5,000,000 (for a natural person).

Changes for instant payment transactions 

PSP charges for offering instant credit transfers shall not exceed the charges for sending and receiving non-instant payments. The payee verification will not be subject to any additional charges.

Implementation timeline

The Regulation will be gradually implemented, as follows:

  • for PSPs within the euro area: by 9 January 2025 for receiving instant payments and by 9 October 2025 for sending instant payments;
  • for PSPs outside the euro area: by 9 January 2027 for receiving instant payments and by 9 July 2027 for sending instant payments;
  • for PSPs which are also authorized as EMIs: by 9 April 2027 if they are located in the euro area and/or for the service of receiving instant payments or by 9 July 2027 if they are not located in the euro area and in relation to the service of sending instant payments.

In this respect, full implementation is intended to coincide with the entry into force and application of the anticipated new Payment Services Regulation and revised Payment Services Directive III, which are expected to further reinforce the EU payment setting and improve the quality of payment services for PSUs, particularly consumers.

What does this mean for PSPs?

PSPs in scope of the Regulation must ensure that their IT systems and contractual arrangements with their clients and relevant providers allow them to comply with the Regulation’s requirements and in particular, the 10-second processing and the immediate payee verification obligation.

The sanctions screening capabilities should also be reviewed to ensure compliance with the PSU screening requirements.