The Instant Payments Regulation (IPR) brings a fundamental shift in how euro credit transfers must be delivered across the European Union (EU). With tight deadlines and major operational implications, how can firms prepare?
Why it matters
The EU’s Instant Payments Regulation (IPR), adopted in April 2024, aims to make instant credit transfers in euro available to all EU citizens and businesses, 24/7 and across borders, within seconds. This has triggered a wave of change for payment service providers (PSPs), who must now rapidly adapt to stringent new requirements around payment speed, security, and transparency.
The first compliance deadlines for payments and e-money institutions (concerning sanctions screening and equal charges) came into force in January 2025. As such, firms that fail to act now risk being left behind, or worse, exposed to supervisory scrutiny and reputational damage.
What is the core requirement?
The IPR mandates that euro credit transfers be processed instantly, within ten seconds, at no extra cost to the customer. PSPs must also ensure real-time fraud and sanctions checks, implement new account verification procedures, and overhaul legacy systems to meet these demands.
The EU set out two key deadlines for compliance in 2025. The first was in January with the second set to come into force in October.
Since 9 January 2025, PSPs have been required to:
- be able to receive instant credit transfers in euro;
- conduct daily sanctions screening of customers against EU lists; and
- ensure fees for instant payments are no higher than those for standard credit transfers.
By 9 October 2025, PSPs must:
- be able to send instant credit transfers in euro; and
- implement Verification of Payee (VOP) to confirm the beneficiary’s name matches the IBAN before processing payments.
By 9 April 2027, all remaining EU PSPs must comply with both sending and receiving requirements.
Key compliance challenges
The IPR is not simply a technology upgrade; it requires a complete rethink of payment systems, risk controls, and customer protections. Here are the core areas firms must focus on:
- Fraud and sanctions screening
- Real-time processing: traditional batch screening won’t cut it. PSPs need to implement real-time sanctions screening and fraud detection that doesn’t delay transaction processing.
- APP fraud risk: as instant payments become the norm, so too does the risk of Authorised Push Payment (APP) fraud. Preventative controls must be built into the payment journey.
- Transaction monitoring
- With transactions settled in under 10 seconds, PSPs must deploy or upgrade real-time monitoring systems that are both effective and scalable.
- Testing systems in advance is key; firms should stress-test for volume, latency, and exception handling now.
- Verification of Payee (VOP)
- VOP introduces a layer of security similar to the UK’s Confirmation of Payee.
- Firms must ensure their systems can verify beneficiary details in real time before releasing payments; a new operational burden for many.
- Legacy systems and outsourcing arrangements
- Many firms operate on legacy core banking platforms or rely heavily on third-party vendors.
- Firms must assess whether their current systems and outsourcing partners can meet the IPR’s speed, availability, and compliance expectations.
What should firms be doing now?
With the second deadline approaching in October, firms must treat IPR compliance as a strategic priority. Here’s what should be done:
Conduct a capability gap analysis:
- Can you currently process payments in real time?
- Do your fraud and sanctions screening tools support instant processing?
- Are your outsourcing partners contractually and operationally prepared?
Upgrade systems and controls:
- Prioritise investment in real-time infrastructure, including monitoring and alerting tools.
- Ensure your systems can support 24/7 availability, including over weekends and holidays.
Plan for VOP implementation:
- Begin procurement or development of VOP systems now.
- Train operational staff on the new customer experience requirements.
Secure internal buy-in:
- Compliance cannot deliver this alone. IT, operations, risk and senior leadership must be fully engaged.
Conclusion
The Instant Payments Regulation is not just about faster payment, it’s about modernising the European payment infrastructure to be secure, inclusive, and to operate in real-time. But for PSPs, this is also a compliance challenge of significant scale and urgency.
By taking early action, particularly around VOP, fraud screening, and legacy system upgrades, firms can stay ahead of the regulatory curve and turn compliance into a competitive advantage.
For support with your IPR readiness, including gap analysis, VOP implementation, or systems design, speak to our payments compliance experts today.
This post contains a general summary of advice and is not a complete or definitive statement of the law. Specific advice should be obtained where appropriate.
