VoP Obligation: New Hurdles for Corporate Customers

The Verification of Payee (VoP) obligation, which will become mandatory throughout the EU from October 2025, requires payment service providers to verify the recipient's name against the specified IBAN before executing transfers. The aim is to make payments more secure, avoid errors and detect fraud attempts at an early stage.

This applies to SEPA transfers and instant payments – and thus also affects the typical payment methods used by businesses. For corporate customers in particular, this obligation means a significant change: processes and technical infrastructures must be adapted, roles redefined and communication channels revised.

Corporate customers are faced with the task of bringing their internal payment processes into line with the new verification requirements. Companies that have previously collected large amounts of data and submitted it as collective transfers are now forced to develop decentralised solutions – or completely redesign their existing submission channels.

Integrating the VoP check into existing submission channels, interfaces and data formats is particularly challenging. One example is EBICS, which is established as the standard procedure in corporate banking. As the European EBICS standard does not currently offer VoP functionality, transitional solutions must be found – for example, via supplementary systems or bilateral communication channels.

The regulation stipulates that corporate customers can waive the VoP check for collective transfers via a contractually agreed exception (opt-out). What initially sounds like a relief brings new complexity: banks and companies must make individual contract changes in which the question of liability is redefined. This is because if the check is waived and an incorrect transfer is made, the risk lies with the client. The coordination effort involved is not trivial:

• Legally compliant wording is required.
• IT systems must be able to recognise when the opt-out applies.
• Protocols must be documented that can withstand any queries or checks.

Companies that submit individual transactions, on the other hand, must take the opposite approach: here, a mandatory opt-in for verification applies – without this, the payment will not be executed. However, authorisation for opt-in orders must take place after the VoP check, as authorisations provided before the VoP check are rejected. Subsequent authorisation can then only be carried out using a VEU procedure. This makes this process difficult or impossible to automate.

One aspect that is often underestimated is the consequence of incomplete or incorrect information in the context of the VoP check. If an invalid name or no name at all is transmitted, the comparison fails – in this case, the payment is rejected. Name discrepancies can also lead to blocking, especially if banks implement strict comparison mechanisms. Companies must therefore not only adapt their technical processes, but also ensure data quality – for example, through the automatic extraction and validation of payees from ERP systems. An additional effect: failed payments generate customer enquiries, manual clarification processes and interrupt the payment flow.

To implement the requirements efficiently, technical solutions are needed that enable flexible and secure integration of the VoP check. This is not just a matter of APIs or interfaces – the processes for submitting, approving and clarifying payments also need to be rethought. PPI's TRAVIC product family already offers specific modules for this purpose that integrate VoP checks into existing systems – including decision logic, error handling and connection to external testing centres. Our recommendation: start early with process analysis, clarification of the contractual situation and selection of suitable technical tools – so that the changeover does not come as a surprise.