Instant Payments: A Sanctions Revolution or Burden

Ten seconds―that is all it takes to break payment barriers across European borders under the European Union’s (EU) new Instant Payment Regulation (IPR). Entered into force in April 2024, it requires all payment service providers (PSPs) to receive instant payments as of January 9, 2025, and send such payments by October 9, 2025.^1,2

The changes that PSPs must implement to be aligned with the IPR’s requirements may spark a real compliance revolution. Know your customer (KYC) procedures will see the integration of Verification of Payee―the process that ensures the payee’s details match the intended recipient before a payment is made―and sanctions screening will transform from transaction-based to customer-based.³

But with these advancements come a host of challenges: tight implementation deadlines, system overhauls, lack of guidance and shortage of resources for smaller PSPs.

The article will explore how the IPR is revolutionizing sanctions screening and the issues that PSPs are facing.

Out With the Old

Up until the IPR was introduced, most European PSPs screened each individual transaction against sanction lists.⁴ This included screening the names of the sender and the receiver, the payment reference and at times the international bank account number of the receiver.

As there is no EU legislation on how PSPs should carry out their sanctions screening process, other methods have also been employed by PSPs, such as batch screening, or the screening of groups of transactions in bulk at regular intervals rather than in real time.^5,6

These methods create a problem when it comes to instant payments. When a payment is flagged by a transaction monitoring system for a sanction alert, the system will block the payment until a compliance/anti-money laundering (AML) analyst investigates it.

Most transaction monitoring systems are notorious for producing large amounts of false positives with common systems producing up to 90% of invalid hits, according to McKinsey & Company.⁷

As each false positive is often discounted manually by a compliance/AML analyst, the current screening techniques are in breach of the IPR’s 10-second rule.

To tackle the problem of compliance-blocked transactions, the IPR forces PSPs to throw out the old method and adopt a new approach. The regulation states that “PSPs should periodically, and at least daily, verify whether their Payment Service Users (PSUs) are persons or entities subject to targeted financial restrictive measures.”⁸

This means that compliance checks will focus solely on customer onboarding and the ongoing relationship, and not on transactions. All PSPs will need to screen their customers against sanction lists daily, after the immediate entry into force of a new targeted financial sanction and immediately after an existing financial sanction has been amended. Any sanctioned individual or entity found will have their accounts frozen, preventing them from sending or receiving payments.⁹

During the 2022 press conference announcing the proposed regulation, former EU Commissioner Mairead McGuinness remarked that customer-level screening “will save money, while still ensuring maximum vigilance.”¹⁰

Efficiency and Compliance

The IPR brings a host of positive changes to compliance departments, and the first of these is the time saved.

The transition to customer-based screening reduces the burden on compliance analysts by eliminating the need to manually handle false positives flagged for sanctions. While false positives from money laundering and other financial crime monitoring will persist, this approach removes an entire layer of unnecessary reviews.

However, customer-based screening is not impervious to false positives. Fuzzy matching, or the technique used to identify potential matches between sanctions lists and customer names, even when there are slight variations in spelling, typos or formatting, can generate a host of misidentifications.¹¹ PSPs will need to create white lists to reduce this occurrence.

Once customer-based screening has been optimized, the second positive change is the reduced reliance on manual processes. By eliminating the layer of transaction-based screening, compliance analysts can minimize human errors.

The final benefit is the incentive to enhance customer data quality. Customer-based screening encourages PSPs to maintain accurate and up-to-date records of their clients and improves the effectiveness of sanctions screening by enabling more precise identification of sanctioned individuals or entities.

Navigating Obstacles

With benefits come challenges. For example, achieving IPR compliance may be particularly difficult for smaller PSPs. Budget constraints, shortage of resources, knowledge gaps and lack of time can make implementing the regulation burdensome for many. The short-noticed deadline of January 9, 2025, to comply with the new sanctions screening rule did little to help.¹²

A survey by RedCompass Labs, a U.K.-based consultancy specializing in payments, found that European banks plan to invest between 1 million euros ($1.04 million) and 3 million euros ($3.11 million) in new technology to meet the standards posed by the IPR.¹³ As the resources needed to implement such technology can already be taxing for major financial institutions, one can imagine what it is like for smaller PSPs.

Another issue is that the instant access to an organized source of sanction information was not available to PSPs prior to the introduction of the IPR.¹⁴ Sanctions lists were acquired through third-party providers and updated versions were sent to the PSPs either at regular intervals (e.g., weekly), or ad hoc. This means that both PSPs and sanctions list providers will have to overhaul their processes and infrastructure to be compliant with the regulation, adding to the burden.

The elimination of transaction-based screening also raises the question: What if a sanctioned name is added to the payment reference? For example, individual A, who is not sanctioned, sends money to individual B, who is also not sanctioned, and adds as the payment communication the name of a sanctioned individual or organization. How will this be captured by AML analysts?

As payment references could potentially contain critical information that links a transaction to a sanctioned individual, entity or activity, this creates a compliance gap.

Instant payments cannot be frozen, and the solution would be to adapt the transaction monitoring system to screen transactions post-payment. However, this could still be an issue when it comes to cross-border transfers. While PSPs could freeze accounts if suspicious activity is detected, the time it takes to notify authorities and act on cross-border payments means that criminals could transfer the money elsewhere before any action can be taken.

The IPR does not cover these issues and there is currently no guidance from the EU.¹⁵ It is up to the PSP to determine how to solve these issues.

A Sanctions Screening Revolution

From system overhauls to meeting strict deadlines and addressing gaps in current compliance processes, the early stages of implementing the IPR were far from easy. However, past the initial hurdles, the shift to customer-level sanctions screening should become more manageable, allowing the benefits to outweigh the challenges.

In the lead-up to the next major IPR deadline in October, PSPs should prioritize the necessary adjustments to their sanctions screening. This includes enhancing and updating all data on their customers, ensuring accurate and up-to-date records, upgrading their screening tools, leveraging the use of artificial intelligence or machine learning tools if possible, and collaborating with external experts such as consultants.

There is no doubt that the IPR is driving a transformative shift in sanctions screening

To ensure the ongoing success of the regulation, it is important that the EU provides clearer guidance, especially on matters such as the handling of sanctioned payment references and post-payment monitoring. PSPs and EU lawmakers would benefit from collaborating to develop solutions that improve sanctions screening at all levels.

Conclusion

There is no doubt that the IPR is driving a transformative shift in sanctions screening. As with every change, challenges are inevitable, but the new regulation is offering opportunities never seen before in the financial landscape. It will be interesting to see how it will further evolve.