Before diving into the discussion, Mavadiya ran an anonymous poll, asking who in the audience can honestly say they know what Confirmation of Payee is, to which 31% responded No. Commenting on the results, she prompted Kudlacik to start the session by explaining the history and current state of COP.

Kudlacik explained that in the Nordics, Confirmation of Payee is already solved in isolated parts of the payment infrastructure. Examples of this include legacy services such as Account Inquiry in Sweden and Norway, run by the local clearing houses, which are file based, batch based and far from real-time, as well as peer to peer payments such as Swish, Vipps and MobilePay. However, the piece that is missing are regular account to account payments.

“With account to account payments that we do towards regular bank account numbers, we are not provided to this type of validation, and it can feel like sending money into a black hole,” Kudlacik explained. “We thought that P27 would be the provider of a new payment infrastructure, they also had account assurance in scope. And this is where Nordic Payments Council comes into play. We were supposed to be that and we still are the neutral scheme-only body that has the documentation rules and standards. And even though, at the moment, we know that it won't be P27 providing the technical layer, our scheme is still valid and it just will be delivered by someone else.”

Mavadiya then prompted the panel on what this means in light of the European Commission's recent instant payments mandate. Ross replied: “We're seeing in a number of jurisdictions where, as a result of Confirmation of Payee requirements, there is an adoption from organisations that’s organically driven by the need to mandate this. From a consumer perspective, this isn't something that's a nice-to-have. This has now been baselined as a benchmark for jurisdictions across the globe, to give customers a better degree of certainty than they previously had.”

At this point, Kuclacik jumped in to explain that, when discussing COP as a functionality, terms like Confirmation of Payee, Verification of Payee, and Account Verification are used synonymously. Yet in this context, Confirmation of Payee and Verification of Payee (VOP) should be looked at as two separate schemes. Fransson agreed and added that for banks in the Nordics, this means that they will have to comply with both schemes - COP in domestic markets and VOP for euro payments outside of their domestic market.

Touching on the global view on COP, Mavadiya then asked the panel to share success stories for where Confirmation of Payee (whether by this name or another) has been implemented successfully.

Ross started out by talking about the UK. “The UK is a prime example of this. Launched in 2020, they’ve had about 100 organisations sign up for the service. They’ve now recently reached a milestone in regards to COP calls that hit 2 billion overall, and are averaging about 1.9 million COP calls per day. Now a new PSR regime is about to be launched, which is going to change the dynamics and they are expecting the number of organisations subscribed to the service grow as a result.”

Huguet added the Netherlands as another example. “It has been in place for quite some time already, and the benefits for the community have been tremendous in terms of fraud prevention but also in building the trust of the consumers into the local payment rails, and that’s pretty critical. To give you some figures which come from the Netherlands, implementation of the solution there caused a reduction of fraud by 81% and a drop of misdirected payments by 67%. And there are a number of jurisdictions who have implemented similar Confirmation of Payee systems: Australia, India, Pakistan, China, Vietnam, and Brazil. So they exist, and they have demonstrated the value for the ecosystem and for the domestic rails.”

The crux of these COP schemes, however, comes when we move from a domestic lens to a cross-border lens. Ross rightly pointed out that it needs to be considered how scalable domestic solutions are, and how to take a domestic infrastructure and lift it up into a global context that will allow for different jurisdictional rules and requirements. Interoperability has to be a key design principle - not an afterthought.

Commenting on how to achieve this, Fransson said: “The important thing for this to work is that we all have to collaborate - both globally and within regions. It’s important to have standardised APIs and standardised name checks as well.”

Fransson went on to describe that there are two aspects that are holding banks back. The first being legacy solutions. If a bank has an outdated system that doesn’t support APIs, any form of COP would fail because checks would have to be performed manually. Secondly, outdated file-based systems pose another problem, which leads to another point: Should all payments be instant? Or is faster enough? Batch payments are not compatible with COP, so in reality, COP is a scheme that’s designed for instant payments.

Lastly, Fransson emphasised the need for algorithms that take into account close matches. Both too many false negatives and false positives can cause disaster for a financial institution and put a whole scheme in jeopardy. If a COP scheme is to work, the finesse is needed to build a solid algorithm for name matching.

The conversation then shifted toward fraud and COP’s role in fraud prevention. Kudlacik emphasised that, while COP and similar schemes are useful in cases where fraudsters are impersonating legitimate persons, social engineering fraud makes it difficult for COP to prevent fraud. Huguet agreed that COP is no silver bullet, but it’s a critical line of defence. Once an instant payment system has been set up, it has to be followed by a COP scheme, which allows finanical institutions to be covered for liability.

To close off the conversation, Mavadiya asked the panel how far away we are from interoperability for COP. Kudlacik commented that, in order to connect the dots and have interoperability between systems, the systems need to exist first. Ross likened the process of COP interoperability to the current process of ISO 20022 migrations, stating we need to harmonise communication to ensure we’re leveraging the same information.

Fransson pointed out the need for cooperation. There will be no single solution globally, so standardised APIs and name checks are crucial. Huguet agreed on the standardisation, and mentioned that one of the biggest obstacles still remaining is figuring out the question of liability, as it’s hard to harmonise between jurisdictions.