Our Take
Tietoevry Banking is warning about compliance risk, but the real story is simpler: banks in jurisdictions without data privacy blockers have already cut fraud by more than three-quarters—waiting is a choice, not a constraint.
Why it matters
Banks are weighing opt-outs from Verification of Payee (VoP) on cost and privacy grounds, but the technology's track record in the Netherlands shows material fraud reduction. Corporate payment fraud—three to four times the consumer market by volume—is at stake, making this a compliance deadline with real financial consequences.
Do this week
Compliance teams: audit your jurisdiction's data privacy laws and RVM provider costs this week so you can present a VoP adoption timeline to your board before the EU deadline.
The Dutch results are already in
European regulators are tightening deadlines around instant payment security. Verification of Payee (VoP) verifies all parties to a transaction within five seconds before payment initiation. In the Netherlands, where the technology has been adopted, results show 81% reduction in all-cause fraud and 67% reduction in misdirected payments (per Tietoevry Banking).
Despite this evidence, some European banks are considering opt-outs. The stated reasons are twofold: national data privacy legislation (Norway has restrictions on VoP-style services) and the cost of engaging a Routing and Verification Mechanism (RVM) provider. RVM providers manage verification requests between banks, maintain API interfaces, and support regulatory compliance.
The stakes are material. Corporate payments are estimated to be three to four times larger than consumer payments by volume (per Tietoevry Banking). Undetected fraud in that segment carries substantially higher losses than retail exposure.
Some corporate clients have raised concerns that VoP could disrupt batch file payment processing. Tietoevry disputes this, noting that VoP verification happens before payment initiation and does not inherently delay batch transactions. The company argues it can reduce downstream security checks.
Opt-out risk is jurisdiction-specific, not universal
The compliance landscape is uneven. Data privacy laws in some EU member states do create genuine constraints on VoP deployment. But in jurisdictions without those blockers, the choice to opt out is a cost trade-off, not a technical barrier.
The Dutch benchmark is from a mature, independent deployment—not a vendor pilot. That makes the fraud-reduction numbers worth taking seriously. Banks opting out in lower-privacy-risk jurisdictions will be choosing to absorb fraud risk they could measurably reduce.
For corporate treasury teams and regulators, the window is narrowing. EU deadlines are tightening, and banks that delay face either last-minute RVM vendor selection under pressure or regulatory exposure.
Separate legal constraint from cost decision
If you operate a bank or payment processor in the EU, map your jurisdiction's data privacy restrictions now. If you have a genuine legal blocker (like Norway), document it and escalate to compliance. If you don't, treat VoP as a cost-benefit decision tied to your corporate payment volume and fraud losses, not as a compliance nice-to-have.
Corporate clients should begin asking their banks about VoP adoption timelines. If your bank is citing cost as the reason for an opt-out, request a fraud-loss comparison against the RVM fee. That shifts the conversation from "expense" to "insurance."
Tietoevry Banking is registered as an RVM provider with the EPC and operates the verification service through a partnership with Movitz Payments. This positions the company as a vendor with commercial interest in adoption. The Dutch results are real, but the urgency framing comes from a vendor with skin in the game.