Verification of Payee: How to verify legal entities?

With the implementation of the Instant Payments Regulation (IPR), many banks and fintechs across Europe are preparing to deploy a Verification of Payee (VoP) solution. While verifying individuals is relatively standardized, verifying businesses presents unique challenges. We have analyzed the key technical points that must be addressed for an effective implementation.

Multiple options to identify a legal entity

When verifying a company, Payment Service Providers (PSPs) often ask: which identifier should be used to verify a legal entity?

According to the Rulebook published by the European Payments Council (EPC), multiple options are available: the Legal Entity Identifier (LEI), the national identifier, the VAT number, or simply the company name. Here is our analysis:

LEI: A unique but ineffective identifier

The LEI is often presented as the ideal solution. As a unique and standardized identifier, it helps avoid errors and confusion. However, it has several limitations:

• Cost: The LEI is a paid identifier, which can hinder its adoption.
• Limited adoption: Not all EU countries systematically use it.
• Bank-side challenges: Few banks store the LEI in their databases.

National identifier: A reliable but non-harmonized alternative

In many cases, national identifiers (or company registration numbers), such as the SIREN in France, are widely used and well known by local businesses. However, these identifiers vary from country to country, and multiple identifiers may coexist within a single country, complicating their use in a European framework.

Examples across Europe: In Spain, the NIF is the standard national identifier, while in Germany, the Handelsregisternummer is used, and in the Netherlands, companies are identified by the KvK-nummer.

Since each country uses a different system, the lack of harmonization makes it difficult to establish a uniform verification process across Europe.

Bank-side perspective: Most banks store the national identifier of their corporate clients, though each bank may have its own data management practices.

VAT Number: an underutilized european standard

The VAT identification number is another widely used, free, and standardized identifier across Europe, making it an ideal candidate for company verification. However, it is rarely used in daily verifications and is not commonly stored in banks' customer databases.

Special cases: associations and micro-businesses

Among legal entities, different legal structures exist where standard identifiers are not applicable. The most notable example is associations, which often have a specific identifier in most countries (e.g., the RNA identifier in France). Some micro-businesses may also hold personal bank accounts and may not be registered as legal entities in bank records.

Company name: a perfect solution?

Using the official company name for verification has a significant advantage: the information is systematically available in banking records. However, some companies use trade names different from their official legal names, leading to potential confusion. The use of acronyms (e.g., G.E. for General Electric) can also complicate reconciliation.

Additionally, verifying company names carries a substantial risk: homonym fraud. Fraudsters may adapt their practices once VoP becomes mandatory by creating fake companies with identical names to legitimate businesses.

What does the EPC technical documentation say?

The VoP model described in the EPC technical documentation offers significant flexibility. When initiating a payment, the payer can provide an account number along with their chosen identifier or the company name. This flexibility presents an operational challenge: each bank, and ultimately each customer, must ensure the proper registration of identifiers and company names to optimize verification accuracy.

Conclusion

Implementing a Verification of Payee solution requires careful consideration of how legal entities are evaluated: it’s a challenge in itself. Between the choice of identifiers, national differences, and data quality, banks and fintechs must ensure that their RVM partner can address these issues. Otherwise, they risk delivering a poor customer experience and increasing fraud risks.

With a deep understanding of this issue, Qombo has chosen a meticulous approach. We manage these complexities for our clients, and our experts are available to share their knowledge if needed.