They are the biggest step forward for Open Banking since the launch of the first payment APIs. Variable Recurring Payments (VRP) are a genuinely game-changing innovation which we expect to be one of the standout success stories of 2023. VRP allow consumers
to authorise payments on an ongoing basis. They improve security for merchants and customers alike, removing the friction created when shoppers have to type in card details and addressing the security risk created when businesses have to store card information.
In July this year, the CMA mandated the UK’s nine biggest banks to introduce VRP for sweeping - the automated movement of money between accounts. This “me to me” use case is only a hint of the true potential of VRPs, which we expect to play a major role
in driving the mainstream adoption of Open Banking. Ultimately, VRP have the potential to compete with - or even replace- direct debit, card-on-file, and other payments.
However, before we all cut up our cards for good, there are important questions to be asked about VRP. To solve these challenges and discuss the many opportunities of VRP, Open Banking Excellence (OBE) gathered leaders and pioneers around a Campfire hosted
by Huw Davies, CCO and Co-Founder Of Ozone API.
Siamac Rezaiezadeh, Senior Director of Product Marketing, GoCardless, said: “I spend a lot of my time talking to merchants, but also talking to payers, because ultimately, there are lots of things that drive adoption. I think that VRPs are not just beneficial
for merchants. With the right use cases, they will meet the needs of payers as well.”
Going Beyond the Mandate
Non-sweeping VRPs, which are also called Commercial VRPS, represent the biggest Variable Recurring Payments opportunity for banks. When the CMA9 introduced VRP, Natwest was the first to announce that it would go beyond the mandate to deliver non-sweeping
VRP. This year, NatWest signed agreements with TrueLayer, GoCardless, Crezco, Token, Yapily and Tink to “offer VRP as a new payment method”.
Raffaele Brusco, Senior API growth manager – leading VRP commercialisation at the NatWest Group, argued the “the big opportunity for VRP is yet to come”.
“For us, the commercial part of VRP - non-sweeping - is the opportunity,” he continued. “We have supported these opportunities from the early days and put the customer at the very centre. Customers use established forms of payment such as cards, direct debit,
or standing orders, but those are not perfect. Cards and direct debit might be open to fraud, for instance, because customers need to share personal information.
“VRP can be the product that unlocks and solves payment challenges. If we think of VRP as the first step towards building a seamless one-click, almost zero-click payment experience, then I think we are unlocking opportunities.”
Liability and Disputes Challenges
One of the major challenges Natwest and other pioneers face with introducing VRP is a lack of regulatory clarity around liability and disputes. VRPs are a “push” payment mechanism, which means payees do not have access to customers’ financial information.
This means consumer protection frameworks built to address the risks created by recurring card payments or direct debits are insufficient. Adopting them will add expense and may add friction - both of which VRPs are supposed to remove.
“We are waiting for the regulator to provide us with more information in terms of how to manage liability,” Raffaele added. “However, there are use cases which can go live even if there is not a fully-fledged liability model. When we sign a contract, we
will suggest rules in terms of disputes and liability that will govern the relationship over the specific use case.”
The Open Banking payments platform Token is one of the six companies that signed agreements with Natwest to offer non-sweeping VRP for use cases such as “providing a convenient alternative to existing payment options, such as direct debits and online card
payments”.
Charles Damen, Chief Product Officer of Token, said: “[Working with Natwest] was an interesting process from the perspective that what we're really trying to do is develop a new set of rules for a new form of payment. At the moment, there's a liability model
in PSD2 from a fraud perspective, there is also a model for similar payments for commercial disputes. Should there be similar consumer protection across all payment methods? We don't believe that that should be the case. Each payment instrument has different
capabilities, different features and different benefits, and therefore consumer protections should not be the same.”
The Problem With Mandates
The fact that the CMA’s July mandate only requires banks to implement a very basic form of VRP is another challenge. Dan Morgan, European Policy Lead at Plaid, warned that “banks are not really incentivized to make non-sweeping APIs available, even though
the business case is there for all banks”.
He continued: “If we want to make this successful in the UK, bilateral approaches are only going to go so far. That is why we're having this discussion at the moment at the JROC, the Joint Regulatory Oversight Committee, where Open Banking is coming together
to think about how this works. Coverage is one challenge. There are also questions about the role of regulators and the future entity which will replace OBIE.
“It will be helpful for the entire industry and provide certainty for consumers and businesses alike. But we are also keen not to replicate the same consumer and payment protections we have now. There's no need for chargebacks, for instance, we want to build
a push framework, not a pull framework. You don’t want to share your card details. There are lots of other safety precautions in and around Open Banking style payments. The future entity, Treasury and JROC will need to intervene if we really want to take
the next step.”
The Future of Payments
To truly unlock the value of VRPs, the financial services sector must work with regulators to address issues around liability and other challenges. We are encouraged to see collaboration within the industry, which demonstrates the value created by a partnership
approach. Over the next year, we expect to see some of the problems with VRP ironed out, which will smooth the path for wider adoption.
Huw Davies, CCO of Ozone API and host of the OBE Campfire, said: “I would love to see VRP genuinely scale in the UK, now that these partnerships have started to form. I spend so much of my time helping other banks around the world implement Open Banking
and helping other regulators think through how to get this right. And create a framework that delivers all of the benefits we've talked about. If we move quickly, the UK has got an opportunity to create a blueprint.”
We gave the world Open Banking. If the UK takes the right steps, we believe that 2023 could be the year of VRP - or at least an important staging point for the inevitable payments revolution they will create.