EPC paper clarifies the use of electronic mandate solutions

In short: the new mandate distinguishes two schemes: the SDD Core for use by consumers and B2B scheme for use by businesses. These schemes have been around for a while now, but the use in combination with electronic mandates now sees its first adoption.  First findings; there is still some ambiguity about the legislation. For example, payments need a signed mandate to be processed, but some payments without such a mandate are still tolerated, including the high chance of reversals.

The authors explain the risks and liabilities with these schemes and it endorses the need for the community to make use of a decent solution to make sure that payments can’t be processed without a proper mandate.

This is the original text:

In April, the European Payments Council (‘EPC’) issued a clarification paper on the use of electronic mandate solutions. The paper is structured in two parts: the first provides some legal context on the general use of mandates, and the second focuses on several aspects of using e-mandate solutions, zooming in on three topics: The main differences between the ‘regular’ Core Direct Debits scheme and the B2B scheme, in relation to the use of e-mandates; the impact of using e-mandates for Creditors; and the impact of using e- mandates for Debtors. Lex Franken and Vincent Jansen of payments, digital identity and e-business consultancy Innopay provide an overview of the EPC’s clarification paper and specifically how the clarification relates to current e- mandate initiatives within the EU.

Since the SEPA Direct Debit (‘SDD’) schemes (both Core and B2B) are built on a Creditor-driven mandate flow – the burden of proof lies with the Creditor – the Debtor Bank does not necessarily play a role in issuing and authorising e-mandates. Furthermore, other than a description of the optional EPC e- mandates model in appendix VII, e-mandates are not in the scope of the EPC SDD rulebooks. This leaves the methods of issuing and authorising e-mandates to ‘the market’ and the Creditor’s choice. But how can Creditors determine which method to use?

In accordance with the Payment Services Directive (‘PSD’) a payment transaction is considered to be authorised only if the payer has given consent to execute the transaction. The form of this consent is to be agreed between the payer and their payment service provider (in this case the Debtor Bank). In SEPA regulation, the mandate is the expression of this consent and authorisation as given by the payer to their payee and to their Bank.

When it comes to mandates, the most important aspect is whether and how the mandate has been signed by the Debtor. The PSD and SEPA regulation specify that a mandate must be signed, but it does not state how it must be signed. The accepted methods of signing depend on national business practices and relevant legislation. At the same time, the SDD Rulebooks state that ‘The mandate may be an electronic document which is created and signed with a Qualified Electronic Signature […].’ The EPC seems to overrule this requirement in the clarification paper by stating that the process of issuing and authorising an e-mandate lies outside of the scope of the EPC SDD schemes.

From this legal context, we can conclude that the way a valid mandate is created is a matter between Debtor and Creditor, based on the contractual provisions in their contracts with their payment service providers (‘PSPs’). The basis for the legal assessment of the validity of the mandate in case of a dispute is what was agreed between the Debtor and the Debtor Bank, which de facto means the terms of the Debtor Bank apply. However, the responsibility and process to prove this authorisation and the resulting risk distribution across participants differs between the Core and B2B schemes.

Relevant aspects of e- mandate solutions

Differences between SDD Core and B2B scheme

An important difference between the Core and B2B scheme is that for Core direct debits, the Debtor Bank executes any direct debit as initiated by the Creditor Bank, no questions asked. Furthermore, Debtors can claim an immediate refund within eight weeks after the direct debit collection from their account. After this period, they may still claim a refund for an unauthorised collection within 13 months after the collection date.

The Debtor Bank will only check the existence of a valid mandate when the collection is disputed by the Debtor after the eight week period. The decision whether the direct debit was authorised or not is the prerogative of the Debtor Bank and is final for all participants. The Debtor Bank decides if this was authorised by determining if consent was indeed given by the Debtor (i.e. by checking the validity of the mandate). Ultimately, the Creditor Bank is responsible for the refund to the Debtor Bank, regardless of whether it is able to collect the amount of the refund from the Creditor’s account.

This refund risk is hard to manage for the Creditor Bank, since they have no knowledge of the (existence of ) the mandate at the time of direct debit collection. The best way for Creditor Banks to manage this risk is probably to require that Creditors only use e- mandate methods that have been approved by the Debtor Banks.

For B2B the risk distribution is different. Although it is technically a Creditor mandate flow, the direct debit may and will only be collected from the Debtor account when the mandate-related information in the direct debit initiation can be related to the information in the mandate. Effectively, this means the Debtor Bank must be informed about the mandate (the mandate must be registered) and must verify, prior to executing the direct debit, that the mandate information in the direct debit corresponds with the mandate information as registered by the Debtor Bank.

Another important difference is that direct debits in the B2B scheme are irrevocable once they have been collected2. This means that for B2B collections, there is no risk for the Creditor Bank nor for the Creditor once the collection has been approved by the Debtor Bank. However, since the Debtor Bank has the responsibility to check for authorisation at the moment of direct debit collection, the risk in case of a dispute concerning unauthorised collections moves to the Debtor Bank.

The only risk for the Creditor is that the mandate is not registered at the Debtor Bank. As in the Core scheme, choosing an e-mandate method that is accepted by the Debtor Bank and by which the mandate is immediately registered at the Debtor Bank is the Creditor’s best way to reduce this risk.

Impact for creditors

The main message to Creditors is that, although an e-mandate may have been created while using a legally binding signature method, Creditors should be very aware that not all kinds of legally binding signatures allow for easy proof that the mandate has been authorised by the Debtor. If the Debtor Bank is unable to verify the validity of a mandate, or unwilling to implement the technical measures to do so, they are very likely to decide on a dispute in favour of the Debtor. This EPC conclusion reads as advice to check which methods are accepted by the Debtor Bank beforehand, instead of merely choosing a solution and still risk the chance of disputes being settled against you as a Creditor.

Impact for debtors

Within the Core scheme, Debtors can claim a refund up to 13 months after the collection. It is important to note that even though a refund claim may be settled in favour of the Debtor, this is merely a decision on the authorisation of the collection. It remains the responsibility of the Debtor and Creditor to settle the dispute when it comes to the payment obligation. Settlement of this dispute is outside the scope of the SDD Core scheme and is not influenced in any way by the Debtor Bank’s decision on the refund claim.

In the B2B scheme Debtors must be aware that B2B collections are irrevocable, unless the Debtor can prove the Debtor Bank has executed the direct debit collection without the permission of the Debtor.

E-mandate solutions

Looking at the use of e-mandate solutions, at EU level MyBank has adopted the EPC electronic mandates model in their pan- European solution. The Dutch Banking community is implementing their own e- mandate solution, which is also based on the EPC model. In this implementation, the Debtor Bank fulfils the role of Validation Service. The EPC model, by actively involving the Debtor Bank in the process of issuing and authorising e-mandates, offers Creditors:

• An e-mandate that is accepted by the Debtor Bank in case of a dispute;
• Validated Debtor information from the Bank domain. Creditors can use this information in their direct debit collections, thereby reducing the number of error- based rejections; and
• Immediate registration of B2B mandates in the Debtor Bank domain, facilitating the B2B direct debit collections.

Another benefit of having the Debtor Bank actively involved in the e-mandate process, which is not mentioned by the EPC, is to have an automatic update of the consumer protection settings in the Debtor Bank domain. These settings can be activated by the consumer to protect their bank account against unauthorised collections in the Core scheme. E- mandates may just be the killer- app for Creditors to reduce the risk of collection-rejections caused by activated but outdated consumer protection settings in the Debtor Bank domain.