Open search form Open menu
Search for a lawyer
Search
Financial Services
  • 12 May 2025
  • 9 min read

The emergence of request to pay (RTP) from a financial services legal and regulatory perspective

Written by

Dr. Michael Huertas

RegCORE – Client Alert | Banking Union

QuickTake

The European payment landscape has experienced significant innovation over the past few years, driven by policy developments, regulatory changes, technological advancements and evolving consumer expectations. One such innovation was brought to life by the introduction of the request to pay (RTP) model, a new payment method that aims to enhance flexibility, control and security for both payers and payees. Several leading financial institutions have already adopted RTP, signalling a significant move towards more efficient and direct, perhaps more user-friendly payment processes.

This EU RegCORE Client Alert delves into the process underlying RTP from a legal and regulatory perspective, assessing its implications and the potential future outlook for this new payment model. For a more detailed analysis on the operation of the (SEPA) technical features please see the following contribution available here.  

Key Takeaways

So what is new about the RTP payment model and what are the key considerations from a legal as well as regulatory perspective? Generally, the RTP model allows payees (merchant, stores, etc. who receive the payment) to send a payment request to payers (i.e., consumers authorising the transfer of money), who can then choose to pay immediately, schedule the payment for a later date, or decline the request. From a commercial point of view, this flexibility is poised to improve cash flow management (including re supply chain finance optimisation) for businesses and consumers alike. Another advantage is that RTP can reduce the time and administrative burden associated with (manual) issuing, transmitting and reconciling traditional invoicing and payment methods thereby reducing reduced payment uncertainty and administrative expenses as well as the likelihood of administrative errors.

The RTP process begins when a payee initiates a payment request through a secure channel. The payer receives a notification of the request, typically via a mobile app or online banking platform (supposing his or her bank has adopted RTP). The payer than has the option to review the details of the request, including amount, due date, and any associated terms. Then, upon reviewing the request, the payer can ideally decide to authorise the payment, schedule it for a future date, or decline it altogether. Might seem obvious, but at a first glance this process thus provides both parties with clear visibility of the payment request and its status, reducing the likelihood of disputes and enhancing overall transparency.

A simplified sequence of the RTP process is as follows:

1.   Initiation of Payment Request by Payee 

  • The payee initiates a payment request, which includes details such as the amount, the due date and any relevant terms and conditions. To do so, the payee uses a secure RTP platform or service (in any case a so-called “secure channel”) provided directly by their financial or payment institution to generate this request. 
  • The payment request is transmitted to the payer through the secure channel. This could be, as described above, via a mobile app, online banking platform, or other digital means. The platform then ensures that the request is securely delivered to the payer’s financial or payment institution. 

2.   Notification and Review by Payer 

  • The payer (i.e., consumer or business) receive a notification of the payment request. This notification, containing all relevant payment request details, typically also appears in their mobile banking app, online banking portal, or via email/SMS.

3.   Payer’s Decision and Authorisation 

  • The payer then has the option to either, authorise, schedule or decline the payment.
  • If the payer decides to authorise, the authentication process is initiated. This typically involves Strong Customer Authentication (SCA) (as required by the EU’s second payment services Directive (PSD2)Available here.Show Footnote), i.e., two-factor authentication. This is then verified by the payer’s payment institution. 

4.   Payment Process and Settlement 

  • Once the payment has been authorised, the payer’s payment institution then processes the payment. The funds are debited from the payer’s account and directly credited to the payee’s account. The RTP platform ensures that the transaction is securely processed and recorded. 

5.   Post-Transaction Activities

  • The payee reconciles the received payment with their records, ensuring that the payment matches the issued request.

The implementation of RTP as a payment solution must adhere to several regulatory frameworks to ensure the security and integrity of transactions processed under it. Under PSD2, RTP transactions must comply with the above-mentioned SCA requirements. Although RTP leapfrogs certain elements in the payment lifecycle, RTP may nonetheless involve third-party providers such as payment initiation service providers (PISPs) which must be regulated and authorised under PSD2.

The EU’s General Data Protection Regulation (GDPR) also plays a crucial role in RTP services. Financial institutions must ensure that personal data is processed in compliance with GDPR, including obtaining explicit consent from users and implementing measures to protect data privacy. Data minimisation principles must be adhered to, ensuring that only necessary data is collected and processed, and data subjects must be informed about how their data will be used.

Firms offering RTP must implement robust risk management frameworks to identify, mitigate and manage risks associated with RTP transactions. This includes PSD2 requirements on the monitoring of suspicious activities and implementing fraud detection mechanisms. It also includes firms complying with PSD2 and other regulatory requirements for reporting security incidents to relevant authorities and affected customers in a timely manner.

Anti-money laundering (AML) and counter-terrorist financing (CFT) regulations require financial institutions offering RTP services to conduct thorough Know Your Customer (KYC) checks to verify the identity of their customer and prevent illicit activities. Provided that RTP as a payment solution presupposes that a merchant or client to a transaction already has an account the payment or financial institution offering it, KYC checks might already have been duly conducted. Notwithstanding the above, continuous monitoring of transactions is essential to detect and report suspicious activities.

A further dimension of fundamental importance to the successful implementation of RTP is operational resilience. Financial institutions must have robust business continuity plans to ensure the uninterrupted provision of RTP services. Adequate cybersecurity measures must also naturally be implemented to protect against cyber threats to the RTP process and to ensure the integrity of transactions.

From a legal perspective – both statutory and contractual considerations will apply. Compliance can be particularly challenging in a domestic situation but more so in a cross-border setting. Despite SEPA and PSD2’s harmonisation of payment standards and processes and seamless execution, understanding national law specifics that may apply depending on where payer and payee are located and under which law they agree to contract for RTP transactions (and refunds) is important – in particular when it comes to respective consumer protection and disclosure standards. Financial services firms need to ensure that any raft terms and conditions for RTP services are comprehensive and also clearly set out terms on:

  • Service description: Detailed explanation of the RTP service and its functionalities both to counterparties but equally clients.
  • User obligations: Responsibilities of the payee and payer in the RTP process. To ensure a high level of service quality, contracts should include detailed service level agreements (SLAs) that outline the performance standards for the RTP service. This includes specifying the expected uptime, response times, and resolution times for any issues that may arise. SLAs should also include provisions for monitoring and reporting on service performance.
  • Fees and charges: Any applicable fees for using the RTP service.
  • Liability and dispute resolution: Contracts should clearly outline the liability of each party in case of unauthorised RTP transactions, errors, or fraud. Firms should also consider including indemnity clauses to protect against potential losses arising from breaches of contract or regulatory non-compliance.
  • Dispute resolution: Firms should establish a dispute resolution mechanism to handle any conflicts arising from RTP transactions.

Ultimately, the rise of RTP presents both opportunities and challenges for traditional payment services and card providers. On one hand, RTP offers a more flexible and user-friendly alternative to traditional payment methods. On the other hand, card providers and other payment services may need to innovate and adapt to remain competitive. This could involve integrating RTP capabilities into their existing offerings or developing new services that leverage the benefits of RTP. The increased competition may further drive own transaction fees, benefiting consumers but potentially impacting the revenue streams of traditional payment providers.

A further area that RTP is likely to benefit is the increased adoption of supply chain financing solutions (including integration with automated/digital platforms) among businesses. As companies become more aware of the benefits of SEPA RTP, they may be more inclined to explore supply chain financing options that leverage this payment method. This increased adoption can lead to greater competition among financiers, resulting in more innovative and cost-effective financing solutions for suppliers.

Outlook

As more financial institutions may look to adopt RTP, the expansion will likely drive further enhancements in payment efficiency and user experience. Financial institutions should prepare for this growth by investing into necessary infrastructure and technology to support RTP services. Ongoing regulatory scrutiny and potential updates to existing frameworks will be crucial in shaping the future of RTP. A number of financial institutions may want to stay abreast of regulatory changes and ensure compliance to mitigate risks and capitalise on opportunities. Engaging with regulators and participating in industry discussions can help institutions stay informed and prepared for any regulatory developments.

The integration of advanced technologies such as artificial intelligence and blockchain could further enhance the security, efficiency, and transparency of RTP transactions. Financial institutions should explore these technologies to stay competitive and meet evolving consumer expectations. Investing in research and development can help institutions identify and implement innovative solutions that enhance RTP services.

The RTP model represents a significant advancement in the EU payment landscape, offering enhanced flexibility, control, and security for both payers and payees. While the adoption of RTP brings numerous benefits, it also necessitates careful consideration of regulatory compliance and operational resilience. Financial institutions must proactively address these challenges to leverage the full potential of RTP and deliver superior payment experiences to their customers.

For further information or assistance with RTP implementation and compliance, please contact our EU RegCORE team.

About us

PwC Legal is assisting a number of financial services firms and market participants in forward planning for changes stemming from relevant related developments. We have assembled a multi-disciplinary and multijurisdictional team of sector experts to support clients navigate challenges and seize opportunities as well as to proactively engage with their market stakeholders and regulators.

Moreover, we have developed a number of RegTech and SupTech tools for supervised firms, including PwC Legal’s Rule Scanner tool, backed by a trusted set of managed solutions from PwC Legal Business Solutions, allowing for horizon scanning and risk mapping of all legislative and regulatory developments as well as sanctions and fines from more than 2,500 legislative and regulatory policymakers and other industry voices in over 170 jurisdictions impacting financial services firms and their business.

Equally, in leveraging our Rule Scanner technology, we offer a further solution for clients to digitise financial services firms’ relevant internal policies and procedures, create a comprehensive documentation inventory with an established documentation hierarchy and embedded glossary that has version control over a defined backward plus forward looking timeline to be able to ensure changes in one policy are carried through over to other policy and procedure documents, critical path dependencies are mapped and legislative and regulatory developments are flagged where these may require actions to be taken in such policies and procedures.

The PwC Legal Team behind Rule Scanner are proud recipients of ALM Law.com’s coveted “2024 Disruptive Technology of the Year Award”.

If you would like to discuss any of the developments mentioned above, or how they may affect your business more generally, please contact any of our key contacts or PwC Legal’s RegCORE Team via de_regcore@pwc.com or our website.

Contact us

Dr. Michael Huertas

Partner Frankfurt am Main
Financial Services

Tel.  +49 160 97375760

Email  E-Mail

Show profile

Other Expert Articles and Blogs

Importance, Development and Regulation of AI in Low Income Countries and Emerging Markets
Public Business Law
Importance, Development and Regulation of AI in Low Income Countries and Emerging Markets
  • 30 Apr 2025
  • 4 min read
Financial Services
Making sense of MAC and force majeure clauses in the time of tariffs
  • 24 Apr 2025
  • 25 min read
Financial Services
ECB Opinion on a Shorter Settlement Cycle Regulation
  • 17 Apr 2025
  • 5 min read
All Expert Articles and Blogs