GETTING YOUR BUSINESS SEPA COMPLIANT

By Jonathan Williams, Director of Strategic Development at Experian

Jonathan Williams
Jonathan Williams

The Single European Payments Area (SEPA) legislation is due to come into force on February 1st 2014, yet the majority of European businesses are still behind where they need to be with regards to data validation and migration in order for them to hit this target. According to latest estimates, just less than 40% of credit transfer data required for compliance has migrated so there is a lot of work left to do across the Eurozone. This can be divided into the following three categories that recognise the changes required in the following areas: systems and people; data; and processes.

People Changes
The first target in the SEPA migration process should be making sure key staff realise that any part of the businesses still waiting to start the move must do so urgently. It is important that everyone understands the potential financial penalties and business risks caused by late, or delayed payments – penalties and business delays which could severely affect all aspects of a company from HR (through employees not getting paid); product and service availability (through payments to suppliers and partners failing); and of course reputational damage to the company as a whole.

Establishing a taskforce internally to drive the migration can significantly aid the process, and create a core body who understand the legislation, its business impact, and the importance of compliance to the business.

This taskforce should in the first instance conduct an impact study which establishes the importance of SEPA legislation to the business – a study which can then be presented back to all the relevant stakeholders to ensure they are bought in to the project and fully back the actions and reforms needed. It is essential that the move toward SEPA compliance doesn’t appear internally to be solely an accounts team issue, but one which a much wider impact on the business, and so requires buy-in from everyone at senior management and Board level.

Once this study is complete, the scope for end-to-end management of the process can be undertaken and steps laid out which will walk the company (and the team driving it, alongside the other key stakeholders), through the process. This guide should include the change points across the organisation where SEPA compliance touches operations, and where data, records and business processes will be impacted not just by compliance but by the stages of validation and correcting of records during the migration process.

It’s worth highlighting early on that there are elements of this work which must be done in-house, as well as that which can be outsourced to a specialist agency in order to optimise use of the time left and resource available to hit the deadline. Deciding which aspects of migration to outsource early on is useful as it will create an understanding amongst colleagues of exactly what the responsibilities of the in-house team are.

Staff should realise the benefits of protecting data integrity for the long term, and ensuring that the work done in migration toward SEPA compliance can fundamentally underpin the business in the long term.

System changes
A critical part of a SEPA migration plan is the upgrading of systems to store data and generate the formats required for SEPA payments. In some businesses, there is a long cycle of updates and if this falls after the SEPA deadline, understanding how the system’s data can be made compliant is an important issue. As part of the analysis of which systems hold payment information, it is important to track data from capture through to initiation. In some cases these systems will be hosted by third parties and it is therefore vital to understand their SEPA-compliance roadmap. Where a system is internal, for example a supplier portal or a consumer website, checking that it is capturing bank accounts in IBAN (International Bank Account Number) and, depending on the location of your payment service provider, Bank Identifier Code (BIC) as well, and ideally validating the details to ensure good data hygiene and reduce exceptions or payment failures.

In some cases a system can be left in a non-compliant state if their feeds to other parts of the business can be automatically converted and compliance achieved at another point in the process. Banks may provide conversion services, but there is no substitute for identifying errors at the point of capture, especially as consumers are generally unfamiliar with IBAN, thereby preventing the error being detected at a point that little can be done to correct it.

Many software providers have compliant versions of software and may assist in choosing the correct route to SEPA compliance.

Data Changes
Once you have staff and systems on board, the next stage is managing the data conversion itself, which may seem daunting, but can be broken down and managed in phases. The first phase is a validation check and converting all known, verified, BBAN (Basic Bank Account Number) data to IBAN (International Bank Account Number) and BIC (Bank Identifier Code) data, the latter two being critical to SEPA compliance.

Extracting the relevant data from business systems is normally a manual task. It is easiest to keep the data as comma-separated-value (CSV) records as this is the easiest format for most software to understand. For a smooth conversion, validating the raw data as soon as it has been received is crucial, as this will identify errors and warnings which may compromise the output IBANs; for instance, if bank codes are out of date, new branch codes need to be found.

Direct debits are another crucial aspect of the new SEPA regulations yet only 2% of them are currently compliant. SEPA Direct Debits (SDDs) like any other direct debit scheme, are based on the following concept: “I request money from someone else, with their prior approval, and credit it to myself”, with the payer and the biller each holding an account with a payment service provider (PSP) located within SEPA. This relationship must remain intact during the change to SEPA compliance and for future payments to take place smoothly.

Therefore, direct debit mandates containing old bank account data must be updated to International Bank Account Numbers (IBANs). There are three ways to do this; i) you could send a form to every client you currently have a direct debit for requesting the required updated details (with no guarantee they will fill it out and hand it back in time), ii) you can ask your bank to help you in retrieving them. Finally there is also the option of bringing in a third party specialist to assist with the data collection, validation and conversion.

Either way, this update is critical and must be completed to ensure that payments are not delayed and financial penalties are avoided. A key decision is how much of this to bring in-house; how much you need the bank to handle themselves; and how much should be handled by an external third party.

Another vital SEPA requirement is that payment information must be converted to the ISO 20022 XML file format. This standard is already supported by most European banks and the majority of ERP vendors are committed to implementing this format in the near future. In a nutshell, this means that your IT department needs to convert existing data into this new format to prevent payments being refused, or being put through a conversion service that banks are likely to charge for. You need to be aware that although the file conversion process is relatively straightforward, it can be extremely time consuming. Therefore, if you have not already started the process, you may want to think about contacting a third party that can assist you.

Process & Procedure Changes
It’s important to establish a validation process to help find problems with the input data which includes a number of errors including: invalid account numbers, closed branches, transferred accounts and incorrectly formatted data. By finding inaccurate source data and rectifying it, invalid records can be returned to the customer so that good data can be clearly separated from bad allowing each to be treated independently. When deciding on whether this process can be completed in-house or with the help of a third party, it is important to understand how long the task is likely to take – for some organisations, migrating paperless direct debit data alone has taken 18 months.

Once non-valid data is identified, a process needs to be established which will seek to correct the errors, otherwise, incorrect legacy data will be inherited into SEPA compliant systems and bank errors will continue to occur, bringing continued cost to the business in failed payments. Such a process can be handled in-house, by a team who will be responsible for finding the relevant customer / supplier banking details, through either existing records within the business or if need be by contacting the company / individual direct and sourcing the correct data directly.
To make the transition a long term success, starting off with a basic understanding of the road ahead and subsequent analysis and assessment of the tasks are crucial. It would be a good idea to place ‘in-line’ live data checking post-conversion into key lines of business, to ensure long term SEPA compliance, and remove the possibilities for payments to be declined, and thus remove the associated operational, reputational, and financial pitfalls for the business.

In-line data proofing is a simple process to establish, and involves putting in place a system to re-validate payments data periodically. This will therefore, as branches close, banks merge and accounts transfer, ensure the information contained in billing and payments systems remains consistent and reliable. This enables businesses to convert on-the-fly from legacy systems whilst still maintaining the highest levels of data accuracy.

The arrival of SEPA legislation has been on the horizon for ten years now, yet many businesses across the Eurozone are still not prepared – and with time running out, the need for action is now. However, this is not to say there is not time to comply, and by following the steps above, and obtaining external help where required, businesses yet to undertake the move toward SEPA compliance can get the project underway, and avoid extensive penalties, operational issues, and reputational damage that a failure to comply could bring.

Biography for Jonathan Williams, Director of Strategic Development at Experian
Jonathan Williams, Director of Strategic Development at Experian, is responsible for innovation, working with the payments industry and strategic projects within the Identity and Fraud division of Experian. Spanning both technical and marketing disciplines, Jonathan focusses on the commercial opportunities created by market change, and how these can be turned to the advantage of Experian’s corporate customers. Jonathan joined Experian after promoting strategies for growth as European Business Development Manager for Fujitsu Telecom. Prior to this he was responsible for the product propositions which took two start-ups to IPO: Content Technologies and Virata Corporation. He has also held engineering and IT roles at British Aerospace (now BAE Systems), the University of Cambridge and Advanced Telecommunications Modules. Jonathan holds an MA in Theoretical Physics and a postgraduate qualification in Computer Science from the University of Cambridge and is the Experian representative to the Euro Banking Association (ABE) and the Payments Council. – See more at: http://www.businesscomputingworld.co.uk/sepa-compliance-dont-think-the-diet-starts-tomorrow/#sthash.TzI1Cbuv.dpuf

DON’T MISS OUT!
Subscribe To Our Newsletter
Be the first to get the latest updates and exclusive content straight to your inbox.
Submit
Give it a try, you can unsubscribe anytime.
DON’T MISS OUT!
Subscribe To Our Newsletter
Be the first to get the latest updates and exclusive content straight to your inbox.
Submit
Give it a try, you can unsubscribe anytime.
Close