Finnish Financial Supervisory Authority finds gaps in banks’ instant payment customer communication and urges stronger fraud controls

The Finnish Financial Supervisory Authority published a thematic review of retail instant credit transfer services, finding that banks’ instant payments in Finland are largely functioning well and that execution within the 10-second deadline is overall at a good level, but that customer communication and some security practices do not fully meet regulatory requirements. It recommends stronger measures on security limits, payee verification and fraud monitoring to reduce incorrect payments and fraud. The review covered nine banks and found instant credit transfer services available in almost all euro-denominated payment accounts and in key channels such as online and mobile banking. Shortcomings were most evident in how banks present payee verification results when the payee’s name and account number do not match, with the authority stating customers should always receive a clear warning that proceeding may send funds to the wrong recipient. It also urged banks to communicate more actively about security limits, offer equally comprehensive limit options for instant and standard credit transfers, and require new customers to set their own limits. Most banks already use behavioural analysis and can automatically block suspicious payments, but the authority called for further development of risk-based automatic payment blocking and real-time blocking of customer credentials in critical situations, including when an identification application is activated on a new device. The review also surveyed sanctions screening procedures linked to the Instant Payments Regulation, and the authority said it will monitor remediation of the shortcomings identified.