Effective 9 October 2025, the Bank of Lithuania is introducing a mandatory anti-fraud measure that will significantly impact how euro-denominated payments are processed. All payment service providers (PSPs) operating in Lithuania – including banks, credit unions, electronic money institutions (EMIs), and payment institutions (PIs) – will be required to implement real-time IBAN name verification for both SEPA and instant euro payments.
This is part of a broader initiative to combat payment fraud and increase trust in electronic transfers across the euro area.
Key Regulatory Requirements
Under the new rules, PSPs must verify that the beneficiary name entered by the payer matches the legal name of the account holder linked to the IBAN. This verification must occur in real time through a secure electronic interface, such as internet banking or a mobile app.
The verification outcome must be clearly displayed to the payer before payment execution, and fall into one of four categories:
1. Full match – Name and IBAN match the account holder.
2. Near match – Minor discrepancy, with the correct name suggested.
3. No match – Clear mismatch between the name and IBAN.
4. Verification unavailable – Verification temporarily not possible.
Liability Framework
- Payer liability: If the payer proceeds with a transfer despite a “no match” or “near match” warning, the payer assumes liability for any resulting loss.
- PSP liability: If the PSP fails to perform the verification or performs it incorrectly, the PSP may be held liable for misdirected funds.
Anti-Phishing Safeguard
PSPs are prohibited from sending IBAN verification results or payment confirmations via email or SMS links. All such information must be displayed exclusively within secure online platforms (e.g., banking apps or web portals).
Our Recommendations
To ensure compliance and minimise risk, we recommend that all affected financial institutions take the following steps well in advance of the 9 October 2025 deadline:
1. Update Payment Interfaces
- Embed real-time IBAN name verification functionality directly into payment screens.
- Ensure the verification result is clearly shown and explained to the user.
2. Review and Update Terms & Conditions
- Modify customer agreements to reflect the new liability rules.
- Clearly communicate that payers bear the risk when transferring despite a warning.
3. Define Clear Internal Protocols
- Establish internal procedures for handling each verification outcome.
- Train customer support teams to manage client inquiries and disputes.
4. Eliminate Out-of-Band Communications
- Prohibit the use of emails or SMS containing payment or verification links.
- Reflect this policy in internal training and public communications.
5. Train All Relevant Staff
- Ensure front-line, compliance, IT, and legal teams understand the:
- Verification process and interface
- Legal implications of mismatches
- Internal and external communication policies
- Impact on fraud prevention procedures
6. Align IT and Compliance Functions
- Implement accurate, GDPR-compliant name-IBAN matching tools.
- Ensure data processing aligns with Lithuanian and EU privacy laws.
7. Conduct Comprehensive Testing
- Test all verification scenarios, including system downtime and edge cases (e.g., near matches or international name formats).
- Run internal simulations to ensure operational readiness before the effective date.
Need Help Preparing?
The new requirements significantly shift payment infrastructure and legal accountability for PSPs. Our compliance team is ready to assist:
- Regulatory compliance implementation
- Legal documentation review and updates
- Staff training programs
- IT compliance and GDPR guidance
We support financial institutions in building robust anti-fraud frameworks that align with evolving legal and regulatory obligations.
Newsletter Subscription
Get in touch