NextGen Nordics, one of Finextra’s annual payments events, was held on 23rd April 2024 in Stockholm, Sweden, bringing together an array of experts and leaders in the Nordics payments industry.

The conference explored innovation across payments infrastructure in the Nordics and started off with an opening speech from Finextra’s head of research Gary Wright.

Wright stated that Finextra Research will continue to create a collaborative dialogue in the industry and plans to host NextGen: AI, a conference later this year which will explore the potential of the technology in financial services.

He also announced that Finextra Inc. will soon be launched in the USA to promote further coverage of the US market, with head of content Madhvi Mavadiya becoming the VP of the new company.

“What I find with North America is that they are not driven by the same amount of regulation and legislation that we deal with in Europe, but they all take the best practices that they see emerge from it and put that into the vast market that is the US and Canada. We feel that there's much more to be done by having a presence there, understanding the nuances, and being at the party when it comes to the discussions that are going on globally and regionally.”

Wright concluded by emphasising how efficiency, security, and sustainability define the Nordic payments industry and this conference offers an opportunity to learn from the past, referencing the hot topic last year, which was the downfall of P27.

Promoting innovation and harmonisation in the Nordics

Secretary general of the Nordics Payments Council (NPC), Camilla Akerman, gave the opening keynote, where she highlighted how payments infrastructure modernisation can improve efficiency and data quality, and harmonising standards across Nordic countries will promote interoperability and innovation.

She pointed to governance such as SEPA and ISO20022 that create a more comprehensive and structured information exchange for payments transactions that support interoperability.

“We are seeing something interesting happening with two central banks in Sweden and in Denmark that will start using the TIPS system, which is the TARGET Instant Payment Settlement system that is used today for simple instant payments, but will soon become mandatory for banks. In November this year, the first transaction will be sent in under one of the NPC schemes,” Akerman stated.

She continued that new payment infrastructure organisations are working to revolutionise instant payments in the Nordics, operating under the NPC rulebook and working towards a standardised Nordics payments region aligned in the same mission and values.

Looking outwards for new instant payments approaches

In the first panel of NextGen Nordics 2024, Finextra’s head of content Madhvi Mavadiya moderated the session: ‘Instant payments – how to prepare for RIX-INST on TIPS and the benefits of starting with Swish’.

Speakers on the panel included Dan Axelsson, head of payment and fraud at Swish, Antoine Cuypers, director of strategic alliances and key accounts at Intix, Martin Wilhelm Johansson, head of schemes and strategic advisory of group payments at Swedbank, and Majda Nogo, head of sales and business development in the Nordics and Baltics from Worldline.

When asked about other spaces to look for instant payments innovation, Cuypers stated that while Europe is a heavily-regulated environment, South Africa has an instant payments scheme to keep an eye on. He stated that as there is not a lot of regulatory interference in South Africa, and there is a lot of competition.

“They have introduced two schemes of PayShap, which is the South African instant payments application. There you can see the banks competing heavily. It's almost like being in a big marketplace and trying to shout the loudest. What else is interesting in that space is that they are trying to try to do what P27 tried to do, daily transactions with cross border transference. The key element there is that they have less of a burden and more of a market they can play in.”

Nogo notes a few other successful countries for instant payments within Europe are Netherlands and the UK, both of which have seen rapid growth with systems that have been implemented:

“In every country where we will see instant payments have been implemented, that has led to what actually was the intention from the beginning: increased accessibility, efficiency, but also increased innovation. For example, in the UK, you can see a lot of fintechs that are innovating in the area of account payments, providing new solutions, and products to the UK market.”

Speaking on digital transformation and legacy systems, Axelsson said there has been significant growth, but there will always be some remnant of legacy systems:

“Many companies are definitely burdened by a legacy systems, I think that many of us, including Swish or member banks have seen this. We will not be saying that we do not have legacy system, it will always be the reality, but I don’t see it as a huge problem especially in the progress we have made in recent projects.”

Cuypers mentioned that there are significant challenges in the scaling process to ensure that customers receive the services that they need, but he concludes that there is no going back from instant payments, people are used to having what they need instantly and expecting that transparency with their transactions where they can track exactly where their money is and how it is being moved and managed.

Johansson spoke on the dynamics between instant payments and batch payments in the future: “Yes, instant payment is a very potent force in the payment landscape, but I think it would be naive to believe that batch payments are simply going to surrender without firing a shot. The landscape between sort of batch payments and instant payments, it's not going to be a static one, but a dynamic one, and there will be a tug of war before we find an equilibrium.”

The current state of play of cross-border payments

Moderating the second panel of the day, Niamh Curran, senior reporter at Finextra, discussed real-time cross border payments with Patrik Havander, head of B2B Connect Europe at Visa, Christian Schwarz, director payments Europe at Finastra, Dr Hubertus von Poser, member of the management board at PPI, Colin Williams, global lead for clearing transformation at J.P. Morgan, and Jenny Winther, head of payment schemes at Svenska Handelsbanken.

According to Williams, ISO 20022 is the crux of cross-border payments, and where progress needs to be made in order to ensure standardisation and harmonisation. Yet again, the pace of change to ISO 20022 is the biggest problem. He cites that still, only about 20% of Swift cross-border traffic happens with ISO 20022 formatting. When prompted by Curran on where he sees the gaps that banks still need to fill when it comes to ISO 20022, Williams continued:

“With cross-border payments, it’s about the end-to-end processing of that payment instruction. So if we’re initiating that claim at JP Morgan, we’re end-to-end ISO. If another bank initiates it and is still in the old MT format, then we’ll translate that to ISO and pass that on. But until everyone starts to initiate and gets their channel to initiate to ISO, you’re going to struggle.”

Winther agreed, stating that especially the Nordic region is not quite there yet when it comes to the domestic systems. Yet the benefits for talking in a harmonised, standardised way are clearly there.

Adding to the discussion around barriers we’re still facing, von Poser commented: “There are two groups of barriers. One of them is in the back office or machine room. What we especially see now in the EU with the target migrations, is that banks notice that their systems have reached end-of-life cycle. And it doesn’t make sense to build the conversion on the conversion on the conversion. The other is that technology is now 24/7/365, which is a challenge when you have legacy systems. And it’s not just affecting the payment systems, it’s also affecting fraud, compliance, account system.”

Von Poser added that restricted budgets are only another challenge on top of this, and expects additional competition to complicate this scenario for banks as alternative players enter the market.

Responding to these comments, Williams challenged the panellists by contemplating the relationship between speed and security. While schemes such as the UK’s Faster Payments work well for low value customer to customer or business to business payments, yet there are fraud concerns. Yet what about high value transactions? And what defines real-time?

“Are you ever going to get an instant payment cross-border high value? Probably not,” Williams stated. “From a JP Morgan point of view, over 80% of our payments in dollars, euros and pounds get processed and cleared within 30 minutes. Is that enough real-time for most corporates and FIs? Probably. 95% of them get processed in six hours. Six hours is probably real-time enough for most corporates and treasurers.”

Shifting the topic of conversation to the B2B space, Curran then asked the panel where banks are missing out in the business to business cross-border payments space. Havander commented: “If we take a step back and look at retail payments and disruption in the banking industry, I read the McKinsey report that banks have been losing out 54% of the retail payments to digital attackers. The next stage in disruption is focusing on corporate payments. The interesting thing here is to understand how the banks are building up resilience towards the attackers and what is being done. 7 out of 10 banks are scouting for alternatives in the space. So that in itself is an interesting discussion. The other discussion that can be had is what is the existing infrastructure doing in order to speed things up. So there are a lot of things connected to the b2b payments space that needs to be addressed in in banking.”

Responding from a bank’s point of view, Winther stated that she agreed with Havander that reducing complexity is what is needed to address the challenges. She also reiterated that Williams’ earlier point on the definition of real-time is a crucial aspect in this scenario. “You need to look at what the real benefits are and what the real needs are,” she commented. “Faster payments as such might not be the sort of the things that we should be aiming for, but less complexity because that will also hinder the fraudulent transactions since you're more clear on who's the real originator and the real beneficiary. But then you also need to separate retail payments and the B2B and high value payments, which is a completely different ballgame altogether.”

Untangling Request-to-Pay

In a panel session discussing the current state of play of Request-to-Pay in the Nordics, Finextra’s head of research Gary Wright spoke with Per Nilson, business development manager at Bankgirot, Anders Olofsson, head of PaaS at Tietoevry Banking, and Paul Francis Walvik-Joynt, senior vice president of real-time payments at Mastercard.

Nilson began by stating that existing services such as direct debit or payment request as an e-invoice can already be looked at as variants of Request-to-Pay, but when it comes to the SEPA Request-to-Pay mandate, there are many things left to clarify.

“Firstly, what are the the primary use cases that you're aiming for?” Nilson outlined. “Secondly, do we have clarity on the rulebook schemes we should implement? You heard from Camila in the opening speech that we are having an NPC rulebook for Request-to-Pay. However, we have said in NPC that people align to mostly SEPA Request-to-Pay. Thirdly, there must be a will from banks who sit on the consumer side to prioritise and put resources into this.”

Walvik-Joynt agreed, stating: “The question we have to ask ourselves is what is happening with the consumers and what do they want? I’ve been doing banking for many years and the new generation is expecting that everything that they do and the way they transact, is right here, right now. Anything that is deferred or delayed is difficult for them to understand. So if you look at it from a consumer perspective, there is two camps around this that we need to be focused on, and the use cases of how this will be implemented. There’s not going to be a single owner of doing this. It’s about cooperating, forming partnerships, and doing this in such a way that the consumers will benefit from it. Is it real-time? Is it batch? Can they co-exist? Can we modernise in such a way that we can capture both ends of that stick?”

Responding to this, Olofsson commented that Request-to-Pay should be dis-aligned from payments, because it’s agnostic to any payments type. He also mentioned that banks have been focusing on how to help the consumers at the expense of corporates. “We’ve had an era of low interest rates where working capital management has been neglected in the banks. Now with the increasing interest rate, it's all changing, and that's where I see Request-to-Pay being a good instrument.”

BNPL just has a bad rep

Head of content at Finextra Madhvi Mavadiya moderated panellists Julie Chatterjee, CCO at Multitude Bank, Christian Luckow, SVP of tribe lead and payments at Danske Bank, and Stefan Stignas, head of exploratory banking and strategic partnerships at SEB, in a discussion titled: ‘BNPL – are we entering a new era of commerce at POS and with embedded finance?’.

Mavadiya opened by asking a chicken-or-the-egg question on whether Klarna’s success is due to the Swedish fintech environment, or if Swedes are more inclined to use BNPL because of Klarna, of which the majority of attendees believed the latter.

Chatterjee explained that Klarna was a cultural fit to Sweden, and the cultural environment and spending habits of the Swedish people nurtured the company, along with the fact that Klarna capitalised on digitising a common spending practice. The idea, along with Klarna emerging when e-commerce was on the rise, was a combination for success, Chatterjee explained.

Stignas stated that banks were caught by surprise with Klarna’s rise to the top, and specified that the cultural differences explains why BNPL operates differently in different countries:

“In the Nordic countries, we are born and raised regardless of the of the innovation to sort of to pay what we owe to work that is and of course that is also embedded in the legislation. In the US, it’s a totally different culture. The average American does not pay what they owe, unless they really have to. The whole country is different and we can see with Klarna right now that it is costly for them to take it further.”

Lucknow agrees with Stignas’ point on varying payment mentalities, citing Denmark as an example, where debit cards are a preferred method of payment, and so BNPL is not a common way of purchasing, therefore Klarna is not as popular among Danish consumers.

Stignas said that Klarna and embedded services will pave the way for the future, and the UK is setting the scene when it comes to fintechs, but it also has the toughest regulatory geography in Europe, and what new innovations and regulations that will emerge will impact the global fintech industry.

How will incoming regulation shape payments infrastructure?

Moderator Debi Bell Hoskings hosted an interactive panel session on new regulation on data and privacy, asking for input from the audience.

Speakers Agnija Gailane, product manager for open banking platforms at Nordea, and Piers Marais, global head of product of embedded cross-border solutions at Visa, spoke in the session titled: ‘Data privacy and Consumer Duty - how to improve open banking with API integration’.

Both panellists agreed that PSD3 would be a gamechanger, contrary to the audience, though they also noted reasons why PSD3 would not be considered such, due to its role essentially as augmenting the impact of PSD2. Marais emphasised how PSD3 will extend open banking and non-bank access across payment schemes which are important for the future. Gailane stated that PSD3 will bridge the gaps between PSD2 and Open Finance, but is a gamechanger because it will enable data to be shared between entities.

Marais noted: “With PSD3, the initial execution dates are looking to be the end of 2025, potentially 2026. We're talking about the next decade of evolution. I think certainly when we put ourselves in that historical context, and start to think about what this landscape could look like, from an open banking to an open finance, potentially even to an open data journey; perhaps it is a game changer.”

Marais said there is likely more conversation around data nowadays as younger people are more aware their ownership over their data. He detailed that the narrative has changed in the last five to 10 years and will continue to change, with a heightened focus on innovative ways to segment data.

How will regulation of future technology be implemented?

Payments experts joined together to discuss regulatory efforts to rein in risk and cyberthreats in the panel session ‘Risk and resilience - can we truly regulate the technology of the future?’ Reporter Debi Bell Hoskings moderated the session including speakers Krister Billing, market infrastructures and regulatory affairs at SEB, and Marcus Molleskov, chief risk and compliance officer at Januar.

Billing noted the regulation overflow, and Molleskov agreed that there will be a massive amount of regulation incoming in the next few years that will be difficult to sift through. When asked about the possibility of using AI models to support with compliance, Billing expressed excitement in the potential of AI, but emphasised that there are limits to its implementation in traditional banking structures due to data privacy and security concerns, that there are many complexities to migrate in the AI space. Molleskov pointed out that utilising AI models and third party providers with AI built-in could make managing data regulations more efficient.

When questioned on if regulation bolsters or hinders innovation, Molleskov stated that he believes regulation hinders innovation more so than fostering it. Billing is more on the fence, saying that is a bit of both, that regulation enables innovation more than fosters it:

“I think fostering innovation as a notion is quite provocative. It's not the regulator's role to foster innovation. Internally, if you want to be very innovative, you cannot say, that on Fridays, you're going to innovate! It's not how we do things in in banks these days. It's more about creating a good framework to facilitate the groundwork for free innovation in the industry.”

Molleskov said that everything can be regulated, but regulation should be reactive rather than proactive – and that should be the mindset with biometrics.

Billing explained how regulators also have intentions which are reflected in the regulation that is pushed out, pointing out the differences between Europe and the US:

“The US and Europe have taken different approaches, in the AI race for example, I think we've lost the race on the infrastructure side. We are left with an opportunity to innovate with what we have, but we should recognise that the regulators have different motives. Sometimes the motives are driving different objectives, which could be at odds with each other. Some of the EU-driven initiatives are trying to fend off Big Tech from the US. We've seen through the flurry of digital legislation; the DATA Act, the Digital Services Act, Market Acts, but horizontal new legislation aims partially to fend off the threat from Big Tech. That is more geopolitical and so has different financial dimensions.”

A closer look at Confirmation of Payee

Moderating her last panel of the day, Finextra’s head of content Madhvi Mavadiya discussed Confirmation of Payee (COP) with Christina Fransson, senior payment product specialist of FIS in EMEA, Greg Huguet, European regional director at iPiD, Paulina Kudlacik, Confirmation of Payee scheme manager at the Nordic Payments Council, and Richard Ross, global payment market infrastructure expert at Swift.

Touching on the global view on COP, Mavadiya asked the panel to share success stories for where Confirmation of Payee (whether by this name or another) has been implemented successfully.

Ross started out by talking about the UK. “The UK is a prime example of this. Launched in 2020, they’ve had about 100 organisations sign up for the service. They’ve now recently reached a milestone in regards to COP calls that hit 2 billion overall, and are averaging about 1.9 million COP calls per day. Now a new PSR regime is about to be launched, which is going to change the dynamics and they are expecting the number of organisations subscribed to the service grow as a result.”

Huguet added the Netherlands as another example. “It has been in place for quite some time already, and the benefits for the community have been tremendous in terms of fraud prevention but also in building the trust of the consumers into the local payment rails, and that’s pretty critical. To give you some figures which come from the Netherlands, implementation of the solution there caused a reduction of fraud by 81% and a drop of misdirected payments by 67%. And there are a number of jurisdictions who have implemented similar Confirmation of Payee systems: Australia, India, Pakistan, China, Vietnam, and Brazil. So they exist, and they have demonstrated the value for the ecosystem and for the domestic rails.”

The crux of these COP schemes, however, comes when we move from a domestic lens to a cross-border lens. Ross rightly pointed out that it needs to be considered how scalable domestic solutions are, and how to take a domestic infrastructure and lift it up into a global context that will allow for different jurisdictional rules and requirements. Interoperability has to be a key design principle - not an afterthought.

Commenting on how to achieve this, Fransson said: “The important thing for this to work is that we all have to collaborate - both globally and within regions. It’s important to have standardised APIs and standardised name checks as well.”

Fransson went on to describe that there are two aspects that are holding banks back. The first being legacy solutions. If a bank has an outdated system that doesn’t support APIs, any form of COP would fail because checks would have to be performed manually. Secondly, outdated file-based systems pose another problem, which leads to another point: Should all payments be instant? Or is faster enough? Batch payments are not compatible with COP, so in reality, COP is a scheme that’s designed for instant payments.

Lastly, Fransson emphasised the need for algorithms that take into account close matches. Both too many false negatives and false positives can cause disaster for a financial institution and put a whole scheme in jeopardy. If a COP scheme is to work, the finesse is needed to build a solid algorithm for name matching.

The conversation then shifted toward fraud and COP’s role in fraud prevention. Kudlacik emphasised that, while COP and similar schemes are useful in cases where fraudsters are impersonating legitimate persons, social engineering fraud makes it difficult for COP to prevent fraud. Huguet agreed that COP is no silver bullet, but it’s a critical line of defence. Once an instant payment system has been set up, it has to be followed by a COP scheme, which allows financial institutions to be covered for liability.

Can behavioural biometrics fix fraud?

Moderating her second panel of the day - Fraud prevention and AML: the need for behavioural biometrics in this instant age - Finextra’s senior reporter Niamh Curran spoke to Megan Heald, senior project manager at NICE Actimize, John Sam-Kubam, senior vice president at Crown Agents Bank, Beju Shah, head of Nordic centre at the Bank of International Settlements, and Robert Woods, director international market planning and financial services SME at LexisNexis® Risk Solutions.

Outlining first the challenges FIs and banks face in the current fraud environment, Sam-Kubam highlighted that faster payments has not necessarily increased the risk of fraud itself. Rather, it has made the recovery of the funds harder. While modern authentication methods are increasingly capable of detecting and mitigating fraud, the real challenge lies in social engineering.

“Banks historically took the view that that’s a problem for the individual, right?” Sam-Kubam commented. “If you've been somehow coerced into making payments, it's your problem. Regulators take a different view. The view is that if you provide banking services, you have a duty of care to the people who are using your services. The areas of risk today for most banks and fintechs is where individuals who are authorised to make payments and are properly authenticated have been compromised. And it's very difficult to detect that.”

Woods agreed, stating: “If you operate in a Faster Payments environment, you need to have strategies and tools to look at the mules and how you can manage the scammers. The UK is the scam capital of the world. There is loads of controls coming in: confirmation of payee, contingent reimbursement model, SCA - all it's done is push fraud into scams.”

When asked about which technologies can tackle this problem, Shah commented there are many options - AI, ML, privacy technologies - but the key might lie in collaboration models. He talked about the Bank of Settlement’s Project Aurora, which explored new ways of combating money laundering taking a data driven approach. Within the project, they tested a combination of different AI and privacy technologies together, and then simulated it in a siloed, national and globally collaborative environment. “We were able to show that we could detect three times more money laundering activities, but also reduce false positives by 80%, using these technologies, and there was a vast difference between a siloed approach and a collaborative approach.”

Opinions diverged on the effectiveness of industry collaboration. While the idea is hailed, in practice banks and FIs are sanctioned as individuals - meaning that when it comes to managing financial risk, companies are more inclined to think about what they have to do as a business, not as an industry.

This is where the conversation switched to biometrics. While the panellists agreed that behavioural biometrics are a force of good, there are lots of things that need to be considered.

“Rather than all it behavioural biometrics, I’d rather call it behavioural analytics of behavioural intelligence,” Woods stated. “Because it's how you interact with your device, whether it be a laptop or a mobile, it's behaviour that's unique to you, but it's not like a fingerprint or a face. It's unique as to how you are engaging with that interface.”

And this information is crucial to security vendors. Heald gave examples how biometric intelligence can help improve confidence in risk scoring: “It’s a force for good, and especially if we're talking about changes in behaviour. Usually, you open your phone with a few confident clicks and your task is done. But if you're being coached, if someone is on the phone telling you you need to make this payment, you're slower. And if that can be picked up by behavioural analytics, that helps us, which helps our customers.”

Heald additionally gave an example of call centre agents recognising fraudsters voices, yet as Shah rightly pointed out, even voice detection is becoming increasingly difficult in this day and age where voices can be easily spoofed. Pattern detection is being changed by AI, where even the largest deepfake databases are struggling to keep up.

Where will AI lead us?

In the last panel of NextGen Nordics 2024 in Stockholm, ‘The future of AI - crystallising the potential of this technology’ speakers explored how AI and new trends in tech are impacting the payments industry.

Panellists Malin Lignell, technology and innovation strategy at Handelsbanken, and Jonas Palm, head of Nordic product management and cash management at BNP Paribas, engaged in a conversation on the subject, moderated by Finextra’s head of research, Gary Wright.

Lignell stated that the complexity of AI is exciting, and how once it works and becomes embedded into a system, it is no longer AI, it is just there. She pointed out that AI solutions are about the science behind and formation of the solutions.

“AI has become a lot more accessible, it is surrounding us in a way in which sometimes we don’t even realise that it is AI. Because it is so accessible that requires us to find new ways to regulate that technology and manage how data can be kept safe and managed securely,” said Lignell.

Lignell furthered that the accessibility of AI makes it challenging to foresee the consequences of AI integration into day-to-day technology, and requires regulation to step up and ensure the responsible use of data.

Emphasising the role of human interference in AI processes, Lignell continued that they are careful not to lose the human touch when augmenting AI, but advancing further what humans can do and broadening capabilities.

Touching on AI potential to appeal to customer needs at a higher level, Palm explained that AI is used at BNP Paribas in chatbots, monitoring and identifying fraudulent payments, which impacts user experience. He detailed that AI has the power to simplify retail and corporate spaces, which streamlines customer experience.

As the conference came to a close, Lignell highlighted how customers expect good services and a high level of trust, and maintaining that trust as AI becomes more pervasive is critical.