Back to Resources

Open Banking and Variable Recurring Payments: The CFO Implications

Raymond Shuai 14 August 2024 6 min read Sources: Open Banking Limited Annual Report 2024 · PSR VRP Consultation CP23/3 · FCA Open Banking Roadmap 2024

Payments

Share
Executive summary. Variable Recurring Payments (VRPs) are the most significant development in UK payment infrastructure since the launch of Open Banking in 2018. For CFOs at fintech and payments businesses, VRPs represent both an opportunity (lower-cost recurring billing, faster settlement) and a modelling challenge (different failure profiles and revenue economics from card payments or Direct Debits). As of August 2024, the commercial VRP roll-out is voluntary but the PSR is actively consulting on extending the mandate beyond sweeping use cases.

Open Banking in Context

Open Banking in the UK became live in January 2018 following the Competition and Markets Authority's retail banking market investigation. The initial implementation required the nine largest UK banks (the CMA9) to build and maintain open APIs enabling third-party providers to access customer account information (Account Information Services, or AIS) and initiate payments (Payment Initiation Services, or PIS) with customer consent.

By mid-2024, Open Banking Limited reported over 11 million active users of Open Banking services in the UK, with monthly payment initiations exceeding seven million. Despite this growth, the initial PIS capability has a significant limitation for subscription and recurring billing use cases: each payment requires fresh customer authentication. This means you cannot use a standard Payment Initiation to take a recurring monthly charge; the customer must re-authenticate each time. Variable Recurring Payments are the mechanism designed to solve this problem.

What Variable Recurring Payments Are

A Variable Recurring Payment (VRP) is a new payment type where the payer's bank authorises a third party (a Payment Initiation Service Provider, or PISP) to pull variable amounts from the payer's bank account, subject to agreed parameters. Those parameters are set at the point of consent and govern the maximum amount per transaction, the maximum amount per period (for example, per month), the permitted date range, and the permitted merchant or category.

The payer's bank holds the mandate. The PISP can initiate payments within the agreed parameters without requiring re-authentication for each individual payment. However, the bank retains the ability to block a payment if it falls outside the parameters, and the payer can revoke consent at any time through their banking app. This is a fundamentally different control architecture from Direct Debits, where the merchant holds the mandate and can vary the amount without bank involvement.

VRPs vs Direct Debits: The CFO View

For CFOs evaluating VRPs as a billing mechanism, the comparison with Direct Debits is the most important analysis. The two mechanisms serve similar use cases (variable recurring billing) but differ materially in their risk profiles, cost structures and customer dynamics.

Direct Debit
Variable Recurring Payment
Mandate holder: Merchant (through the DD scheme)
Mandate holder: Payer's bank (authorised via Open Banking consent)
Settlement: Batch, typically T+3 or later. BACS clearing cycle.
Settlement: Faster Payments. Same day or next day.
Consumer protection: Direct Debit Guarantee — full indemnity for incorrect charges, no questions asked.
Consumer protection: No equivalent guarantee scheme. Disputes resolved under payment services regulations.
Failed payments: Returned via BACS, typically T+3. Re-presentment possible.
Failed payments: Declined in real time at the bank. No re-presentment without new consent.
Cost: Bacs service fees are very low. Bureau charges typically £0.20–£0.60 per transaction.
Cost: VRP API access fees vary by bank. Commercial pricing still evolving as of mid-2024.
Amount variability: Merchant can vary amount without pre-notification above £10 only (following 2019 rule change).
Amount variability: Variable within the pre-agreed consent parameters only. Bank will decline if outside parameters.

The Direct Debit Guarantee is a significant advantage of Direct Debits from the payer's perspective, and its absence in the VRP framework will be a factor in consumer adoption. From the merchant's perspective, the absence of the guarantee means that the expected chargeback exposure that exists in card payments is also absent in VRPs. However, the absence of the DD Guarantee equivalent also means that there is no equivalent commercial risk management framework; disputes are handled under the Payment Services Regulations 2017.

The PSR Mandate: Where We Are in August 2024

The Payment Systems Regulator (PSR) mandated that the CMA9 banks support VRPs for "sweeping" use cases from May 2022. Sweeping is a specific narrow use case: the automated movement of funds between a customer's own accounts (for example, moving money from a current account to a savings account when the balance exceeds a threshold). This is a low-risk, account-to-account use case that the PSR used as the initial foundation for the VRP roll-out.

The commercial VRP roll-out beyond sweeping is voluntary as of August 2024. The PSR published its consultation CP23/3 in late 2023, consulting on extending the VRP mandate to commercial use cases. The PSR is exploring a phased extension to specific sectors, including utilities, telecoms and financial services. No firm mandate date had been set for commercial VRPs as at August 2024, but the direction of regulatory travel is clearly towards expansion.

"VRPs are not yet a mainstream billing option in August 2024, but the regulatory momentum is unambiguous. Fintechs building billing infrastructure now should design for VRP compatibility, because the cost and settlement advantages will become competitively significant within the next three to five years. The banks building commercial VRP APIs today are setting the price benchmarks that will govern the market."

Revenue Model Implications for Payment Firms

For payment companies considering VRPs as a product offering, the revenue model is structurally different from card-based payment infrastructure. This has direct implications for financial modelling and investor pitch decks.

Card payments generate interchange revenue for card issuers (see the separate CrunchSpark article on interchange modelling). There is no interchange in bank transfer payments, including VRPs: money moves via Faster Payments at effectively zero marginal cost, with no interchange flowing to any issuer. The economics of VRP-based payment services therefore depend on direct API access fees charged by the banks, transaction fees charged by the PISP to the merchant, and value-added services layered on top of the payment infrastructure.

No interchange revenue
VRPs travel via Faster Payments. No card network, no issuer interchange. Different revenue model required.
Bank API fees (cost)
Banks are beginning to charge for commercial VRP API access. Fee structures vary and are still being established across the CMA9.
PISP transaction fee (revenue)
PISPs can charge merchants a fee per VRP transaction. Typically a flat fee or a small percentage, materially lower than card MSC.
Settlement speed advantage
Same-day settlement vs T+1 to T+3 for cards. For merchants with high transaction volumes, this working capital benefit has direct cash flow value.

Financial Modelling for Businesses Using VRPs for Billing

For CFOs at businesses that are considering using VRPs as a billing mechanism for their own customers, the modelling implications differ from those of payment firms providing VRP infrastructure.

The most important difference from card billing is the settlement timing. Card payments typically settle to the merchant's bank account on T+1 to T+3 depending on the acquirer. VRP payments, being Faster Payments, settle same-day in the normal case. For a high-volume, low-margin business, moving from card billing to VRP billing could improve operating cash flow by two to three days of billing volume, which on a monthly billing cycle represents a meaningful improvement in the cash conversion cycle.

The failed payment profile is different from both cards and Direct Debits. Card payments fail due to insufficient funds, expired cards or fraud triggers; the failure rate for subscriptions on card billing is typically 5 to 10% and a proportion of these are recovered through automated retry logic. VRP payments fail in real time at the bank: if the customer has insufficient funds or the payment falls outside the consent parameters, the payment is declined immediately with no delay. There is no re-presentment mechanism. This means the failed payment rate must be modelled differently: the retry logic that reduces net failure rates on card billing is not available on VRPs without new customer consent.

Modelling VRP failed payments: unlike cards where automated retries can recover 30 to 50% of initially failed payments without customer interaction, VRP failures require either (a) the customer to ensure their balance is sufficient before the payment is initiated again, or (b) a new consent to be obtained if the payment falls outside the original parameters. When building financial models comparing card billing to VRP billing, apply a higher net failed payment rate for VRPs in the base case and adjust the customer support cost accordingly.

Key Takeaways

  • VRPs are a new payment type under Open Banking where the payer's bank holds the mandate and authorises pulls within agreed parameters. They are not the same as Direct Debits, which are merchant-controlled.
  • As of August 2024, VRPs are mandated for sweeping use cases only. Commercial VRP roll-out is voluntary. The PSR is consulting on extending the mandate to commercial use cases via CP23/3.
  • The Direct Debit Guarantee has no equivalent in VRPs. Disputes are resolved under the Payment Services Regulations 2017.
  • Settlement is via Faster Payments (same-day), compared to T+3 for Direct Debits. This is a material cash flow advantage for high-volume merchants.
  • There is no interchange in VRP payments. Revenue models for VRP-based payment services rely on PISP transaction fees and API access charges, not on interchange.
  • Failed VRP payments are declined in real time with no re-presentment mechanism. Financial models comparing VRP billing to card billing should reflect a higher net failed payment rate for VRPs.

Work Together

Need this applied to
your business?

VRP economics, settlement modelling and payment rail selection are CFO-level decisions that affect unit economics and investor story. CrunchSpark helps payments fintechs build models that reflect the actual economics.

Book a Free Discovery Call →