The Challenge

    In July 2021, the Competition and Markets Authority (CMA) mandated that the leading nine retail banks, (known as the CMA9) make Variable Recurring Payment (VRP) functionality available for the purposes of Sweeping by 31st January 2022 (in line with OBIE’s v.3.1.9 API specifications).

    Enabled by Open Banking and API technology, VRP offers a faster, cheaper, and more secure alternative to Direct Debit or Card on File. It allows customers to automate regular payments for goods and services but with the power to set limits on payment amounts and the number of payments. VRPs can also be used for Sweeping - automatically moving money between a customer’s accounts - which could be used to fully automate paying off overdraft fees or transferring money into savings.

    Our client, one of the UK’s biggest retail banks and a member of the CMA9, saw the exciting potential for VRP to power innovative new products and services for the benefit of retail and commercial customers alike. VRPs are processed instantly, unlike Direct Debits, which can take days to clear, and are more secure because no card numbers are shared or stored. For businesses, VRPs are cheaper to process than Card-on-File payments and faster than Direct Debit, but also less risky because the business cannot accidentally bill customers the wrong amount or for longer than the customer wants.

    BJSS had been working with the client’s Open Banking feature team for several years across numerous API-based projects, so when the CMA announced the new regulatory requirement of VRP support, the team immediately set to work.

    The Solution

    The team first created a high-level design approach drawing upon BJSS’s expertise in the API space, then put a roadmap in place to deliver VRP functionality well in advance of the mandated implementation date.

    Achieving the convenience and efficiency of Variable Recurring Payments required a total redesign of the standard payments journey for customers. Typically, an online transaction requires a customer to consent to an organisation taking money from their account, but this consent must be given manually every time.

    For VRPs, the team found a way to store that consent so it could be reused and applied for multiple transactions of potentially variable amounts over an extended period. This required adaptive and proactive collaboration between the core project teams, as well as between numerous other functions across the client’s organisation, including the Payments, Identity Access Management and Fraud teams, each with their own complex web of dependencies that had to be managed and accounted for.

    As a result of the longstanding partnership between BJSS and the client, the team successfully navigated these challenges across the entire project lifecycle, from design to feature development and from testing to release.


    In November 2021, the CMA pushed the deadline for delivering VRP for Sweeping use cases to July 2022 following feedback from other CMA9 banks, who were finding the complexities involved in delivering VRP to be challenging.

    Regardless, due to the progress made by BJSS and the client on delivering VRP, the team stuck to its original plans and a month later, in December 2021, the client successfully initiated a Variable Recurring Payment in a live environment.

    The success and early delivery of the VRP API put the client at the forefront of innovation in digital financial products and services, pioneering new applications and compelling customer propositions that this payment method makes possible for both merchants and customers.

    It also demonstrated the team’s ability to go above and beyond regulatory requirements to deliver the digitised, API-enabled financial products and services that will be a driving force for new markets and customers in the future.

    Start Your Journey Today


    Please complete this short form and we’ll email you a link to access your content. By submitting this form you confirm that you have read the BJSS Privacy Notice.