Jarosław Mazurek on IPR and IBAN-Based Recipient Verification: How Polish Banks Are Preparing for Instant Payments Regulation

We present an interview with Jarosław Mazurek, conducted during the 2026 Banking Technology Forum, which was published in the Miesięcznik Finansowy BANK (BANK Financial Monthly). The interview was conducted by Robert Lidke, Editor-in-Chief of BANK.pl. 

During the forum, we sat down with Jarosław Mazurek, CEO of eSourcing S.A., to discuss what lies ahead for Polish banks regarding the mandatory implementation of the EU’s Instant Payments Regulation (IPR). Among other things, this regulation introduces a verification mechanism that matches the recipient’s identity with their IBAN number.

“New EU regulations (IPR) concerning SEPA Instant transfers came into force last year. In Poland, two banks have already had to adapt to these rules directly due to their presence in the eurozone,” said Jarosław Mazurek. 

As he pointed out, these are PKO Bank Polski, which operates corporate branches in Germany and Slovakia, and mBank, which has a foreign branch in Slovakia.

The remaining banks in EU countries outside the eurozone must be ready to implement the IBAN-based payment recipient verification mechanism by July 2027.

“Until now, when making cross-border transfers, you could check whether the bank account you wanted to transfer money to actually existed. Now, we will know whether that specific bank account belongs to a particular company or individual,” explained Jarosław Mazurek. 

He noted that previously, if the bank account number was correct but the recipient’s name was not, the transfer would still go through without any deeper verification. 

“Now, as already implemented in the eurozone, when making this type of transfer, the person initiating it will receive feedback from the recipient’s bank within seconds. This will confirm whether the IBAN provided definitely belongs to the person or company entered in the transfer order,” he stated. 

He then explained that the responses from the recipient’s bank can have various statuses. These range from extreme cases – stating that the account does not belong to the entity entered in the transfer order – to intermediate statuses, where there might be minor typos in the surname or company name, or other minor discrepancies that fall within the margin of human error or accepted abbreviations.

“This means that as a user, before I send a transfer, I should receive a warning saying: ‘Dear user, the owner of this IBAN is not Jarek Mazurek, it is Jarosław Mazurek.’ It is then up to me whether I click ‘send’ or call my contractor, Jarek Mazurek, to verify if the account truly belongs to him,” he explained. 

He added that in the case of a “no match” status, the bank’s feedback does not disclose who the actual account holder is. It only states that the data provided by the sender does not match the records held by the recipient’s bank. This approach ensures that criminals cannot easily harvest information about bank account owners.

“This entire framework is highly significant because it will enhance security for all of us as individuals making transfers,” he emphasized. 

He noted that for banks, a crucial aspect is that in the event of fraud, they will be able to demonstrate to the client that they had warned them about data discrepancies. Ultimately, it is the client who decides whether to authorize the transfer despite the warnings, or to hold it.

He added that the regulation does not impose specific data-matching rules on banks. The legislator merely provides recommendations. Banks themselves must decide which data-matching procedures to choose in order to ensure transfer security while maintaining customer satisfaction. In other words, banks will define the level of risk they are willing to accept. 

He stated that it is possible for a bank to adopt different procedures for individuals, small businesses, and key corporate clients. The goal is to avoid lengthening transfer procedures while maintaining specified levels of security.

He also mentioned that banks have long been verifying information provided by senders through various anti-fraud processes. 

In his view, the novelty of the current EU regulation lies in the obligation for the recipient’s bank to respond to the originating bank within a few seconds—before the transaction is executed—confirming whether the details in the order are correct. If they are not, and a “close match” status occurs, the bank must indicate to what extent they are incorrect (e.g., a typo in the name). 

“In my opinion, implementing the IPR regulation is not troublesome for Polish banks. It is simply another regulatory requirement that needs to be met by a specific deadline, especially since two large banks in Poland have already adapted to the new rules. As a technology provider and partner for banks, we see that there are quite a few regulatory challenges and projects with strict deadlines. Therefore, a bank must naturally map out its implementation path well in advance,” concluded Jarosław Mazurek.

https://www.youtube.com/watch?v=JC8dAIq8wsw
https://bank.pl/polskie-banki-maja-nieco-ponad-rok-na-dostosowanie-sie-ipr/