Variable Recurring Payments: The 2026 Definitive Guide to Open Banking’s Future

Digital businesses depend on recurring payments, but today's payment infrastructure often fails to meet the demands of modern usage. Direct Debit can be slower to set up and less transparent in some customer experiences

Variable Recurring Payments (VRP) let customers automate bank-to-bank transfers with their consent. Open banking enables payments to vary in amount or timing within set limits, helping businesses align billing with real-world usage.

Open banking now accelerates the shift from simple account sweeping to commercial VRP adoption. This shift compels fintech and regulated industries to adapt to a foundational change, not just an incremental upgrade.

Key Takeaways

• Variable Recurring Payments enable flexible, rule-based recurring billing directly from bank accounts.
• VRPs are defined by explicit user consent, enforceable limits, and ongoing transparency.
• Direct Debit remains strong for stable billing, but VRPs excel where amounts or timing vary.
• Sweeping VRPs are established; commercial VRPs are the next major open banking shift.
• Implementing VRPs requires resilient bank APIs and SCA flows.
• Global growth shows VRPs moving from niche to mainstream.

What Is a Variable Recurring Payment (VRP)?

At its core, this question can be answered simply, but its implications are far-reaching.

A variable recurring payment is a payment model where a customer grants a regulated provider explicit consent to initiate recurring payments directly from their bank account, within clearly defined parameters. These parameters typically include maximum amounts, frequency caps, and an overall duration. As long as each payment stays within those agreed boundaries, it can be triggered without requiring repeated customer authentication.

What makes VRPs distinct is not just automation, but controlled flexibility. Unlike traditional recurring billing, neither the payment amount nor the exact timing needs to be fixed in advance. This makes the model particularly well-suited to scenarios where costs fluctuate or obligations evolve over time.

Common examples include:

• Utility bills that change month to month based on consumption
• Usage-based subscriptions where charges reflect actual activity
• Wallet or account top-ups triggered when balances drop below a threshold
• Credit repayments where amounts adjust based on interest, balance, or repayment strategy

As noted by Robert Hayes, our Senior FinTech Architect:

“VRPs are best understood as programmable recurring payments: the user sets guardrails once, including amount caps, frequency, and duration, and every future payment must stay inside those boundaries.”

This programmability is what differentiates VRPs from older payment instruments. Consent is explicit, revocable, and enforceable at the infrastructure level, while payment execution happens in near real time, directly from bank accounts.

How Variable Recurring Payments Work in Practice

Understanding VRPs means shifting from single transactions to an ongoing, consent-driven relationship. Unlike other payment methods, VRPs rely on clear, persistent user rules. Payments only occur if they remain within user-defined constraints.

This structure makes VRPs especially well-suited to modern digital products, where billing must respond to real usage, changing balances, or conditional triggers. The flow below outlines how a VRP is established, operated, and controlled with user agency and regulatory compliance embedded at every stage.

Step-by-step VRP user flow

Step 1. User selects a provider and connects their bank

The journey begins when a user chooses a service that supports Variable Recurring Payments. Behind the scenes, this service works with a licensed Payment Initiation Service Provider (PISP), which acts as the technical and regulatory intermediary between the business and the user’s bank.

The user is redirected to their bank’s secure environment to connect their account. At no point are credentials shared with the merchant or the PISP. This direct bank connection is a core open banking principle and eliminates many of the risks associated with stored card details or mandate-based systems.

Step 2. User defines limits and authorises the arrangement

Before payments, the user sets enforceable contractual VRP boundaries, not optional ones.

Typical parameters include:

• A maximum amount per individual payment
• A frequency limit (for example, daily, weekly, or monthly)
• An overall cap across the lifetime of the consent
• A defined duration after which the consent expires

Once these limits are set, the user completes Strong Customer Authentication (SCA) only once during setup, not for every payment. This provides durable authorisation that balances convenience, security, and regulatory rigor.

Step 3. Provider initiates payments within the agreed-upon rules

After authorisation, the provider can initiate payments within pre-approved limits. No additional user action is needed unless the provider tries to exceed these limits.

VRPs differ from traditional billing. The system blocks any payment that breaks constraints, rejecting violations in real time.

Step 4. User retains visibility and control at all times

Transparency is built into the model. Users can view active VRP consents through their bank or provider interface, track historical payments, and understand exactly which permissions are in place.

Users can modify or revoke consent at any time, with immediate effect and without merchant action. This reversibility is key to VRP safety and to the regulator's trust.

Step 5. Limits and controls are foundational, not optional

In VRP architectures, limits and controls are not “nice-to-have” enhancements layered on top of payments. They are the payments.

Every VRP is based on its constraints. Without these, it becomes less transparent than Direct Debit or card-on-file billing. Proper designs treat consent rules as foundational to data models, orchestration, and user experience.

A note on VRP implementations

VRP standards support sweeping and non-sweeping cases, but implementation varies. Availability and limits vary by bank and provider agreements.

For businesses, this means that designing for VRPs is as much an architectural exercise as it is a product decision. Systems must be flexible enough to accommodate evolving standards, bank-specific nuances, and regulatory interpretation, especially as commercial VRPs continue to mature across markets.

Variable Recurring Payments vs Direct Debit: A Structural Comparison

As VRPs gain traction, comparisons with Direct Debit are inevitable and necessary. Direct Debit has been the backbone of recurring billing for decades, while VRPs represent a newer, open banking–native approach designed for dynamic, data-driven payment models. The difference is not about old versus new, but about fit for purpose.

To make effective decisions, businesses must understand when each payment model excels and when it falls short. This clarity is key when weighing Variable Recurring Payments against Direct Debit in modern billing, subscriptions, and financial automation.

Where Direct Debit remains strong

Direct Debit is a mature, reliable payment method. Its longevity has produced strong scheme rules, predictable settlement cycles, and operational familiarity for finance teams.

It performs particularly well in scenarios where:

• Billing patterns are stable and predictable.
• Broad customer coverage is required across regions and banks.
• Established operational playbooks, tooling, and compliance processes outweigh flexibility needs.

Utilities, insurance, and traditional subscription businesses rely on Direct Debit because it is well understood, widely accepted, and operationally efficient at scale.

Where VRPs can be meaningfully better

Variable Recurring Payments are not designed to replace Direct Debit wholesale. They shine in different conditions, especially where billing logic is dynamic, and customer trust depends on visibility and control.

Customer control by design

VRPs rely on explicit consent. Customers set caps, frequency limits, and duration upfront, and each payment must meet these. This gives clearer expectations than many traditional setups, which often favor merchant flexibility.

Native support for variability

Variable amounts and flexible timing are not edge cases in VRPs but the core use case. Whether billing responds to consumption, balances, thresholds, or conditional triggers, VRPs accommodate change without breaking the consent model.

Transparency and trust

The consent structure itself becomes a communication tool. Users can see what has been authorised, what is allowed to happen, and what has already occurred. This visibility reduces surprises and reframes recurring payments as a controlled, automated process rather than an opaque pull mechanism.

As Robert Hayes succinctly puts it:

“Direct Debit is a proven workhorse for recurring billing, but VRPs are designed for modern, variable payment relationships where customers expect visible controls, faster experiences, and simpler consent management.”

The table summarizes practical differences between Variable Recurring Payments and Direct Debit, focusing on structure, control, and operational impacts. 

Dimension	Variable Recurring Payments (VRP)	Direct Debit
What it is	A customer authorises recurring bank payments within explicit rules (amount caps, frequency, total limit, duration). Amount and timing can vary inside those boundaries.	A payer authorises a merchant to pull funds on an agreed schedule, often with variable amounts allowed under scheme rules.
Best-fit use cases	Usage-based billing, dynamic subscriptions, smart top-ups, balance-driven repayments, sweeping, rule-based automation.	Established recurring billing (utilities, insurance, memberships) requiring broad reach and mature operations.
Setup and onboarding UX	Bank-based authorisation flow with strong authentication at setup; consent parameters can be clearly shown in-product.	Mandate capture via paper, online form, or in-app flow; familiar pattern for many customers and billers.
Customer controls	Built-in guardrails (per-payment caps, period limits, expiry). Easier to explain and visualise “what can happen.”	Controls exist via mandates and scheme rules but often feel less granular in user-facing experiences.
Variable amount support	Core capability, bounded by explicit consent rules.	Commonly supported, but protections and notice requirements depend on scheme and merchant practice.
Payment timing and frequency	Flexible initiation (on event, threshold, or bill generation) within consent constraints.	Typically scheduled pulls (weekly, monthly, ad hoc) with predictable billing cycles.
Settlement expectations	Account-to-account initiation; speed and finality depend on rail and market (can be near-real-time).	Established clearing cycles; timing varies by country but is well understood operationally.
Failure handling and retries	Requires explicit design for retries, user messaging, and bank responses (limits exceeded, revoked consent).	Mature retry logic and failure handling supported by schemes and billing platforms.
Disputes and chargebacks	Depends on VRP framework and provider; requires clear audit trails around consent and execution.	Well-defined dispute and indemnity processes, familiar to operations teams.
Merchant adoption and coverage	Depends on ecosystem maturity, bank support, and commercial availability; coverage can be uneven.	Very broad acceptance in many markets; default choice for recurring billing.
Implementation effort	Requires open banking integration, consent management, and monitoring; more upfront product and engineering work.	Often plug-and-play via banks or billing providers with established mandate flows.
Cost profile	Provider- and market-dependent; may reduce card-like fees but increases integration responsibility.	Known, commoditised cost models; operational costs often tied to disputes and admin.
Reconciliation and reporting	Enables rich, consent-level metadata, if designed intentionally.	Mature reconciliation standards supported by ERP and billing tools.
Customer experience outcomes	Strong where transparency, control, and “set rules once” automation matter.	Strong where predictability and familiarity are the priority
Key drawbacks	Ecosystem immaturity, regional gaps, more responsibility for edge cases.	Less granular control, slower innovation, legacy feel for usage-based models.
Rule of thumb	Choose VRPs when variability + control are core to the value proposition.	Choose Direct Debit when coverage and operational maturity outweigh flexibility needs.

Sweeping vs Commercial VRPs: How the Model Is Expanding

Not all Variable Recurring Payments are created equal. Today’s VRP landscape is best understood as a spectrum with two distinct but connected models: sweeping and commercial VRPs. The first has already proven its technical viability and regulatory acceptance. The second represents the next phase: extending the same rule-based, consent-driven mechanics to real-world merchant payments at scale.

Understanding this distinction is essential because it explains both where VRPs are firmly established today and why they are increasingly viewed as the future of recurring payments.

Sweeping VRPs: the established foundation

Sweeping is the most mature and widely implemented form of VRP. In simple terms, it allows users to move money automatically between accounts they control, for example, transferring excess funds from a current account into savings, or regularly paying down a credit balance.

In the UK, sweeping VRPs were not optional innovation experiments. They were mandated by the Competition and Markets Authority (CMA) as part of the open banking roadmap. Major banks were required to support this capability, which ensured consistency, regulatory alignment, and real-world deployment rather than theoretical standards.

This mandate achieved two critical outcomes:

• It validated VRPs as a secure, consent-driven payment mechanism.
• It allowed banks and providers to operationalise consent models, limits, and monitoring in production environments.

As a result, sweeping VRPs are now a proven tool for personal financial automation, reliable, well-governed, and understood by both regulators and institutions.

Commercial VRPs: where the market is heading

Commercial Variable Recurring Payments use the same mechanics beyond “me-to-me” transfers. Instead of moving money between a user’s own accounts, funds flow to third parties, including merchants, billers, lenders, or service providers, while still respecting customer-defined rules.

This shift dramatically expands the relevance of VRPs. It enables recurring payments where amounts fluctuate, timing is event-driven, and transparency is non-negotiable without reverting to cards or traditional Direct Debit structures.

Regulators shape the rollout of commercial VRPs, recognizing both their potential and complexity. Unlike sweeping, these payments involve consumer protection, merchant liability, dispute handling, and commercial incentives. Implementation frameworks vary by market and require collaboration among banks, providers, and regulators.

What is clear, however, is the direction of travel. The industry is aligning around commercial VRPs as the logical next step for open banking payments, not as a niche alternative, but as a modern counterpart to legacy recurring billing.

In 2026, Variable Recurring Payments are expected to evolve from personal automation to mainstream commerce, becoming a credible, bank-based alternative to the decades-old Direct Debit model.

High-Impact Use Cases for Commercial VRPs

Commercial VRPs aren't a one-size-fits-all replacement for existing payments. They provide the most benefit where billing is variable, trust is crucial, and automation follows clear rules. Here are use cases where VRPs already fit best.

Utilities and telecom billing

Utility and telecom bills fluctuate month to month based on usage. VRPs allow providers to initiate payments when a bill is generated, while respecting customer-set caps and consent rules.

Outcome

Fewer failed payments, clearer customer expectations, and reduced disputes around “unexpected” charges.

Expert advice

Use VRPs where bill volatility causes friction. Make limits visible in-app to reinforce trust and reduce support volume.

Usage-based and tiered subscriptions

Subscriptions tied to consumption, thresholds, or tiers rarely fit clean monthly amounts. VRPs accommodate this variability without renegotiating consent each cycle.

Outcome

Billing better aligns with value delivered, improving retention and reducing churn driven by billing surprises.

Expert advice

Pair VRPs with real-time usage visibility. The combination of transparency and control is what unlocks adoption.

Lending and flexible repayments

Loan repayments often change as balances shift, interest accrues, or customers make ad hoc payments. VRPs support dynamic repayment logic inside agreed boundaries.

Outcome

Faster balance reduction, fewer missed payments, and a more collaborative repayment experience.

Expert advice

Position VRPs as “assistive automation,” not forced repayment. Customer-set rules are key to regulatory comfort.

Savings and personal cash management

Beyond simple sweeping, VRPs can support conditional savings, moving funds when thresholds are met, or when expenses settle.

Outcome

Higher savings consistency without requiring constant user action.

Expert advice

Keep rules simple. Overly complex logic undermines trust and engagement.

B2B treasury and controlled supplier payments

Businesses can use VRPs to automate supplier payments within pre-approved limits, reducing manual intervention while retaining oversight.

Outcome

Improved cash flow control, fewer processing delays, and cleaner audit trails.

Expert advice

Select a reliable software integration partner, as in this case, integration is key. The VRP needs to talk directly to the ERP/Accounting software (like Xero or NetSuite). When the invoice is approved in the accounting tool, the VRP should trigger automatically within the pre-set limits.

Smart top-ups for wallets and prepaid accounts

VRPs automatically top up balances when they drop below a threshold without fixed schedules or repeated authorisations.

Outcome

Seamless continuity of service and fewer declined transactions.

Expert advice

Expose balance triggers and caps clearly. Users should always understand when and why a top-up happens.

VRP Implementation: Practical Challenges You Cannot Ignore

Many fintech explainers describe Variable Recurring Payments as a frictionless upgrade to everything that came before. That narrative is appealing and operationally unrealistic. In practice, implementing VRPs today means working within an ecosystem that remains uneven, fragmented, and evolving. Teams that underestimate this complexity often discover it only after launch, when user complaints, failed connections, and reconciliation issues start to accumulate.

A successful VRP implementation is less about “switching on a new payment type” and more about engineering resilience across bank APIs, consent flows, and operational safeguards. To understand the practical challenges teams face, let's break down the major areas where complexity arises.

Bank coverage gaps

Despite regulatory momentum, VRP support is far from universal.

The challenge

In the UK, sweeping VRPs are mandatory for the CMA9 banks. Commercial VRPs are not. Outside those institutions, and especially beyond the UK, coverage varies widely. Some banks expose partial implementations, others lag behind entirely, and API behaviour is not always consistent.

The impact

When a user connects to a bank lacking VRP support, the experience often fails silently or with opaque errors. This leaves users feeling the product is broken, sharply dropping conversion and eroding trust before delivering value.

How mature teams respond

VRP must be treated as a conditional capability. If consent creation fails or a bank does not support commercial VRPs, the system should immediately present a fallback, such as Direct Debit or a one-off Open Banking payment, without forcing the user to restart the journey. Products that do not plan for this lose users at the exact moment intent is highest.

SCA friction and consent creation

The promise of VRPs is “set it once, automate forever.” The reality is that the initial setup can be the most fragile moment in the entire flow.

The challenge

Strong Customer Authentication is required during VRP consent creation and often involves redirects to bank apps or embedded browser flows of varying quality. Issues like deep link failures, slow responses, or confusing instructions increase the risk of user drop-off.

Some banks also enforce periodic re-authentication, for example, every 90 days, which can undermine the expectation of truly hands-off recurring payments.

The impact

Users abandon confusing flows. If VRP's value isn't clear, friction seems pointless. Poorly explained re-authentication breeds distrust.

How mature teams respond

The UI must do more than comply; it must educate. Users should clearly understand that authentication is a one-time action that enables long-term automation. Progress indicators, explicit messaging about biometric use, and reassurance about what will (and will not) happen later are essential. Where re-authentication is required, it should be framed as a safety feature, not a failure.

Idempotency and duplicate prevention

In account-to-account payments, mistakes are expensive.

The challenge

Unlike card payments, there is no universal “cancel” or chargeback safety net in VRP flows. If an API request times out or a response is delayed, systems may retry, and without safeguards, that retry can result in duplicate debits.

The impact

Double-charging rapidly destroys confidence. In VRP setups, refunds handled as a separate merchant-initiated outbound payment increase both operational overhead and reputational risk.

How mature teams respond

Idempotency must be enforced rigorously at the API level. Every payment initiation request should carry a unique identifier, allowing banks or providers to ignore duplicate attempts within a defined window. This is not an optimisation; it is a prerequisite for operating VRPs responsibly.

Building a resilient VRP flow is not just about payment logic. It requires fluency across the entire open banking stack, understanding PISP and AISP roles, handling bank-specific API quirks, designing around SCA redirects, and anticipating failure modes before users encounter them. Teams that treat VRP as “just another payment method” inevitably learn these lessons the hard way.

What to Watch Next: Where VRPs Are Actually Going

Although the UK built the VRP blueprint, global adoption will shape the next phase. Regions use varied regulatory and infrastructure paths for consent-based recurring payments. These differences will affect how soon VRPs shift from specialist solutions to mainstream rails.

United Kingdom: from enablement to protection

The UK remains the reference market for VRPs. Sweeping (automatic payment movement between accounts with customer consent) is established, and commercial VRPs are progressing through coordinated regulator- and industry-delivered plans.

The Financial Conduct Authority moved from testing technical feasibility to boosting consumer protections. Its latest open banking updates set a clear goal: for commercial VRPs to compete at scale, they must offer fraud protection on par with card payments.

This emphasis matters. Once consumer protection parity is achieved, VRPs stop being an experimental alternative and become a credible challenger to card schemes for online payments.

European Union: PSD3 and SEPA dynamic recurring payments

In the EU, open banking (the practice of giving third-party providers access to financial data with customer consent) remains largely framed by PSD2, but change is underway.

PSD3 proposals aim to reduce fragmentation and improve open banking conditions, but timelines vary. In Europe, Dynamic Recurring Payments (DRP) are emerging through the EPC’s SPAA work as a VRP-like model for A2A payments.

SEPA DRP, unlike the UK’s single-market rollout, is meant for cross-border use. This adds complexity but brings scale. For Europe-wide businesses, this framework is more important than UK-only projects.

Brazil: Pix Automático as the global benchmark

Brazil demonstrates the most assertive and impactful approach to rolling out account-to-account payments globally.

Pix dominates instant payments and is expanding into recurring use with Pix Automático. This protocol enables consent-based recurring debits without repeated user action. It is similar to VRPs but implemented nationwide by the Central Bank.

Brazil stands out for strong governance. Implementation is not optional or fragmented. Clear direction drives fast adoption. Brazil may soon be the largest market for VRP-like payments and a benchmark for aligning incentives at scale.

The UK set the model. Europe adapts it for cross-border needs. Brazil is scaling it nationally. In 2026, VRPs’ future depends not on standards alone, but on how well ecosystems turn consent-based payments into daily commerce.

Conclusion

Variable Recurring Payments are not simply another payment innovation layered onto existing systems. They represent a structural correction to decades-old recurring billing models. These models were never designed for variable pricing, real-time expectations, or user-driven control. As products, services, and financial relationships become more dynamic, payment infrastructure must evolve to reflect that reality.

By combining explicit consent, programmable limits, and account-to-account execution, VRPs align payment logic with how modern businesses actually operate. They reduce reliance on fragile card credentials and improve transparency over Direct Debit–style mandates. They also create space for automation that is both flexible and trustworthy. That said, VRPs are not a universal replacement. Their value emerges where variability, visibility, and control are essential. They are most useful where teams are prepared to handle open banking’s operational realities.

Looking ahead to 2026, the trajectory is clear. Sweeping proved the model. Commercial VRPs are extending it into real commerce. Markets like those in the UK, the EU, and Brazil are taking different paths, but all are converging on the same principle. Recurring payments should be rule-based, consent-driven, and adaptable by design. For businesses building billing, lending, or financial automation today, VRPs are no longer an experiment to watch. They have the capability to plan deliberately.