The definitive guide to the SEPA mandate for businesses
2026-01-29
The definitive guide to the SEPA mandate for businesses
Think of it this way: a SEPA mandate is, in short, the signed authorisation a client gives you to collect directly from their bank account. It is the essential legal document for any company that wants to use direct debit as a payment method within the Single Euro Payments Area.
What a SEPA mandate is and why it is vital for your business
Imagine you offer a subscription service. Without a formal agreement, each monthly collection would be like flipping a coin. The SEPA mandate removes that uncertainty, acting as a clear, binding contract that formalises your client’s (the debtor’s) permission for you (the creditor) to initiate collections.
But do not be mistaken: this is not a mere administrative formality. It is a fundamental pillar of your business’s financial security. On one hand, it protects the client, who knows exactly who can access their account and under what conditions. On the other, it gives you a solid legal basis for your collections.
The legal backing for your recurring collections
The arrival of SEPA regulation (Single Euro Payments Area) was a before and after. It unified electronic payments in euros, making a transfer from Madrid to Berlin as simple as one from Madrid to Barcelona. To learn more, you can check which countries are in the SEPA zone and how it affects you.
With this standardisation came the mandatory requirement for the mandate to legitimise direct debits. Before, processes were chaotic, varied from country to country and security was lacking. Now, the mandate is the irrefutable proof that your client has given you their explicit consent.
A well-managed SEPA mandate is much more than a legal obligation. It is a real shield for your company’s cash flow. It turns a simple collection order into a secure, predictable and fully defensible transaction if any problem arises.
The importance of this document becomes even clearer when you think about what happens if you do not have it. Since February 2016, issuing a direct debit without a signed, valid mandate exposes you to huge risk. The account holder can return that direct debit for up to 13 months, and the worst part is they do not need to give any justification.
This very long return period can create a significant hole in your finances, especially if you handle many direct debits. Imagine providing a service and not being paid for it more than a year later. The impact on your cash flow can be devastating.
Why you cannot ignore mandate management
Managing SEPA mandates impeccably is not just about complying with the law; it is a sign that your business operates in a solid, reliable way. Having an organised system for creating them, obtaining signatures and storing them securely brings you direct benefits:
- Fewer returns: A client who has signed a clear mandate knows where the charge comes from and is much less likely to return it for not recognising it.
- Legal security: If there is a dispute, the mandate is your best defence. It is the proof that you had permission to collect.
- Financial predictability: It guarantees a much more stable and predictable flow of income, which is key for planning and growth.
- Professionalism and trust: An orderly onboarding process that includes signing the mandate from the start conveys seriousness and builds trust with your clients.
To make everything clearer, we have summarised the key points in this table:
Key SEPA mandate concepts
| Concept | Description | Importance for your company |
|---|---|---|
| Debtor authorisation | The explicit, signed permission from the client for you to collect from their account. | Without this, any collection is vulnerable to being returned for 13 months. |
| Unique Reference (UMR) | A unique code that identifies each mandate. Like the ID of the collection agreement. | Essential for identifying and tracking each payment authorisation unequivocally. |
| Creditor and debtor | You are the creditor (who collects) and your client is the debtor (who pays). | Clearly defines the roles and responsibilities of each party in the transaction. |
| Legal basis | The mandate is the contract that legitimises the direct debit under SEPA regulation. | Protects you legally in disputes and lets you operate with legal security. |
In short, taking mandate management seriously is not an option but a necessity to protect your business’s financial health and reputation in the SEPA zone.
Mandatory fields for a valid SEPA mandate
Think of a SEPA mandate as the foundations of a building. If a key piece fails, the whole structure wobbles. In the world of collections, a simple error or the omission of a field can invalidate the mandate completely, leaving you without the legal coverage you need to process your direct debits.
To avoid this, it is essential that you see each field not as just another formality but as a piece of the puzzle that gives validity and meaning to the document. Leaving one blank or filling it in wrongly is like leaving the door open to future returns and a lot of administrative hassle.
The Unique Mandate Reference (UMR)
Think of the Unique Mandate Reference (UMR) as the ID of that collection authorisation. It is an alphanumeric code of up to 35 characters that you, as the company, assign to identify each mandate beyond doubt. The golden rule is that there cannot be two active mandates with the same UMR.
A fairly common mistake is to confuse the UMR with the invoice number or the client number. They are unrelated. The UMR identifies the payment agreement itself, not a specific transaction. For example, a well-built UMR could be CLIENT123-SERV2024.
Creditor and debtor identification data
Here clarity is paramount. Both you and your client must be clearly identified so there is no ambiguity about who authorises the collection and who receives it.
Creditor information (your company): * Full name or legal name: The legal name of your business as it appears in official records. * SEPA Creditor Identifier: This is your “badge” as a direct debit originator—a unique code provided by your bank. To go deeper, we explain everything in our guide on what the SEPA creditor identifier is. * Full address: The registered address of your company.
Debtor information (your client): * Full name or legal name: The exact name of the bank account holder. * Tax identification number (VAT/TIN): Adds an extra layer of security to identify the debtor without margin for error. * Full address: The client’s address.
Banking details and payment type
We come to the crucial part: the bank account from which charges will be made. A mistake here, however small, will cause any collection attempt to be rejected immediately.
If there is one critical field in the mandate beyond the names, it is undoubtedly the IBAN. A single wrong digit in this code is enough for the bank to return the direct debit, which means costs and delays nobody wants.
The mandate must include: * IBAN: The client’s full International Bank Account Number. This is what allows the system to locate the exact account to charge. * BIC (or SWIFT): Although for operations within Spain it is no longer strictly necessary if you have the IBAN, including it is still good practice, especially if you have clients in other SEPA countries.
It is also vital to make it clear whether the agreement is for a one-off payment or a recurring one: * Recurring payment: Perfect for subscriptions, monthly fees or any periodic collection. * Single payment: For a charge that will be made once and not repeated.
The signature: the final seal of validity
Last but not least, a mandate has no legal value without the date and signature of the debtor. This act is the proof that your client has given you their explicit consent. The signature can be the traditional handwritten one on paper or an electronic signature with full legal validity if the process is digital. The date, for its part, marks the starting point that activates the authorisation.
SEPA CORE vs B2B mandate: which do you need for your collections?
When we talk about SEPA mandates, the first thing to understand is that there is no single model. There are two types, and confusing them can bring you more than one headache in the form of returned direct debits and administrative hassle. Imagine trying to use your house key to open a bank vault; they are simply different tools for different purposes.
The same goes for SEPA mandates. The regulation clearly distinguishes between operations with individual clients and those carried out exclusively between businesses. Hence the two schemes you need to know: the SEPA CORE mandate and the SEPA B2B (Business-to-Business) mandate. Each has its own rules, time limits and levels of protection.
Since this system was introduced, its use has kept growing. To give you an idea, in the second half of 2022 alone, 10.7 billion direct debits were processed in the eurozone. Its importance is especially evident in businesses with recurring payments, such as gyms, telecoms or utilities. To go deeper, there are very comprehensive guides on the evolution of SEPA direct debit and its impact that explain this in detail.
The SEPA CORE mandate: the standard for everyone
The SEPA CORE mandate is the most common, the default. It is the universal model, valid for collecting from both individuals (B2C) and companies that have not agreed to use the B2B scheme. Its fundamental feature is the strong protection it offers to the person who pays.
Think of CORE as a safety net for your client. This protection translates into a very clear right to return, which is the key to everything:
- “No questions” return within 8 weeks: Your client can return any direct debit during the first 8 weeks from the collection date. They do not need to give any explanation, and their bank will refund the money immediately.
- Return for unauthorised collection (up to 13 months): If the client claims they never authorised that payment (e.g. because they did not sign any mandate or it was incorrect), the period to claim extends to 13 months.
This guarantee gives the consumer a lot of confidence but obliges you, as a business, to have impeccable mandate management. An unexpected return can throw your cash flow off balance.
The SEPA B2B mandate: for businesses only
On the other side we have the SEPA B2B mandate. As the name suggests, it is reserved solely for operations between companies, the self-employed or professionals. It is essential to remember this: never, under any circumstances, can you use it to collect from an individual client.
The idea behind the B2B model is to offer agility and, above all, certainty in collections between businesses. To achieve this, it removes the main feature of CORE: the right to return without justification.
By signing a B2B mandate, the paying company explicitly waives its right to request return of the direct debit once it has been authorised and collected. This waiver is the pillar that supports the entire B2B scheme.
In practice, this means that once the collection has been executed successfully, the operation is final and definitive. The only exception would be to prove that the charge was never authorised because there was no valid B2B mandate, but that already enters the territory of fraud claims.
In addition, as an extra layer of security, before the first B2B direct debit is issued, your client’s bank is obliged to verify that the mandate data matches what the debtor company has previously registered with them.
Visual comparison: CORE vs B2B
To leave no room for doubt, nothing beats seeing the key differences side by side.
Here is a table that summarises everything you need to know to tell them apart quickly.
SEPA CORE vs B2B mandate comparison
| Feature | SEPA CORE mandate | SEPA B2B mandate |
|---|---|---|
| Target audience | Individuals and companies (B2C and B2B) | Exclusively companies and self-employed (B2B) |
| Right to return | Yes. 8 weeks with no justification. | No. The debtor waives this right. |
| Return period | 8 weeks (authorised) / 13 months (unauthorised). | Only for unauthorised charge. |
| Bank verification | Not mandatory by the debtor’s bank. | Mandatory before the first direct debit. |
| Collection speed | High, but subject to possible later return. | Maximum; the collection is practically final. |
| Flexibility | High. It is the universal default scheme. | Low. Use strictly limited to professionals. |
As you can see, choosing between CORE and B2B is not a matter of taste but a decision that depends directly on your type of client. If your clients are individuals, there is no debate: your only option is CORE. If, on the contrary, you only work with other companies and want maximum security in your collections, B2B is your best ally, as long as your client agrees to use it.
The life cycle of a SEPA mandate from start to finish
A SEPA mandate is not just a piece of paper that gets signed and put in a drawer. It is a living document with a very clear life cycle from creation to final archiving. Understanding and managing this process well is the key to ensuring your collections are always valid and you do not get any surprises.
Think of it as the journey of an important contract. First it is born (creation), then it is given validity (signature), then it fulfils its purpose (use) and, finally, when it is no longer needed, it is stored safely or cancelled. Each of these stages has its own rules, and if you follow them, you will avoid many headaches.
Creation and obtaining the signature
The starting point, logically, is to generate the document. In this step it is vital that you do not miss anything: creditor identifier, UMR, client data, their IBAN, payment type… To be safe, it is best to use standardised templates that already include all the necessary fields.
With the mandate created, comes the moment of truth: obtaining the client’s authorisation. For this you have two paths:
- Traditional signature (handwritten): The classic method. You print the document, send it to the client, they sign it and return it. It is still perfectly valid, but it is a slower process and forces you to scan and archive the physical paper.
- Electronic signature: The smart, agile option. The client receives a link, reviews the mandate on their screen and signs it with a couple of clicks from their phone or computer. It is not only much faster but leaves impeccable digital traceability and greatly simplifies archiving.
Whatever method you choose, the essential thing is that the signature is valid and you have it in your possession before issuing the first collection.
Custody and secure storage
Once signed, the mandate becomes your responsibility. As the creditor, you are the one who must store it securely and have it to hand. No, you do not have to send it to your bank, but you must be able to show it if your client’s bank or the client themselves ask for it to verify that you had permission to collect.
This is where a good digital filing system changes your life. Having all your mandates organised will let you find any of them in seconds. This archive must be maintained while the mandate is active and, once cancelled, kept for the legal periods required by law, usually about six years from the last collection.
Storage is not just a formality; it is your lifeline. A well-kept mandate is the irrefutable proof that protects you if a client claims a charge was unauthorised—something they can do up to 13 months after the collection.
The trend towards digital is unstoppable. In fact, in the first half of 2024, SEPA direct debits grew 10.3% compared to the previous year. Although electronic mandates still only accounted for 12% of the total, their use is growing at a good pace. To go deeper, you can find more details in the payment system statistics published by the Bank of Spain.
Mandate expiry due to inactivity
A SEPA mandate does not expire by date, but it can “die” from disuse. If 36 consecutive months pass without you issuing a single collection with that authorisation, the mandate expires automatically. It becomes invalid.
And if that happens, there is no going back. You cannot “reactivate” it. The only solution is to start from scratch: generate a new mandate and have the client sign it again. That is why it is so important to keep track of your mandates’ activity, so you do not find yourself with a direct debit returned for this reason without warning.
To give you a clearer idea of which option suits you depending on your clients, this diagram compares the key differences between CORE and B2B mandates.
As you can see, the CORE scheme is designed to protect the end consumer, while B2B aims to give more security and speed to operations between companies.
How to automate the generation of your SEPA mandates
Managing a SEPA mandate by hand is one of those tasks that eats up precious time. Filling in documents one by one, chasing signatures and then filing papers is not only a slow process but a breeding ground for human error. A simple mistake when typing an IBAN or a reference can bring down an authorisation, which means returns and delays in collections.
As your business grows, this manual process becomes a real bottleneck. Imagine having to deal with hundreds of new mandates every month. The administrative burden becomes suffocating, slows the company’s agility and diverts attention from what really matters, such as winning clients or improving your service.
Fortunately, technology offers a way to turn this chaos into an efficient, secure system. Automating is no longer a luxury but a strategic step for any company that wants to scale its direct debit collections without dying in the attempt.
Generate mandates in PDF, one by one or in hundreds
The first big step towards efficiency is being able to generate mandates in PDF automatically and in a personalised way. Specialised digital tools, such as ConversorSEPA’s mandate generator, simplify this until it becomes an operation of a few minutes.
The mechanism is surprisingly simple. Instead of wrestling with templates, you upload a file (usually a CSV or Excel) with the data of your new clients. The platform does the rest: it processes the information and creates an individual SEPA mandate for each one, ready to send and sign.
This gives you two big advantages: * Individual generation: A new client? You enter their data in a form and have the PDF instantly. * Bulk generation: A large-scale onboarding? You upload a single file and the system creates hundreds or thousands of perfect mandates, with no errors. To see how it works, you can learn what data a SEPA direct debit CSV file should contain, which is a very similar process.
Connect your system via API for full automation
For companies that want maximum efficiency, integration via an API (Application Programming Interface) is the definitive solution. An API acts as a bridge that connects your management software (CRM, ERP, etc.) directly with the service that generates the mandates.
Think of API integration as autopilot. It completely removes the need for a person to create the mandate. When you onboard a client in your system, it talks to the external tool to generate and send the SEPA mandate at that very moment.
This workflow is efficiency in its purest form. The moment a client finishes registering on your website, the mandate is created with their data, sent to them by email and presented for them to sign electronically. The whole cycle closes in seconds, without anyone on your team having to lift a finger.
Platforms like ConversorSEPA offer very solid APIs so developers can integrate this functionality quickly and securely into any system.
The direct benefits of saying goodbye to manual work
Adopting an automated solution to generate mandates is not just a process improvement; it is an investment with a clear, tangible return. The benefits are felt from day one in key areas of the business.
Hours of work saved: * No more typing data by hand. Your admin team can focus on higher-value tasks, such as financial analysis, customer service or management control. * Time spent correcting errors and tracking lost documents is reduced to a minimum.
Elimination of human error: * By automating the transfer of data from your system to the mandate, the risk of transcription errors in critical fields like IBAN or UMR disappears. * This translates directly into a sharp drop in returned direct debits due to incorrect data, thus protecting your cash flow.
Regulatory compliance assured: * Specialised tools always use up-to-date templates that comply with the latest SEPA regulation. * This gives you the peace of mind of knowing that every SEPA mandate you generate is legally valid and meets all requirements.
In short, automating mandate generation turns a slow, fragile administrative process into a robust, fast and reliable system. It sets the foundations for growing in a scalable way with financial health of steel.
We answer your day-to-day questions about the SEPA mandate
Handling SEPA mandates day to day can generate a lot of practical questions that do not always appear in general guides. So you can work with total security and confidence, here we have gathered the most common doubts, with direct, to-the-point answers.
Think of this section as your go-to cheat sheet. It is the place where you will find clear solutions to the most common problems, reinforcing everything we have seen so you master the life cycle of your mandates from start to finish.
Can I modify a SEPA mandate once it is signed?
This is the million-dollar question, and the answer is a firm no. A signed SEPA mandate is a closed agreement. You cannot alter its terms, and even less the debtor’s data or their bank account. It is like a contract sealed with wax: any change would break the seal and invalidate the original agreement.
If a client changes their account number (IBAN) or you need to update any other key data, the correct path is to cancel the current mandate. Immediately after, you must generate a new one with the correct information for the client to sign again.
This process is the only guarantee that you will always be operating with a valid authorisation. Trying to “patch” an old mandate is risking having direct debits returned—a risk not worth taking.
What happens if I issue a collection without having the mandate signed?
Issuing a direct debit without having a SEPA mandate signed and safely stored is, without mincing words, one of the worst financial mistakes you can make. It exposes you to huge risk, because the regulation protects the debtor with an iron fist in these cases.
If you make a collection without that authorisation, your client has an incredibly long period of up to 13 months to return the direct debit. And the worst part is they do not need to give a single explanation. Their bank will simply refund the money, no questions asked.
The golden rule is simple and non-negotiable: never issue a direct debit without having the mandate duly signed and archived first. Doing so not only destabilises your cash flow but can also lead to penalties from your own bank for bad practice.
Do I have to send a copy of the mandate to the bank?
No, you do not have to proactively send each mandate you sign to your bank. The responsibility for keeping the document is yours and yours alone. As the creditor company, you are the guardian of that authorisation and must have it clearly located and accessible.
That said, this does not mean the bank will never ask for it. Both your client’s bank and the client themselves have the right to ask you for a copy of the SEPA mandate at any time to verify that the collection is really authorised.
That is why it is essential to have a bulletproof filing system, preferably digital. A good system will let you find and send any mandate in minutes, demonstrating that you comply with the regulation and settling any possible dispute.
How long must I keep a SEPA mandate?
Here we enter a legal obligation you cannot take lightly. Although SEPA regulation does not set a single universal period, the recommendation in Spain aligns with other tax and commercial regulations you already know.
The rule is simple: you must keep the mandate (and any amendments) while it is active. Once the mandate is cancelled or expires, the recommended practice is to keep it for a minimum period of 6 years from the date of the last collection you made with it.
This period gives you solid legal coverage against any claim, audit or inspection. A well-managed historical archive is your best defence.
Does a SEPA mandate expire?
Yes, a mandate can expire, but not because it has an expiry date written on it. It expires due to inactivity. If 36 consecutive months pass without you using a mandate to issue a direct debit, it loses its validity automatically.
Once expired, it cannot be “reactivated”. If you want to collect from that client by direct debit again, you have to start from scratch: generate a new document and ask them to sign it again. It is crucial that you keep track of when you last used each mandate to avoid having an important collection returned for this reason.
Simplify the management of your collections and sleep easy knowing you always comply with the regulation. With ConversorSEPA, you can generate your SEPA mandates in PDF one by one or in bulk and automate the entire life cycle of your bank batches. Find out how we can help you at ConversorSEPA.
