Direct Debit · BACS · AUDDIS · UK PropTech

Rent collected.
Funds forwarded.
Nothing missed.

agentOS Direct Debit handles the full rent collection lifecycle — mandate setup, BACS submission, fund sweeping, clawback protection, and forwarding to your client account — through a single, API-first service built for UK letting agents.

UK BACS Direct Debit

AES-256 encrypted bank details

Multi-tenant, per-org isolation

FCA-aligned 7-year retention

See how it works

The Process

From invite to
settled funds

Four steps. One service. Your client account receives rent without you touching it manually.

01

Send the invite

Enter the tenant's name, email, amount, and collection day in your dashboard. A unique, time-limited link goes straight to their inbox. No paper forms, no phone calls.

02

Tenant completes the mandate

The tenant fills in their bank details, accepts the Direct Debit Guarantee, records a short video verification, and completes ID checks — all in one guided form. Their mandate registers automatically via AUDDIS.

03

Funds collected and swept

On collection day, BACS debits the tenant's account. Funds land in a Modulr collection account, then sweep automatically into a Griffin holding account. A configurable hold period (default 24 hours) protects against clawbacks.

04

Forwarded to your client account

Once the hold period passes and the clawback reserve is satisfied, funds forward automatically from the Griffin holding account into your client account. Fully audited, fully traceable.

Full Capability

Built for the
whole lifecycle

Every capability you need for Direct Debit collection — mandate to settlement, alert to audit — built in and ready.

8-Step Mandate Form

Public-facing, token-gated multi-step form. Personal info, DD Guarantee acceptance, BACS date display, bank details with modulus checking, video verification, ID verification, Right to Rent (property mandates), and confirmation. Draft state persists at every step.

Invite Token Generation

Generate secure, single-use, 7-day tokens linked to a specific org, tenant email, amount, frequency, and collection day. Expired tokens show a clear error with a resend option. Resending cancels the old token and creates a fresh one.

AUDDIS Mandate Registration

On form completion, submits the mandate to Modulr via AUDDIS. Handles async acceptance and rejection webhooks. Updates mandate status from pending_submission → active (or failed with reason). Notifies agent and tenant on both outcomes by email.

BACS Working Day Engine

UK bank holiday calendar synced monthly from gov.uk. Calculates collection dates and T+3 receipt dates, skipping weekends and bank holidays. Handles Feb 28/29 boundaries, Sunday-to-Monday push, and month-end roll. Displayed clearly on the mandate form.

Automated Collection Scheduling

Daily cron job identifies mandates due in the next BACS window and submits collection requests to Modulr with idempotency keys. Handles 31st-of-month edge cases, suspended mandates, and duplicate submission guards automatically.

Modulr → Griffin Fund Sweep

When Modulr confirms a collection, funds sweep automatically to your Griffin DD holding account. Records each movement as a holding_transaction. Confirms settlement via Griffin webhook and stamps a hold_until timestamp.

Clawback Reserve & Protection

Reserve calculated as max(minimum_threshold, outstanding_collections × risk_factor). Forwarding is gated until the reserve is satisfied. When a BACS reversal arrives, it debits the reserve and raises a high-severity alert if the forward has already occurred.

Automatic Fund Forwarding

Hourly job checks for sweeps whose hold period has elapsed and whose reserve is satisfied. Initiates Griffin payment from holding to client account. Supports partial forwarding when reserve constraints allow only some funds through.

BACS Re-presentation Logic

Failed collections re-present after 5 working days per BACS rules. Tracks retry count (max 2). After 2 failures: mandate transitions to failed, a gatekeeping flag is raised, an alert fires, and the agent can trigger a manual retry from the dashboard.

In-Browser Video Verification

Tenant records up to 60 seconds stating their name, DD amount, and property address via webcam. Uploaded directly to S3-compatible storage via presigned URL. Agents can replay the recording from the mandate detail page via signed URL (expires in 1 hour).

Third-Party ID Verification

Embeds or redirects to a third-party ID verification provider (e.g. Onfido or Veriff) at step 6 of the mandate form. Receives a webhook on completion, stores the result (passed/failed/pending), and blocks mandate submission if verification fails.

AES-256-GCM Encrypted Bank Details

Account numbers and sort codes encrypted at rest using AES-256-GCM with a KMS-managed key. Decryption only happens inside the Modulr submission job — never returned to the UI in plaintext. Masked last-4 digits stored separately for display.

Threshold Alert Engine

Evaluates configurable thresholds every 15 minutes: mandate creation rate, daily/weekly collection amounts, and clawback reserve level. Creates typed alert records, sends email to configured recipients, and keeps alerts active until explicitly acknowledged.

DD Overview Dashboard

Active mandate count, scheduled collections this week (total £), collections succeeded/failed this month, clawback count, reserve health indicator, and a live activity feed. Reserve widget refreshes every 5 minutes. Links to mandate and collection list pages.

Full Mandate Lifecycle Management

Cancel, suspend, and reactivate mandates from the dashboard or API. Each transition calls Modulr via AUDDIS, logs to the audit trail, and notifies the tenant. Amount amendments create a future-dated change with advance notice per the DD Guarantee.

Collection & Mandate Reports

Collection success/failure rates by period, clawback history with reason codes, mandate conversion rate (invite sent → active), forward reconciliation, and reserve utilisation over time. All exportable to CSV. Includes a reconciliation export compatible with Xero and Sage.

Scoped API Key Access

DD-specific scopes: mandates:read, mandates:write, collections:read, alerts:read, alerts:write, reports:read. All procedures accessible via Bearer token without a user session. Rate-limited per org. Full developer reference at /docs with example payloads.

Mandate Gatekeeping API

Returns mandate status, last collection result, and an access_allowed boolean for any tenant by email or external reference. Fires a mandate.status_changed webhook on every transition. agentOS (or any consumer) uses this to block portal access when a mandate lapses.

Full DD Audit Trail

Every DD financial event captured with actor, org, resource ID, and amount: mandate state changes, collection submissions, fund sweeps, forwards, clawbacks, alert actions. Accessible to admins in the dashboard and via API. FCA-aligned 7-year retention with automated archival.

DD Onboarding Setup Wizard

Guided post-signup wizard: enter Modulr SUN and credentials, enter Griffin account IDs, configure hold period and reserve settings, send a test mandate invite. Validates credentials against both APIs live. Mandate invites are locked until setup is complete and validated.

Outbound Webhook Events

Subscribe to DD lifecycle events: mandate.created, mandate.active, mandate.cancelled, collection.collected, collection.failed, collection.clawback, funds.forwarded, alert.raised, and more. Agents configure subscriptions in the dashboard. Payloads include full entity data.

Security & Compliance

Built to the standards
regulators expect

UK Direct Debit is a regulated activity. Every layer of this service is engineered with that in mind.

AES-256-GCM Encryption

Bank account numbers and sort codes encrypted at rest using AES-256-GCM. Never returned to the UI in plaintext. PCI-DSS and FCA data minimisation aligned.

FCA-Aligned Data Retention

7-year mandate retention (configurable per org) enforced by automated weekly archival. Bank details redacted from archived records. Audit trail metadata preserved indefinitely. Raw webhook payloads purged after 90 days.

Strict Multi-Tenant Isolation

Every mandate, collection, and config record is scoped to an org ID. Each agent gets their own Modulr SUN and Griffin holding account. No data bleeds between customers.

Direct Debit Guarantee Compliant

Advance notice of amount changes, clawback handling, and mandate cancellation all implemented per the Direct Debit Guarantee rules. BACS re-presentation follows the 5-working-day rule.

FAQ

Common questions

Straight answers about how the service works.

How does a tenant set up their Direct Debit mandate?

The agent sends a mandate invite from the dashboard. The tenant receives a unique link (valid for 7 days, single-use) and completes an 8-step form: personal information, DD Guarantee acceptance, payment details with BACS date display, bank details with modulus validation, a short video verification, ID verification, Right to Rent (property mandates only), and a final confirmation. On submission, the mandate registers with Modulr via AUDDIS automatically.

When does rent actually reach my client account?

BACS collection takes approximately 3 working days from the collection date to settlement. Once Modulr confirms the funds are collected, they sweep into a Griffin DD holding account and are held for a configurable period (default 24 hours) to guard against clawbacks. After the hold period, and provided the clawback reserve is satisfied, funds forward automatically to your Griffin client account. The mandate form shows tenants exactly when funds will leave their account and when you'll receive them.

What happens if a collection fails?

The service follows BACS re-presentation rules: it automatically re-submits the collection after 5 working days (up to 2 attempts). The agent is notified by email with the failure reason. After 2 failed attempts, the mandate is flagged as failed, an alert is raised, and the gatekeeping API returns access_allowed: false so the consuming application (e.g. agentOS) can restrict tenant portal access. The agent can also trigger a manual retry from the dashboard.

How does the clawback reserve work?

A reserve is maintained in the Griffin holding account calculated as max(your configured minimum GBP threshold, total outstanding collections × your risk factor %). Funds only forward to your client account once the reserve requirement is satisfied. If a tenant's bank reverses a payment (BACS return), the clawback amount debits the reserve. If the reserve drops below the minimum, forwarding pauses and an alert fires. You configure all thresholds in the DD settings page.

Can I integrate this with agentOS or my own platform?

Yes. The service is API-first and standalone — there is no dependency on agentOS. Any application can integrate using scoped API keys (Bearer token). Available scopes: mandates:read, mandates:write, collections:read, alerts:read, alerts:write, reports:read. The gatekeeping endpoint lets your platform check whether a tenant's mandate is active. The webhook system fires events for every DD lifecycle state change. Full API reference is available at /docs.

Is this service available outside the UK?

No. This service is UK-only. It operates on the BACS Direct Debit scheme, uses UK bank holiday data from the gov.uk API, processes GBP only, and is built around UK regulatory requirements (FCA data retention, Direct Debit Guarantee, Right to Rent). There are no current plans for international expansion.

How are tenant bank details protected?

Account numbers and sort codes are encrypted at rest using AES-256-GCM with a KMS-managed key. Plaintext bank details are never returned to the UI — only the last 4 digits of the account number (stored separately as a masked value) are displayed. Decryption happens exclusively inside the Modulr submission job. This approach is aligned with PCI-DSS and FCA data minimisation requirements.

agentOS Direct Debit

Rent in.
Automatically.

From mandate invite to client account — every step of the Direct Debit lifecycle handled, audited, and protected. Built for UK letting agents who have better things to do than chase rent.

UK BACS · AUDDIS

Modulr + Griffin

API-first · Multi-tenant

FCA-aligned retention

AES-256 encrypted

Join the Waitlist