Press enter to search, esc to close
The Payment Systems Regulator (the PSR) has published its policy statement: ‘Fighting authorised push payment fraud: a new reimbursement requirement’ (the Policy Statement). We have set out below a summary the key points in the Policy Statement.
On 29 September 2022, the PSR published its consultation (CP22/4: Authorised push payment (APP) scams: Requiring reimbursement) containing its proposals to give greater protection to consumers against Authorised Push Payment (APP) scams. In summary, it proposed that payment service providers (PSPs) will be required to reimburse all victims of APP fraud where payment is made over Faster Payments, subject to limited exceptions. The consultation was open until 25 November 2022 and the PSR received 71 responses.
Fighting authorised push payment fraud
The reimbursement requirement: The Policy Statement sets out the new reimbursement requirement that will “introduce consistent minimum standards to reimburse victims of APP fraud” within the Faster Payments system (as directed by the Financial Services and Markets Bill). The reimbursement requirement will apply to all Payment System Providers (PSPs) within scope of the Policy Statement including banks, building societies and smaller payment firms. The reimbursement requirement applies to consumers, microenterprises, and charities.
In summary the reimbursement requirement will:
1. Require PSPs to reimburse all in-scope customers who fall victim to APP fraud in most cases other than where there is first party fraud or gross negligence.
2. Share the cost of reimbursing victims 50:50 between sending and receiving payment firms.
3. Provide additional protections for vulnerable customers.
Key policies: The new reimbursement requirement is underpinned by ten key policies:
1. Reimbursement requirement for APP fraud within Faster Payments
2. The cost of reimbursing victims of APP fraud should be shared 50:50 between the sending and receiving PSPs (the sending PSP will be expected to notify the receiving PSP as soon as possible)
3. Exceptions to the reimbursement requirement for APP fraud claims include (a) where the customer has acted fraudulently or (b) where the customer has acted with gross negligence
4. Sending PSPs must reimburse customers within five business days
5. Sending PSPs have the option to apply a claim excess (there will be further consultation on this at a later date)
6. There is no minimum value threshold for APP fraud claims
7. There will be a maximum level of reimbursement for APP fraud claims (there will be further consultation on this)
8. Sending PSPs have the option to reject APP fraud claims submitted more than 13 months after the final payment to the fraudster
9. The customer standard of caution and claim excess must not be applied to vulnerable customers
10. The new reimbursement requirement applies to the Faster Payment to an account controlled by a person other than the customer, where the customer has been deceived into granting that authorisation for the payment as part of an APP fraud
Timing: The new reimbursement requirement will apply to Faster Payments authorised after the regulatory requirement comes into force in 2024 although the PSR says it expects the industry to start work now to implement the new reimbursement requirement. The PSR says it expects the new reimbursement requirement to lead firms "to innovate and develop effective, data-driven interventions to change customer behaviour".
Application: The reimbursement requirement will not apply to
(a) civil disputes
(b) payments which take place across other payment systems (e.g., if a customer sends funds to their account at a crypto exchange and then pays a fraudster via a cryptocurrency)
(c) international payments and
(d) payments made for unlawful purposes where the customer isn’t deceived.
It will therefore be important to work through each payment journey when considering a complaint to ensure the reimbursement requirement is being applied correctly (particularly if a complaint is referred to the FOS). Open banking payments and some multi-step fraud cases (the Policy Statement provides examples of what may and may not be covered) are in scope of the new reimbursement requirements. However, payments made by CHAPS and ‘on us’ payments are not covered under the Policy Statement. The PSR says the Bank of England, as the operator of the CHAPS system, is committed to achieving comparable outcomes of consumer protection for CHAPs transactions.
Legislation: The PSR want Pay.UK as the independent payment system operator to run Faster Payments in a way that ensures customers are protected. The PSRs’ five-year strategy explained that it wants Pay.UK to take “a stronger role to lead the development of protections for payment system users”. The PSR will direct Pay.UK to put the new reimbursement requirement into Faster Payments rules using its powers under Section 55 of the Financial Services (Banking Reform) Act 2013.
Wider aims: The PSR says reimbursement “will create a clear financial incentive for payment firms to do everything they can to limit a fraudster’s ability to access the UK banking system, and their ability to move money into their control”. The Policy Statement also says the new reimbursement requirement will deliver the PSR’s wider measures and it expects to see (1) less APP fraud (although it recognises reported claims may increase in the short to medium term as victims become aware of this new requirement) (2) improved protection for victims (3) effective incentives for payment firms and (4) increased confident in Faster Payments.
Other action: As part of its action against APP fraud, the Policy Statement sets out that the PSR is also
1. publishing a balanced scorecard of APP fraud data,
2. increasing intelligence sharing, and
3. expanding the rollout of Confirmation of Payee.
Vulnerable customers: PSPs will be expected to
1. assess a customer’s situation and any potential vulnerability in line with the FCA’s guidance for PSPs on the fair treatment of vulnerable customers and
2. be mindful of their obligations under the Consumer Duty.
If a customer is deemed to be vulnerable the sending PSP must not apply the customer standard of caution (i.e., gross negligence) or claim excess. The Policy Statement says all firms should consistently apply the FCA’s definition of vulnerability to identify customers vulnerable to APP fraud – “[A] vulnerable customer is someone who, due to their personal circumstances, is especially susceptible to harm, particularly when a firm is not acting with appropriate levels of care”. This will mean all firms are working to a single definition of vulnerability.
Gross negligence guidance: The industry generally argued that gross negligence was too high a bar for the customer standard of caution and in the Policy Statement the PSR says it sees “no credible alternative to gross negligence that would likely meet” its objectives. However, the PSR says it will develop and publish additional guidance on the customer standard of caution in Q4 2023.
Next steps: The PSR says it will engage in a series of workshops with interested parties in June and July 2023 to gather preliminary views and aid understanding. It will then consult on:
If you would like to discuss the above in any further detail, please let us know.
Authors: Kaileigh Hunter, Alanna Tregear, Clare Stothard, Richard Hayllar
This publication is intended for general guidance and represents our understanding of the relevant law and practice as at June 2023. Specific advice should be sought for specific cases. For more information see our terms & conditions.
12 June 2023