Press enter to search, esc to close
What’s this about?
Mandatory reimbursement for authorised pushed payment (APP) came into force on 7 October 2024. At around the same time there was a flurry of other publications which have caused a certain amount of confusion across the payments industry. In this note, we look at what all these updates mean for payment service providers (PSPs).Our Head of Economic Crime Compliance, Ben Cooper says...
“The new APP fraud reimbursement requirement and draft payment services regulations mark another step towards strengthening fraud prevention measures and levels of consumer protection within the payment services industry. However, firms should strive to continue to improve their anti-fraud systems and controls to ensure that they prevent consumer harm in line with both the FCA’s expectations and their obligations under the Consumer Duty.”
The points not to miss...
On 9 September 2024, the FCA published Guidance Consultation (GC24/5) on proposed changes to its Payment Services and Electronic Money Approach Document (covered in our September article here). The deadline for responses was 4 October 2024 and we await an update from the FCA.
On 2 October 2024, the Payment Systems Regulator (PSR) published Policy Statement (PS24/7) confirming:
The maximum level of reimbursement for Faster Payments and CHAPS APP scams is now £85,000: The PSR justified the reduction stating that 99.8% of Faster Payments APP scams by volume and 90% by value will still be reimbursed. The cap is also in line with the current Financial Services Compensation Scheme deposit limit but will not automatically track any changes in that limit going forward. The Payment Systems Regulator will keep the new limit under review and undertake an evaluation of its impact and effectiveness in 12 months’ time.
Customers will retain their rights to bring claims to the Financial Ombudsman Service (FOS) in addition to receiving compensation under the new APP fraud reimbursement requirement: The FOS can consider complaints made against its wider jurisdiction (including the Consumer Duty and alleged fault on the part of PSPs) and make awards up to a maximum limit of £430,000. The PSR has acknowledged in its Policy Statement that customers relying on this wider jurisdiction to recover losses above the new reimbursement requirement limit may result in a more ‘complex compensation environment’, and that it will keep this risk under review. The Policy Statement also highlights that firms must be clear with customers about their right to take cases to the FOS.
On 7 October 2024, the FCA published a 'Dear CEO’ letter setting out its expectations for firms to improve their anti-fraud controls going forward, including:
PSPs should continue to work to reduce APP fraud by improving their anti-fraud systems and controls: The FCA expects PSPs to regularly review the effectiveness of their fraud prevention systems, and to maintain appropriate customer due diligence controls (both during the customer onboarding stage and on an ongoing basis) to identify and prevent accounts from being used to receive proceeds of fraud or financial crime.
Firms’ approaches to ‘On Us’ APP Fraud and the Consumer Duty: The new reimbursement requirement for APP fraud will only apply to payments routed through Faster Payment Systems and CHAPS. The FCA’s concern is that this may lead to a lack of understanding from customers as to why they may receive lower levels of protection in respect of ‘on us’ or intra-firm payments (which are not within the scope of the new reimbursement requirement) and therefore result in poorer consumer outcomes. The FCA has consequently requested that firms who plan to provide lower levels of customer reimbursement protection for ‘on us’ or intra-payment APP fraud contact them to provide an explanation of the steps they have taken to deliver good consumer outcomes and meet their Consumer Duty obligations.
Other Consumer Duty Considerations: Firms are reminded of their obligations to avoid causing consumers foreseeable harm and to act in good faith where they have identified that harm has been caused to customers by taking appropriate action to rectify the situation (including considering whether remedial action is appropriate). Firms must also provide customers with information about the availability of (and how to access) alternative dispute resolution procedures in their pre-contractual information under the Payment Services Regulations 2017.
On 9 October 2024, HM Treasury published the Payment Services (Amendment) Regulations 2024 (Amendment Regulations) confirming that:
PSPs will be able to delay processing payment transactions where they have reasonable grounds to suspect fraud or dishonesty: PSPs will have up to four business days to make further enquiries (including contacting the customer or other relevant third parties) to establish whether they should execute a payment order. PSPs must also notify customers of any reasons for a delay, as well as any information or actions which are needed to help the PSP decide whether to process the payment order unless it is unlawful to do so.
PSPs will be liable for any charges and interest incurred by customers as a result of delaying the execution of any payment orders: This is irrespective of whether a payment order is actually processed. These provisions will come into force on 30 October 2024.
On 22 November 2024, the FCA published its Finalised Guidance (FG24/6) on how it expects PSPs to interpret the Amendment Regulations:
Having ‘reasonable grounds’ to suspect fraud or dishonesty is more than mere speculation: In the FCA’s view, this is based on an objective factual foundation, but falls short of knowledge where a PSP knows that a payment order has been placed following fraud or dishonesty. PSPs should take into account the specific circumstances of the individual transaction, together with the PSP’s wider assessment of evolving fraud risk when deciding whether to delay a payment. Funds which are subject to such a delay should remain in the payer’s account for interest accrual purposes but be unavailable to the payer to spend during the period of delay.
PSPs’ decisions to delay executing payments should support delivering good customer outcomes under the Consumer Duty: So that PSPs can monitor and assess whether the outcomes customers are experiencing are consistent with their obligations under the Consumer Duty, PSPs should record information about the overall volumes and values of delayed payments as well as information about each delayed transaction including: the grounds for suspicion, length of the delay, whether the transaction was ultimately completed or refused and whether the PSP identified the payer as having characteristics of vulnerability. The FCA also expects PSPs to have processes in place to deal effectively with non-standard issues that may arise from delaying inbound payments, and reiterates that PSPs will likely need a real time human interface (such as customer facing branch staff or a phone service) to respond to its customers’ questions and provide effective support in order to deliver good customer outcomes (as previously noted in its Consumer Duty guidance (FG22/5)).
The scope of PSPs’ reimbursement liability is limited only to interest and charges directly incurred by customers from payment delays: This will not extend to wider losses, such as the loss of opportunity from an investment the customer could not make in a timely way. However, PSPs are required to reimburse customers for charges levied by third parties for late payment.
The FCA encourages PSPs to exchange information about delayed payment transactions to enable effective investigations: It has not prescribed which information should be shared, or which communication method should be used between PSPs, but expects that the payer’s PSP will decide this on a case-by-case basis. The FCA also encourages PSPs to refer to industry intelligence-sharing initiatives to remain aware about emerging fraud threats, including information published by the National Crime Agency or made available by Cifas’ National Fraud Database and Intelligence Service. Any information sharing between PSPs’ is subject to UK data protection restrictions.
PSPs’ assessments of whether they can delay payments under the Amendment Regulations are independent of their obligations under other financial crime legislation: A PSP’s consideration of whether they can delay a payment under the Amendment Regulations is distinct from its assessments of whether it needs to submit reports under the Proceeds of Crime Act 2002 or the Terrorism Act 2000. Where PSPs have either delayed a payment, or refused to process a payment order, the Amendment Regulations do not prevent them from seeking to deter the payer from making the payment by another means.
PSPs will not be liable for breaching the 2017 Payment Service Regulations (2017 PSRs) where they must do so to comply with other laws: For example, a PSP would not be liable for contravening the requirement to make incoming funds immediately available to a payee after they have been credited to the payee’s PSP’s account under Regulation 89(3) 2017 PSRs, if making such funds available to would breach any of the provisions of Part 7 of the Proceeds of Crime Act 2002 or Part 3 of the Terrorism Act 2000. However, PSPs should make funds available to a payee as soon as they have concluded that they are not prevented from doing so.
Next steps: The Amendment Regulations came into force on 30 October 2024. The FCA plans to monitor and evaluate the impact of the changes the Amendment Regulations make to the 2017 PSRs (and whether it needs to make further clarifications to its guidance to improve compliance with these) by gathering data from PSPs on payment execution timings, together with the values and volumes of delayed payments via existing supervisory engagement processes. Once it has assessed the types and utility of information available, the FCA has confirmed that it will consult on proposals for the scope and content of a permanent monitoring regime.
If you would like to discuss or have questions about any of the topics in the speech or if you require legal advice on these issues, don’t hesitate to get in touch.
Publication link |
Policy Statement (PS24/7) (published 2 October 2024) 'Dear CEO’ letter (published 7 October 2024) Payment Services (Amendment) Regulations 2024 (published 9 October 2024) |
Who has published it? |
The Financial Conduct Authority Payment Systems Regulator |
Publication type |
Policy Statement Draft legislation Letter |
Any key dates? |
The new APP fraud reimbursement limit has been effective from 7 October 2024. |
What is it relevant to? |
Payment services providers, e-money institutions, Consumer Duty, APP fraud |
Co-author: Hannah Stanley
This publication is intended for general guidance and represents our understanding of the relevant law and practice as at December 2024. Specific advice should be sought for specific cases. For more information see our terms & conditions.
Date published
09 December 2024
RELATED SERVICES