November 27 • 2023
FCA Multi-Firm Review of APP Fraud – What does it mean for you firm?
Cybercrime is low risk, low investment, and high return. Not surprisingly, illegal financial gain is one of the biggest reasons for cyber-attacks. The result is a predicted USD 10 Trillion of damages by 2025. Our vision is to change that.
The Financial Conduct Authority (FCA) has just completed a multi-firm review of fraud prevention controls and complaints handling, focused on APP fraud.
The review has happened as the UKs APP problem is still large, with Authorised Push Payment Fraud (APP) losses of £239.3m for H1 2023 vs. £241.9 down 1% in H1 2022. However, case were up 22% from 95,167 to 116,324.
This is despite the numerous initiatives already in place, such as Confirmation of Payee (COP) and the Contingent Reimbursement Model (CRM) and with new PSR rules due this time next year.
With the new PSR rules coming into effect in under a year, impacting all UK PSPs of Faster Payments and the FCA Consumer Duty that came into force at the end of July 2023, the number of firms the rules apply to, is in the thousands.
What are the key areas that the FCA raised as being a problem in their review?
- Poor ability for victims to report fraud quickly and easily
- Lack of customer centric MI and Metrics in firms, which were predominantly commercially orientated
- Insufficient operational capacity to manage the volumes of customer reports and fraud alerts
- More investment in fraud management is required to reduce mule accounts and prevent more APP frauds
It is clear from the FCA report most firms need to up their game on at least some elements here to avoid fines and Dear CEO letters.
What do firms need to do?
Firms need to ensure that they are meeting both the forthcoming PSR regulations and FCA Duty Of Care requirements as part of a comprehensive fraud management strategy.
This should cover:
- Improving operational capacity to support through automations, such as:
- Quick & easy fraud reporting for customers
- Reporting to beneficiaries and law enforcement
- Improved MI on customer cases and responses to drive strategy
- Additional victim resources and ability to track progress
- Improving funds recovery for customers and reduce your liability
Improve access to sources of real time actionable intelligence to improve you end to end fraud strategy, throughout the whole of the customer lifecycle:
- At onboarding to reduce mule accounts opened
- As part of real time inbound and outbound to prevent payments to known mules and onward transfer of funds
- Ongoing Due Diligence to close existing mules faster before they do damage
- Alerts on confirmed Mules in your portfolio
Review our PSR Scam Regulatory Response to see how we can help.
At CYBERA we’re on a mission to stop money laundering and help protect customers from scams and other financial cybercrime. We close gaps that allow cyber criminals to thrive by sharing crime data in real-time with financial institutions, fintech, and crypto exchanges, and coordinating a global response to support customers who have become victims of financial cybercrime.
CYBERA WATCHLIST™ helps support firms to reduce fraud and money laundering and meet regulatory requirements as part of a holistic fraud and financial crime strategy.
Financial Institutions (FIs) can check against the CYBERA WATCHLIST™ for confirmed mule accounts when processing payments. For outbound & inbound payments, where there is a match on either IBAN (Account Number & Sort code) or on Name the transaction can be flagged as high risk.
At account opening and ongoing CDD, email, phone and name can be used to match to CYBERCRIME WATCHLIST™ to reduce opening new mule accounts.
CYBERA VSR™ further supports by providing users with alerts of any of their accounts reported as mules directly in their dashboard.
Unlike other data sources, CYBERA is a global solution, so is well placed to support the increasing levels of cross-border real-time payments.