In mid-December, just before Christmas the Payments Systems Regulator (PSR) gave UK banking customers an early Christmas present, by confirming the enforcement date for the its new Reimbursement Requirement. This requirement is for paying PSPs, subject to exemptions and rules, to refund victims of APP frauds using Faster Payments 100% of their losses. The beneficiary PSP is to then refund 50% to the paying PSP.
If you have read my blog posts over the last 5 years, I’ve been following the UK regulatory response to Authorised Push Payment (APP) fraud closely over that time. From CoP and the CRM, including the new rule on inbound payments from December 2023, and finally the new reimbursement requirement, the UK response has come a long way since the Which! Super Compliant in September 2016.
So now we have the confirmed enforcement date of 7th October 2024, lets remind ourselves of the key elements of the new regulatory regime and what this will mean for PSPs and consumers in the UK.
PSP’s & Payments in Scope
All PSP’s in the UK that are participants of the Faster Payments Scheme and/or provide an account that can send or receive faster payments are in scope.
- CHAPs not specifically covered but BoE to implement equivalent rule.
- Credit Unions, Municipal Banks and National Savings Banks are excluded.
PSP Rules
Paying PSP:
- Refund customers in full APP Frauds between £100 & £415,000* related to the Faster Payment Scheme**
- £100 excess and £415,000 cap is voluntary on the paying bank, they can refund from £0 to the whole amount if they so wish.
- The £100 excess does not apply to vulnerable customers
- The paying PSP’s decision is final (if subsequently the customer is refunded e.g. by court order or under a FOS complaint this is not treated as reimbursement under this requirement and the beneficiary bank is not required to repay half.
- Must notify the beneficiary PSP promptly (time TBC) to maximise recoveries
- Can pause 5 days (Stop the Clock) to investigate (multiple times, but must make a decision within 35 days.
Beneficiary PSP:
- Refund Paying bank 50% of the APP Fraud Losses that have been reimbursed and 50% of any recoveries (subject to the excess and cap.
- Respond to the paying PSP’s enquiries
Customer Requirements – Customer Standard of Caution Exemption
- Must have regard to interventions of their PSP or relevant body such as the police, if they are indicating the likelihood of the scam.
- Must report promptly and must have reported within 13months of the fraud and the fraud happened after the 7th October 2024
- Must share information requested by their PSP as part of the claim if they are reasonable and proportionate
- Must report the Fraud to the Police after a claim is made (or allow the bank to do so on their behalf)
Where with gross negligence (a significant degree of carelessness) the victim has not met any of the above requirements the claim can be denied, unless the customer is vulnerable. This is not automatic, they must assess why one of these has not been met, not just deny the claim.
This is a significant change for PSPs and consumers in the UK. PSP’s, including small firms must improve their ability to detect and prevent APP frauds and mule accounts. This covers a number of areas such as:
- Prevent onboarding potential mules and take steps to close them down once opened
- Undertake real time payment profiling for both outbound and inbound payments
- Add the right amount of friction at the right time to payment journeys, such as warnings and delays
- Improved use of AI to aid which cases to investigate in more detail to reduce liability and prevent abuse by fraudsters, both organised and opportunistic.
- Do all of the above whilst protecting customers under the FCA Duty of Care, as financial outcomes are not the only metric here.
Consumers, should see an increase in reimbursement, and in many cases smaller value payments are likely to be refunded with minimal investigations and time from PSPs. Larger value payments are likely to take longer to be investigated, to avoid abuse of the scheme.
The same APP scams are rampant around the globe so all eyes will be on the UK and how this new scheme works and expect elements to be copied by global regulators and legislators.
Click here to see how CYBERA’s solutions can help PSP’s meet the requirements and reach out [link] to discuss.
*This is in line with the FOS complaints maximum. Cap will allow 95.5% by volume and 98% by value to be refunded
** CHAPs to be covered by BoE rules.
About CYBERA
At CYBERA we’re on a mission to stop money laundering and help protect customers from scams and other financial cybercrime. We close gaps that allow cyber criminals to thrive by sharing crime data in real-time with financial institutions, fintech, and crypto exchanges, and coordinating a global response to support customers who have become victims of financial cybercrime.
CYBERA WATCHLIST™ helps support firms to reduce fraud and money laundering and meet regulatory requirements as part of a holistic fraud and financial crime strategy.
Financial Institutions (FIs) can check against the CYBERA WATCHLIST™ for confirmed mule accounts when processing payments. For outbound & inbound payments, where there is a match on either IBAN (Account Number & Sort code) or on Name the transaction can be flagged as high risk.
At account opening and ongoing CDD, email, phone and name can be used to match to CYBERCRIME WATCHLIST™ to reduce opening new mule accounts.
CYBERA VSR™ further supports by providing users with alerts of any of their accounts reported as mules directly in their dashboard.
Unlike other data sources, CYBERA is a global solution, so is well placed to support the increasing levels of cross-border real-time payments.
