June 12 • 2023

UK’s PSR – New Reimbursement Model update

Cybercrime is low risk, low investment, and high return. Not surprisingly, illegal financial gain is one of the biggest reasons for cyber-attacks. The result is a predicted USD 10 Trillion of damages by 2025. Our vision is to change that.

Written by Rob Tharle, Head of Product

I’ve written extensively on the UK’s evolving regulatory landscape relation to authorised push payment (APP) fraud and scams covering the FCAs Consumer Duty of Care regs, the Lending Standards Board (LSB) changes to the Contingent Reimbursement Model (CRM) and the Payment Services Regulators (PSR) September consultation. Following writing about the PSRs consultation back in November, this week we’ve seen the results. The response is very comprehensive and as well as the changes to the reimbursement model, also covers elements including the Governments wider fraud strategy and recognising the need for policy responses outside the FI arena.  

What are the key points? 

What are the key changes from the consultation? 

It was proposed to have both a £100 minimum limit to allow a claim and for an excess of £35 to be applied. The minimum amount has been removed and the value of the excess is to be determined following further consultation. This makes a lot of sense for operational and fairness grounds. 

However, a new maximum limit will also come into effect, again with the value to be determined following further consultation. This may impact on a small number of larger value cases. 

48 hours was the proposed time to refund, but this has been extended to 5 working days to allow for proper operational processes to be undertaken. A new ‘Stop the Clock’ ruleset has also been introduced for certain situations: 

This may see some cases take longer than 5 days. 

The scope has also been more clearly defined. PIS open banking payments are in scope. A PISP will only have liability if the hold the funds at any time. Agent only processing will not confer lability. CHAPs is not covered as the PSR cannot regulated it, however the Bank of England will provide Comparable cover. Similarly, ‘On Us’ those where the same PSP has both sides of the transaction will not be covered but the FCA will look to ensure equivalence. 

When will PSP’s not be liable? 

There has also been additional clarity on exceptions reimbursement and rules for liability. A summary of these exclusions, which seems much longer now, are: 

What does this mean for financial institutions? 

As expected, there will be an increase in liability for financial institutions (FIs) and some more than others. This provides the incentive to invest in additional prevention & detection capabilities. Some will also need to invest in greater operational capabilities to manage the workload. 

These investments should cover the following areas: 

These will help reduce the level of frauds, increase recoveries and reduce liability for PSPs. 

What might be contentious areas? 

As ever as the details become clearer, there are some areas that could cause contention. 

Will some Advance Fee Frauds, for example helping ex dictators move their funds be classed as payments for unlawful purposes and be out of scope? Where is the line between a purchase scam and a dispute? Most will be clear cut, but there will be some grey areas seeing some refunded and some not. Customers of larger frauds, including some investment frauds, will not be made whole either. 

Multi-stage frauds and frauds involving Crypto will be hot topics. Two examples can illustrate this: 

It is likely we will see much discussion about how the Stop the Clock rules work in practice. Are they being used as a delay and of course what is reasonable evidence to support the claim. And the biggest will likely be how the Gross Negligence and proposed Customer Standard of Caution guidance will work.  

This is the most significant piece of regulation globally in combating authorised fraud and scams. The impacts on FIs will be significant in terms of liability and the cost of investments required to meet these challenges and keep liability down. This will be particularly hard on those firms that have been net recipients of fraudulent transfers, but this should incentivise to improve their controls frameworks.   

It will be interesting to see where the excess and max refund limit values get set over coming months and how it works in practice next year. 

Overall, this a positive step forward that should help reduce APP frauds in the UK over the medium term. Other regulators around the world will be watching closely how this plays out. Its is  likely to see further movement in policy responses globally, just like the recent Australian announcements. 

  1 It will apply to retail consumers, micro enterprises of less than 10 people and EUR2M turnover or balance sheet and charities with income under £1m. 


At CYBERA we’re on a mission to stop money laundering and help protect customers from scams and other financial cybercrime. We close gaps that allow cyber criminals to thrive by sharing crime data in real-time with financial institutions, fintech, and crypto exchanges, and coordinating a global response to support customers who have become victims of financial cybercrime.   

CYBERCRIME WATCHLIST™ helps support firms to reduce fraud and money laundering and meet the requirements of the CRM as part of a holistic fraud and financial crime strategy.  

CYBERCRIME VSR™ lets victims report fraud and scams to increase chances of recovery.