On 29 September 2022 the Payment Systems Regulator (PSR) published an industry consultation on Authorised Push Payment (APP) scams reimbursement, the proposed measures aim to improve the level of protection for victims of authorised push payment fraud by mandatory reimbursement for victims in all but exceptional cases.
This consultation follows recent effort by the PSR to gather industry feedback in 2021 through a call for views on Authorised push payment scams, and an initial consultation paper on Authorised push payment (APP) scams.
The UK government intends to legislate in the Financial Services and Markets Bill (Bill) to allow regulatory action to be taken by the PSR to require banks and other payment service providers to reimburse APP scam losses. The new Bill is currently in passage through the House of Commons.
The requirement for reimbursement for victims of APP fraud will apply to all participants in Faster Payments, including indirect Payment Service Providers (PSPs) as well as PSPs connected indirectly through indirect access providers (IAPs).
Authorised push payment has increased in recent years however reimbursement remains inconsistent across PSPs. Although some PSPs offer reimbursement, there is currently no regulatory requirement for it and as such little incentive to address customer protection in relation to fraudulent activity.
To date 10 PSPs have signed up to the voluntary Contingency Reimbursement Model (CRM Code). The code has been successful in reimbursement from 19% in the first half of 2019 to 41% by Code signatories in 2020.
The effect of the Financial Service and Markets bill places a standalone duty on the PSR to draft regulatory requirement for reimbursement in ‘qualifying cases’. The definition of a ‘qualifying case’ is provided by the Financial Services and Markets Bill s.62(2) ‘(a) the case relates to a payment order executed over the Faster Payments Scheme, and (b) the payment order was executed subsequent to fraud or dishonesty’.
The PSR are consulting on two initial regulatory requirements.
More specifically the consultation seeks views on reimbursement and shared liability between PSPs on the following:
To provide customers with appropriate incentives to exercise caution, the consultation provides for limited exceptions to mandatory reimbursement and aims to ensure that the requirements are proportionate.
Exceptions include scams where the consumer has been complicit to the fraud, or where they have acted with gross negligence. Gross negligence is already an exception to PSP liability for unauthorised frauds under section 77(3) of the Payment Service Regulations 2017.
Vulnerable customers will be exempt from the exception of gross negligence. The definition of a vulnerable customer follows the FCA definition; ‘A vulnerable customer is someone who, due to their personal circumstances, is especially susceptible to harm, particularly when a firm is not acting with appropriate levels of care'.
As the Payment System Operator, the PSR envision it would be sensible for PAY.UK to be responsible for a comprehensive set of scheme rules on the monitoring and enforcement of reimbursement by PSPs, at a minimum the PSR propose these include:
The PSR have highlighted that in the short term they will need to provide Pay.UK with support in undertaking the role of enforcement effectively, immediately after the requirements take effect. The new framework on mandatory reimbursement must provide delineation between the roles of PSR and PAY.UK on enforcement.
The PSR are therefore consulting on a short-term plan to support Pay.UK with enforcement arrangements and consider three main options:
The consultation will remain open until 25 November 2022. Following the deadline, the PSR will publish a policy statement on mandatory reimbursement early in the new year.
The PSR will publish draft regulatory requirements for consultation in-line with the expected statutory deadline of two months following the relevant legislative provisions coming into force.
The relevant provisions of the Finance and Markets Bill are expected to come into force around spring 2023. By then Pay.UK would be expected to begin the process of implementation for the new requirements on reimbursement.