Head of Banking & Lender Disputes | Dispute Resolution | Banking & Finance
This website will offer limited functionality in this browser. We only support the recent versions of major browsers like Chrome, Firefox, Safari, and Edge.
The Payment Services Regulator (PSR) announced last year the introduction of a new reimbursement requirement for Authorised Push Payment (APP) fraud.
The new requirement, which is due to come into force on 7 October 2024, will introduce consistent minimum standards to reimburse victims of APP fraud within the faster payments system, providing significantly wider coverage in comparison to the Contingent Reimbursement Model Code. See our previous article for further consideration of the impact of the new reimbursement requirement.
In its June policy paper the PSR noted its intention to implement the new reimbursement requirement through a combination of Faster Payment rules and PSR directions. The PSR has now completed its consultations on the three proposed legal instruments to be used to implement the new requirement, and on 19 December 2023 published its final policy statement (the Policy Statement).
The Policy Statement confirms, amongst other things, that the following legal instruments will be used to implement the new reimbursement requirement:
It is incumbent on to create the reimbursement rules, though they are required to ensure that these include the following:
From 7 October 2024, all in-scope PSPs will be required to comply with the reimbursement rules, including the reimbursement requirement. From 31 March 2024, all indirect access providers will also be required to send the PSR an annual list of all indirect PSPs to whom they supply Faster Payments.
This direction includes a requirement on to:
The Policy Statement also gives further guidance on the consumer standard of caution (gross negligence). Where a consumer has themselves acted fraudulently, or where a consumer has acted with gross negligence, there will be no requirement on a PSP to reimburse funds.
The Policy Statement narrows the consideration of gross negligence to four specific circumstances, consisting of the following:
The consumer standard of caution will not apply to vulnerable customers. PSPs will be required to assess consumer vulnerability on a case-by-case basis in line with the FCA's Guidance for firms on the fair treatment of vulnerable customers, to understand whether the consumer's vulnerability led to them being defrauded. The FCA defines a vulnerable customer as someone who, due to their circumstances, is especially susceptible to harm, particularly when a firm is not acting with appropriate levels of care.
The PSR has announced a maximum reimbursement level of £415,000 per claim, applicable to all in-scope consumers. This limit is said to cover the majority of APP fraud cases and be sufficient to incentivise PSPs to implement effective anti-fraud measures. So whilst PSP's may reimburse amounts above this limit if they wish, there is no requirement on them to do so.
No exemption to the limit is being introduced for vulnerable consumers. The PSR states that this is so as to ensure levels of consistency, and so as to avoid vulnerable consumers being targeted specifically by fraudsters as a result of falling within an exemption.
The Policy Statement confirms that sending PSP's will be allowed to levy an excess of up to £100 per claim, though vulnerable consumers will be exempt from paying this excess (provided that the consumer's vulnerability was a contributing factor which led to them being defrauded). The PSR states that setting an excess of £100 is an effective way to encourage consumer caution.
Whilst the PSR's Policy Statement provides long awaited guidance to PSPs on how the new reimbursement requirement and applicable rules will operate in practice, there are likely to remain a number of concerns amongst PSPs and industry bodies which aren't tackled by the finalised directions.
UK Finance, for example, has previously expressed concern that the new requirement places all liability (and responsibility) for APP scams on PSPs, ignoring other firms whose platforms may be used by fraudsters. In this regard, whilst a requirement for PSPs to share the cost of reimbursing APP scam victims has been generally supported, such a requirement does not take into account circumstances in which the funds are received by a cryptocurrency platform, for example.
There are also concerns that the consumer standard of caution is too low and does not encourage improved consumer behaviours. Whilst the PSR states that the introduction of the excess payment is an effective way to ensure consumer caution, under the finalised directions PSPs can choose to not apply this excess. Further, the standard of caution does not include an obligation on consumers to be honest with their banks (for example, when asked to lie to their bank by a fraudster), adding to concerns that the introduction of the new reimbursement requirement will lead to an increase in first party fraud.
Additionally, it is noted that the Policy Statement does not provide any significant further guidance around the assessment of consumer vulnerability. Currently, PSPs will be required to assess consumer vulnerability on a case-by-case basis in line with the FCA's own definition (as set out above). This however is very broad, giving rise to concern that the rules will lead to inconsistent outcomes for consumers.
Only time will tell whether the new reimbursement requirement is effective in tackling the unacceptable levels of APP fraud in the UK. Whilst there are likely to remain some concerns amongst industry regarding the operation of the new requirement, in-scope PSPs must nevertheless begin to take steps so as to ensure that they are prepared for its introduction come October 2024. PSPs should also ensure that any policies, systems and processes which are put in place align with Pay.UK's compliance monitoring regime, which is due to be published by 7 June 2024.
If you would like to discuss the issues discussed in this article, or the consequences of the introduction of the new mandatory reimbursement requirement, in more detail please contact a member of our Fraud team.