On 15 August 2023, the Payment Systems Regulator (PSR) published two consultations (CP23/6 and CP23/7) in relation to its new reimbursement requirements which aim to improve the level of protection for victims of authorised push payment (APP) fraud.
The consultations are centred around the reimbursement requirement claim excess, the maximum reimbursement limit and the required consumer standard of caution.
In our article back in September (available here), we discussed the PSR’s industry consultation on APP scams reimbursement and the proposed measures around mandatory reimbursement for victims in all but exceptional cases.
In June 2023, the PSR published its resulting policy statement (PS23/2) outlining the new APP fraud reimbursement requirement which will:
It also stated its final policy position in relation to three key components of the reimbursement obligation:
The PSR also stated that there would be two exceptions to the general reimbursement obligation: (a) where the consumer seeking reimbursement has acted fraudulently (first-party fraud); and (b) where the consumer has acted with gross negligence (the consumer standard of caution), albeit the consumer standard of caution would not apply to consumers who are identified as being vulnerable to a particular APP scam.
In line with its policy statement in June, the PSR is now consulting on the values of the claim excess and maximum reimbursement limit, as well as on the consumer standard of caution.
The requirement for reimbursement for victims of APP fraud will apply to all participants in Faster Payments, including indirect PSPs as well as PSPs connected indirectly through indirect access providers (IAPs). The PSR is also asking questions on the topic of a maximum reimbursement level for CHAPS on behalf of the Bank of England (in relation to its intention to create comparable protections for retail CHAPS payments), and therefore CP23/6 is also relevant to CHAPS participants that have retail customers.
The PSR is seeking views on the most appropriate way of structuring a claim excess. This includes whether an excess should be a fixed amount (similar to an insurance claim excess) or a percentage of the reimbursement claim amount.
The PSR has proposed that the maximum reimbursement level should be in line with the prevailing Financial Ombudsman Service limit of £415,000 per claim - which is what around 98% of APP fraud falls within. The regulator is also consulting on whether the maximum level will apply to vulnerable consumers.
In relation to the consumer standard of caution, the PSR’s high level proposal is that consumers should be expected to meet an express standard of care when executing APPs consisting of three core elements:
Both consultations close on 12 September 2023. The PSR aims to publish its final policy position on the excess and maximum reimbursement level, as well as on the consumer standard of caution by the end of 2023. The PSR will also publish its final guidance document on the consumer standard of caution by the end of the year.
The new reimbursement requirement will come into force in 2024.
Given the current rates of fraud, with 207,372 incidents of APP fraud reported in the UK in 2022 (CP23/6) and the ever-evolving tactics of fraudsters, the new rules on reimbursing victims are likely to have significant industry impact. Particularly since under the current model only ten financial institutions are currently signatories to the voluntary Contingent Reimbursement Model (CRM) Code which sets out certain standards for signatory PSPs and is designed to give people the confidence that, if they fall victim to an APP scam and have acted appropriately, they will be reimbursed.
The Financial Services and Markets Act 2023, which recently received Royal Assent, now allows the PSR to impose mandatory reimbursement requirements on PSP participants in Faster Payments.
During previous consultations, several respondents had raised concerns that the new reimbursement requirement could lead customers to exercise less caution when making payments, safe in the knowledge that they are more likely to be reimbursed. Given the breadth of PSPs caught by the PSRs new requirements, this is likely to be a particular concern for smaller market participants from both an operational and financial perspective. The PSR has accepted that this a valid risk which will need to be managed as the new requirements are rolled out, albeit it has noted that both PSPs and customers have a role to play in managing APP fraud risk.
It will be interesting to see how the reimbursement requirement takes shape following these current consultations.
If you would like to read Bird & Bird’s previous alerts, please check out our FinTech webpage here.