On 7th October 2024, the Financial Conduct Authority (FCA) issued a Dear CEO letter outlining its expectations for tackling Authorised Push Payment (APP) fraud. This move forms part of the FCA’s broader strategy to combat fraud and money laundering, prioritising robust systems and controls for preventing APP scams.

With the rise of APP fraud in the UK, which has led to substantial financial losses for consumers, the FCA’s latest measures are designed to enhance consumer protection and hold Payment Service Providers (PSPs) accountable. The new requirements demand more rigorous fraud detection and reimbursement protocols, linking them directly to the principles outlined in the Consumer Duty.

Strengthening Fraud Prevention: Reimbursement Obligations

At the core of the new guidelines is the expectation that PSPs must reimburse customers who are victims of APP fraud through the Faster Payments System (FPS) or CHAPs, except in cases where customers were complicit or acted with gross negligence. Both the sending and receiving firms will share the responsibility for reimbursement equally. This co-sharing model incentivises firms on both sides of the transaction to improve their fraud detection systems.

To support the detection and prevention of fraud, firms are urged to enhance their onboarding procedures and ongoing transaction monitoring processes. The PSR and FCA have made it clear that PSPs should regularly assess their systems and controls to ensure they are fit for purpose in preventing fraudulent transactions.

These measures were introduced as part of the following Payment Systems Regulator (PSR) policy statements and decisions:

  • PS23/4: Fighting Authorised Push Payment Scams: Final Decision (PSR)
  • PS24/5: CHAPS APP Scam Reimbursement Requirement (PSR)
  • Specific Decision 21 (SD21) provides additional clarity for CHAPS transactions (PSR).

Consumer Duty and Firm Accountability

The Consumer Duty plays a critical role in shaping the FCA’s expectations on APP fraud. Firms must take proactive steps to ensure they do not cause foreseeable customer harm. If a scam occurs due to weaknesses in a firm’s processes, the firm must act in good faith, address the harm, and fully engage with complaints.

This is not just a matter of protecting customers after the fact; the FCA expects firms to have robust systems and controls to prevent fraud in the first instance. This includes ensuring that customers are adequately informed about the risks of fraud and how to avoid falling victim to scams.

New Legislation: Delaying Transactions to Combat Fraud

The FCA’s strategy includes a Statutory Instrument amending the Payment Services Regulations 2017. This legislative change allows PSPs to delay a payment transaction by up to four business days if there are reasonable grounds to suspect fraud. This legislative change aims to give firms additional time to investigate potentially fraudulent transactions before processing.

The FCA acknowledges that these delays might cause friction for customers who expect faster payments, but they are considered necessary to ensure legitimate transactions are protected. Firms are encouraged to carefully balance fraud prevention with maintaining customer confidence in the payment system’s efficiency.

To assist firms in managing these delays effectively, the FCA has issued Guidance Consultation GC24/5. This document outlines how PSPs can implement these changes while minimising disruptions to legitimate payments. The final guidance and associated policy statement are expected by the end of 2024.

Best Practices for Fraud Prevention

In its Dear CEO Letter, the FCA also emphasises the following best practices for fraud prevention that PSPs should adopt:

  1. Governance and Controls: Ensure effective governance arrangements and robust systems are in place to detect, manage, and prevent fraud.
  2. Regular Review of Systems: Firms must periodically review their fraud prevention systems and controls to ensure they remain effective and capable of responding to evolving threats.
  3. Customer Due Diligence: Effective due diligence is critical at onboarding and periodically thereafter to prevent accounts from being used for fraudulent purposes.
  4. Capital and Liquidity Planning: Firms should plan for potential reimbursement liabilities from a capital and liquidity perspective to cover losses.
  5. Alternative Dispute Resolution: Firms must inform customers about alternative dispute resolution procedures, including access to the Financial Ombudsman Service.

Intra-Firm Transactions and APP Fraud

The FCA has highlighted potential issues surrounding ‘on us’ APP fraud reimbursement, which occurs when both the sending and receiving accounts are held within the same firm or group. In these cases, fraud reimbursements might not pass through the FPS or CHAPs system, so they fall outside the scope of the new policies.

The FCA is concerned that consumers may receive lower levels of protection for these intra-firm payments, which could lead to poor customer outcomes in breach of the Consumer Duty. Firms intending to offer less protection for these transactions must inform the FCA and explain how they mitigate the risk of poor outcomes.

Monitoring and Compliance: What’s Next?

The FCA will closely monitor their progress as firms implement the new measures outlined in the Dear CEO letter. This will include assessing how firms manage the friction caused by payment delays and the effectiveness of their fraud prevention systems.

The FCA’s final guidance, due later in 2024, will provide further clarity on implementing these measures. PSPs must remain diligent in updating their systems, aligning with the Consumer Duty, and ensuring customers are protected from the growing threat of APP fraud.

Need Help Navigating APP Fraud Regulations?

At CG Regulatory Solutions, we understand the complexities of complying with payment services regulations. Whether you need assistance reviewing your systems and controls, managing risk assessments, or aligning with the Consumer Duty, we are here to help.

Our team of experts offers tailored advisory services to ensure your firm meets all regulatory requirements while effectively mitigating fraud risk. Contact us today for professional guidance and support in navigating these changes.

Key Resources and References

For further information on the topics covered in this article, please refer to the following resources: