Introduction:
In a significant move to combat the rising tide of Authorised Push Payment (APP) fraud, the Payment Services Regulator (PSR) unveiled its ground-breaking reimbursement policy last year. This Policy Statement aims to provide consistent and comprehensive reimbursement standards for victims of APP fraud within the faster payments system. Set to take effect on October 7, 2024, this policy signifies a major stride in protecting consumers from the financial ramifications of fraudulent activities.
Implementation Mechanisms:
The PSR, through its June policy paper, detailed the planned implementation of the reimbursement requirement. Following consultations, the final policy statement was published on December 19, 2023. The PSR opted for a combination of Faster Payment rules and explicit directions to various stakeholders to ensure the effective execution of the new reimbursement requirement.
Key Components of Reimbursement Rules:
Faster Payments Operator's Role:
The Faster Payments operator is mandated to incorporate the new reimbursement requirement into Faster Payments rules.
The operator is obligated to create reimbursement rules, including provisions such as:
Reimbursement of APP scam victims by sending Payment Service Providers (PSPs).
Timely notification by sending PSPs to receiving PSPs of an APP scam report.
Cost-sharing between sending and receiving PSPs.
Ability for the sending PSP to deduct a claim excess.
A maximum reimbursement level of £415,000 per claim.
A time limit of 13 months after the last authorized payment to make a claim.
PSPs Compliance and Timeline:
From October 7, 2024, all in-scope PSPs are mandated to comply with the reimbursement rules.
Indirect access providers must submit an annual list of all indirect PSPs to the PSR starting March 31, 2024.
Pay.UK Monitoring Responsibility:
Pay.UK is directed to develop and implement effective monitoring arrangements for PSPs' compliance with the reimbursement rules.
The monitoring should assess the nature, extent, and effectiveness of compliance, with reporting obligations to the PSR.
Consumer Standard of Caution:
The policy statement sheds light on the consumer standard of caution, particularly in cases of gross negligence. Four specific circumstances are outlined:
Interventions by Sending PSP or Competent Authority:
Consumers are required to consider interventions made by their sending PSP or competent national authority.
Prompt Reporting Requirement:
Consumers must promptly report an APP scam to their PSP upon learning or suspecting victimization.
Information Sharing:
Consumers are obligated to respond to reasonable information requests from their PSP.
Police Reporting Requirement:
Upon request, consumers must consent to their PSP reporting to the police or a competent national authority on their behalf.
Exemptions for Vulnerable Customers:
Vulnerable customers are exempt from the consumer standard of caution.
PSPs are required to assess vulnerability based on the FCA's guidance on the fair treatment of vulnerable customers.
Maximum Reimbursement Level and Excess:
Maximum Reimbursement:
A cap of £415,000 per claim is set for all in-scope consumers.
No exemption to the limit is introduced for vulnerable consumers to ensure consistency.
Claim Excess:
Sending PSPs can levy an excess of up to £100 per claim.
Vulnerable consumers are exempt from paying this excess if their vulnerability contributed to the fraud.
Industry Concerns:
Despite the comprehensive nature of the PSR's Policy Statement, industry stakeholders, such as UK Finance, have expressed concerns. These include:
Liability on PSPs:
Concerns that the policy places all liability on PSPs, overlooking other firms whose platforms may be used by fraudsters.
Consumer Standard of Caution:
Criticisms that the standard of caution is too low and may not encourage improved consumer behaviours.
Vulnerability Assessment:
Lack of detailed guidance on the assessment of consumer vulnerability, leading to potential inconsistency in outcomes.
Conclusion:
As the October 2024 implementation date approaches, the effectiveness of the PSR's reimbursement policy in curbing APP fraud in the UK remains to be seen. While the policy addresses many concerns, industry stakeholders must work to align their policies, systems, and processes with Pay.UK's compliance monitoring regime to ensure a seamless transition. The evolving landscape of financial technology and cyber threats will require ongoing vigilance and adaptation to safeguard consumers from the ever-present risk of fraudulent activities.
Comments