On 7th October 2024, the Payment Services Regulator (PSR) will implement new rules on refunds for Authorised Push Payment (APP) scams, aiming to enhance consumer protection while imposing new responsibilities on UK banks and financial institutions. These regulations include an £85,000 reimbursement cap and the mandatory adoption of the Reimbursement Claims Management System (RCMS) to ensure compliance and effective claim management.
The PSR’s new rules apply to UK-based banks and payment service providers (PSPs) handling transactions for UK customer accounts. Key points include:
Stronger Fraud Detection and Prevention Measures
PSPs must implement stronger fraud detection and prevention systems to handle the new shared reimbursement responsibility. A robust fraud management system and effective controls are essential, particularly for supporting vulnerable customers. Due diligence will be crucial in assessing claims, especially in cases where gross negligence could exempt the bank from reimbursement. Additionally, weak Know Your Customer (KYC) processes could expose institutions to further scrutiny.
Challenges for FinTechs and Smaller Firms
Smaller firms and FinTech companies may struggle to comply with the new rules, as they often lack the robust fraud prevention systems needed to meet the five-day reimbursement deadline and manage the 50/50 liability split. Significant investment in systems and fraud teams may be required to align with the new regulations.
Operational Adjustments
To meet the five-day reimbursement deadline, banks will need to upgrade their internal processes and technology, especially in fraud investigation units. Staff must be well-trained to efficiently manage claims, particularly when the "stop the clock" provision extends the process for evidence collection.
Increased Financial Liability
The new £85,000 reimbursement threshold and shared responsibility for reimbursements will increase financial strain on banks, particularly those handling a high volume of claims. The 50/50 cost-sharing model introduces a new financial risk, and failure to comply could lead to regulatory fines or reputational damage.
Enhanced Risk Management and Fraud Prevention
With a higher volume of APP scam claims expected, banks must enhance their fraud prevention and risk management strategies. Improving fraud detection tools and frameworks will be critical to limit liability under the new rules.
PSPs participating in the Faster Payments System (FPS) must register with the new Mandatory Reimbursement Regime. This covers claims made by consumers, including individuals, microenterprises, and charities, within 13 months of an APP fraud incident. PSPs must update FPS scam records and notify consumers of their rights by 7 October 2024, with amended terms and conditions due by 9 April 2025. PSPs involved in the CHAPS system will also face similar reimbursement obligations under a comparable model.
In-scope PSPs must submit their first report to Pay.UK by 6 January 2025, detailing APP scam claims, including assessments, reimbursements, closures within five business days, and cases involving vulnerable customers. The data collected will inform public reports from the PSR, which PSPs must publish within 28 working days.
The PSR’s Policy Statement 24/5 extends reimbursement requirements to CHAPS participants, aligning with FPS rules. From 7 October 2024, PSPs in the CHAPS system must adhere to these reimbursement obligations, with regulations governed by the PSR's Specific Direction 21.
In conclusion, the introduction of the Policy Statement marks a pivotal moment for financial institutions, requiring a proactive approach to fraud prevention and compliance with the Payment Services Regulator’s new rules. At Projective Group, we specialize in helping firms navigate these challenges through our Financial Crime and Fraud Prevention solutions.
Projective Group’s fraud risk solution includes risk advisory services to design compliance frameworks and perform in-depth risk assessments, and our implementation services support firms in designing and automating Target Operating Models (TOMs), digitizing financial crime operations, and helping identify the best technology solutions through our RFP-as-a-Service. We also provide scalable execution solutions for remediation and operational needs, supported by our Financial Crime Training Academy and AI solutions.
With our expertise and accelerators, we can help your firm stay compliant, mitigate risks, and safeguard against the evolving landscape of financial crime, ensuring a future-ready response to the growing threat of APP fraud.