Chris Hemsley: Speech on fighting authorised push payment fraud: a new reimbursement requirement - 7 June 2023

This is the text of the policy launch introduction as drafted and may differ from the delivered version. This introduction was delivered by Chris Hemsley, on 7 June at an APP fraud policy launch event.

Good morning everyone and thanks for joining us here today. We’re joined by Anthony Browne, MP – the Government’s anti-fraud champion. With me, I also have Kate Fitzgerald, Head of Policy, and the team who’ve been leading on our APP scams work.

Today, we’ve published our final position on tackling APP scams. It sets out a path to reducing the impact of this type of fraud. Reducing the impact on customers. But, by prompting a step change in prevention, ultimately reducing the cost to all parties.

It’s the culmination of considerable work, building on the voluntary measures implemented by industry, and careful assessment of the requirements that will come into force after the Financial Services and Markets Bill received Royal Assent.

We’ve invited you to join us this morning because these requirements will impact everyone, not just in this room, but across the payments ecosystem and the people who put their faith in the UK’s payment systems.

We know that APP fraud has quickly become one of the most significant types of fraud, not just in the UK, but globally. And with criminals pushing the boundaries even further in the techniques they use to scam money out of victims, we must make bold choices. That means driving change in the culture of payments to improve fraud prevention and focus all firms on protecting consumers and businesses.

The steps we’ve announced today are a world first. They come following considerable consultation and input through workshops and ongoing discussions with industry, consumer groups, parliamentarians and others.

And from these steps, we will see a significant shift both now and in future:

• The payments industry going further to invest in end-to-end fraud prevention by requiring all payment firms to protect their customers.
• Increased consumer protections so most victims of APP fraud are reimbursed swiftly.
• Flexibility built into the approach, so that we can learn and adapt. In particular, we have set out our long-term ambition for Pay.UK to take on a broader role and actively improve the rules governing Faster Payments to tackle fraud.

Importantly, this will all be backed by directions and guidance from the PSR. We will be using our formal powers to support the implementation and to secure compliance with the new rules.

You’ll know, these measures complement those we have already implemented – the increased transparency with the balanced scorecard of APP fraud data, our ongoing drive to promote intelligence sharing, and the expanded roll-out of Confirmation of Payee.

Our action is already prompting positive change in the industry. It’s evident from many payment firms improving their controls and sharing more data. These initiatives must continue. But we also want to see new, innovative approaches to prevent fraud being developed. We know that fraudsters will never stop changing their tactics and it is incumbent on all of us to never stand still in the fight to tackle fraud.

So, let me talk in a bit more detail about some of the decisions we have set out today:

• There will be new rules in Faster Payments that introduce consistent minimum standards to reimburse victims of APP fraud – bringing all payment firms into the arrangements, not just those willing to participate in the voluntary code.
• Introducing incentives on the receiving end of transactions for the first time, by sharing reimbursement costs 50:50 between the sending and receiving payment firms.
• Improving how customers should be protected by:
  • Simplifying the rules, moving away from today’s approach where the protection offered varies across firms
  • Introducing a clear deadline, so that most customers who fall victim to APP fraud will be reimbursed within five business days.
  • Offering additional protections for the vulnerable.
• Setting out clearer rules for industry, including:
  • The ability to apply a claim excess. We have simplified our proposals here, removing the minimum threshold. We will consult on the appropriate level of a simpler excess arrangement later this year.
  • A maximum threshold for claims under these rules – again, we will consult on what this maximum level will be. The FOS limit for claims and the FSCS limits both offer potential options here.
  • Introducing a time limit to claim, so that claims submitted more than 13 months after the final fraudulent payment can be excluded at the decision of the sending PSP.

This is a major shift from where we are today. But we need a major shift in approach to tackle this fraud and prompt action right across the payments sector.

These requirements will come into force in 2024 and after the Financial Services and Markets Bill receives Royal Assent. In July, we will consult on a specific start date, along with the draft legal instruments. We’re expecting that consultation to happen in quarter 3 of 2023 with a view to implementing those requirements in 2024. With our position now published, we expect industry, if they haven’t done so already, to start work now to implement the new reimbursement requirement.

These requirements won’t come as a surprise to any of you – it’s rightly been the subject of important discussion for some time. With the right levers in place, we can now build on the improvements already seen, but make sure everyone who makes a payment using FPS has a minimum level of protection and can have trust in the systems.

These requirements are also not the end point. I have spoken with a number of you about how we need to build from here. The rules will need to adapt. And as we have better information and new ways to prevent fraud, we will need Pay.UK to update the rules.

We, at the PSR, will also continue to look for further opportunities to tackle this problem. A good example here is our support for greater transparency over where APP fraud originates, such as in social media or telecommunication firms. This data should be collected, and I see strong arguments for publishing it.

Reflecting this, over the coming months, we will engage with relevant stakeholders, including industry, government, regulators, and consumer organisations to consider the policy options and the channels available to us to collect this data and how we might best utilise it.

We all need to work collaboratively to tackle this problem and not just within the payments industry. Greater transparency can play an important role in supporting this.

We will, of course, also continue our work with HM Treasury, the FCA, the Home Office, Police, and Ofcom.

With this in mind, the government’s recent fraud strategy is a welcome step to focus further work and support collaboration between all parties.

Which is why I am very pleased that before we hear from Kate Fitzgerald, I can hand over to Anthony Browne, MP – the Government’s Anti-Fraud Champion, to say a few words.