On the 7 October, 2024 the Payment Systems Regulator (the ‘PSR’) landmark reform to tackle authorised push payment (‘APP’) fraud came into force. 

Whilst some of the uncertainty surrounding scope of application of the measures has begun to settle, many will now be questioning what role the FOS will play in relation to related customer complaints and whether they may, despite the reduced cap on compensation under the PSR’s measures, nonetheless be required to pay compensation of up to £430,000 in connection with APP fraud suffered by consumers. Meanwhile, the FCA’s dear CEO letters of 7 October have added to the growing list of regulatory expectations surrounding APP fraud with which firms need to comply. 

Key points: APP fraud, the FOS and the Consumer Duty

• The maximum compensation capable of being awarded by the FOS is significantly higher than the maximum compensation under the new APP fraud mandatory reimbursement requirement – meaning that in some circumstances, firms may be required to compensate up to £430,000 rather than £85,000 despite the PSR’s change in policy to reduce the limit for mandatory compensation.
• Firms must ensure that they are clearly signposting the availability of the FOS to customers – this is required by the PSRs, but firms must also comply with the Consumer Duty and so tailoring this content to customer cohorts is key; as is testing to ensure that the information is understood and is effectively enabling customers to act on it.
• Whilst many firms will have raced to the finish line to implement the systems changes associated with mandatory reimbursement, the FCA has also laid out its expectations relating to broader systems and controls, which are likely to require continued effort across much of the sector. Whilst mandatory reimbursement is a major step change in consumer rights, the FCA remains focused on firms preventing it in the first place. In its recent dear CEO letters, the FCA has explicitly called out the likelihood that some firms may even need to consider redress to customers where inadequate systems or poor controls, such as poorly designed or implemented warnings around scams, have played a role in consumers falling victim to APP fraud in the first place.

In more detail

The mandatory reimbursement requirement provides consumers with significant new rights to reimbursement in connection with certain losses relating to APP fraud in connection with payments made through Faster Payments or CHAPS. The scope and impact of the measures to achieve the reimbursement requirement – which take effect through Specific Directions 19 and 20 issued by the PSR – have been amongst the hotly debated reforms in the sector over recent years. Partly in recognition of concern from affected PSPs, and following further interrogation of 2023 data relating to APP fraud, the PSR reduced the maximum compensation limit under the rules from £430,000 (aligned to the present maximum compensation capable of being awarded by the FOS) as originally consulted upon, to £85,000 (which reflects the statutory maximum deposit protection afforded to consumers by the FSCS).

The effect of the new mechanism is that, subject to the consumer standard of caution exception, when a consumer who has made one or more FPS APP scam payments reports a reimbursable FPS APP scam payment to their sending PSP, the sending PSP must reimburse the consumer in full. Subject to any ‘stop-the-clock’ provisions being engaged, the sending PSP must generally reimburse consumers within five working days of the consumer making this report; and although reimbursement responsibility lies with the sending PSP, liability is shared between sending and receiving PSPs.

Although the cap on compensation under these measures has been reduced to £85,000, the PSR has clearly signposted to consumers that where they are dissatisfied with the way in which their PSP has behaved, they have the ability to complain to the firm, and to have this complaint referred to the FOS. Importantly, despite this reduction in the limit, there has been renewed concern that the higher compensation limit of the FOS – currently set at £430,000 – might be a ‘back door’ to a higher reimbursement limit with which firms will need to comply. The PSR has been clear that the revised, lower limit is expected to cover the great number of instances of APP fraud; but it has also signalled that the FOS has a wide remit, and that it will look at the individual facts and circumstances of each case. 

It is fair to say that, whilst measures such as confirmation of payee have played an important role in combatting APP fraud in recent years it remains one of the prevalent examples of financial crime across retail banking and payments. Consequently, whilst at one level, the possibility of firms facing sizeable compensation liabilities arising from FOS decisions is not new; the introduction of mandatory reimbursement adds a new dimension. It is possible, for example, that the FOS may take its own particular interpretation of the consumer standard of caution exception; and may also look to the wider circumstances of a customer’s experience when assessing complaints relating to losses exceeding £85,000.

For its part, the FCA very clearly sees the PSR’s mandatory reimbursement measures as only one part of the picture relating to firms responsibilities to manage and mitigate payment fraud risk in their businesses. The Consumer Duty is front and centre of the FCA’s approach to setting the standards for firms in this area, as in most other areas of retail business. Under the Duty, firms must avoid causing foreseeable harm. The FCA sees a consumer becoming victim to APP fraud as an example of foreseeable harm, where this arises due to inadequate systems and controls to detect and prevent scams; or where there are inadequate processes to design, test, tailor and monitor the effectiveness of scam warning messages. Firms are reminded of their obligations to put things right – at pace – where foreseeable harm is identified, and this may well include redress where it is appropriate. There is much packed into these relatively short letters from the FCA. 

Key points

All in all, whilst mandatory reimbursement is a major reform, APP fraud is likely to remain a regulatory hot topic for some time to come.