This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Norton Rose Fulbright logo
  • Global
  • About
    • Back
    • About
    • Our firm
      • Back
      • Our firm
      • Clients
      • Global coverage
      • Vision, culture and people
      • Governance structure
      • Risk management
      • NRF Transform
      • Alumni
    • Diversity, Equity & Inclusion
      • Back
      • Diversity, Equity & Inclusion
      • Our people
      • Recognition
      • Governance
    • Corporate responsibility
      • Back
      • Corporate responsibility
      • Pro bono
      • Volunteering
      • Fundraising
      • Sustainable practice
      • Global charitable initiatives
    • Photo montage
      RE:

      Read our magazine
  • People
  • Services
    • Back
    • Services
    • Services A-Z
    • Key industries
      • Back
      • Key industries
      • Consumer markets
      • Energy, infrastructure and resources
      • Financial institutions
      • Life sciences and healthcare
      • Technology
      • Transport
    • Practices
      • Back
      • Practices
      • Antitrust and competition
      • Banking and finance
      • Bankruptcy, financial restructuring and insolvency
      • Climate change and sustainability
      • Consulting
      • Corporate, M&A and securities
      • Employment and labor
      • Energy
      • Environmental, social and governance (ESG)
      • Financial services and regulation
      • Information governance, privacy and cybersecurity
      • Intellectual property
      • Litigation and disputes
      • Private equity and venture capital
      • Projects
      • Real estate
      • Regulation and investigations
      • Risk advisory
      • Tax
      • Banking and finance
      • Climate change and sustainability
      • Corporate, M&A and securities
      • Energy
      • Financial services and regulation
      • Intellectual property
      • Private equity and venture capital
      • Real estate
      • Risk advisory
    • NRF Transform
    • Transform image

      Find out more
  • Insights
    • Back
    • Insights
    • NRF InstituteProfessional developmentResources and tools
    • PublicationsBlogsVideos
    • EventsWebinarsPodcasts
    • colorful light particles
      Sustainability and ESG

      Visit the hub
  • News
    • Back
    • News
    • Press releases
    • Market recognitions
    • Media information
  • Locations
  • Careers
    • Back
    • Careers
    • Graduates and students
    • Search current vacancies
      • Back
      • Search current vacancies
  • Change
  • Global
    • Back
    • global site
    • North America
      • Canada (English)
      • Canada (Français)
      • United States
    • Latin America
      • Latin America
      • Brazil
      • Mexico
    • Europe
      • Belgium
      • Deutschland (Deutsch)
      • France
      • Germany (English)
      • Greece
      • Italy
      • Luxembourg
      • Poland
      • The Netherlands
      • Turkey
      • United Kingdom
    • Middle East
    • Africa
      • Africa
      • Burundi
      • Kenya
      • Morocco
      • South Africa
      • Uganda
      • Zimbabwe
    • Asia Pacific
      • Australia
      • China
      • Hong Kong SAR
      • Indonesia
      • Japan
      • Singapore
      • Thailand
    • Regional practices
      • India
      • Israel
      • Korea
      • Marshall Islands
      • Nordic region
      • Pakistan
      • Vietnam
Lake in the forest

Connections

Insights, perspectives and viewpoints from our lawyers on topical issues

All Posts Subscribe
print-logo
10/16/2024 11:38:40 AM | 4 minute read

APP fraud: Mandatory reimbursement measures are not the end of the story…

9

Get in touch

Avatar
Matthew Gregory
Partner

Get in touch

Avatar
Matthew Gregory
Partner
9

On the 7 October, 2024 the Payment Systems Regulator (the ‘PSR’) landmark reform to tackle authorised push payment (‘APP’) fraud came into force. 

Whilst some of the uncertainty surrounding scope of application of the measures has begun to settle, many will now be questioning what role the FOS will play in relation to related customer complaints and whether they may, despite the reduced cap on compensation under the PSR’s measures, nonetheless be required to pay compensation of up to £430,000 in connection with APP fraud suffered by consumers. Meanwhile, the FCA’s dear CEO letters of 7 October have added to the growing list of regulatory expectations surrounding APP fraud with which firms need to comply. 

 

Key points: APP fraud, the FOS and the Consumer Duty

  • The maximum compensation capable of being awarded by the FOS is significantly higher than the maximum compensation under the new APP fraud mandatory reimbursement requirement – meaning that in some circumstances, firms may be required to compensate up to £430,000 rather than £85,000 despite the PSR’s change in policy to reduce the limit for mandatory compensation.
  • Firms must ensure that they are clearly signposting the availability of the FOS to customers – this is required by the PSRs, but firms must also comply with the Consumer Duty and so tailoring this content to customer cohorts is key; as is testing to ensure that the information is understood and is effectively enabling customers to act on it.
  • Whilst many firms will have raced to the finish line to implement the systems changes associated with mandatory reimbursement, the FCA has also laid out its expectations relating to broader systems and controls, which are likely to require continued effort across much of the sector. Whilst mandatory reimbursement is a major step change in consumer rights, the FCA remains focused on firms preventing it in the first place. In its recent dear CEO letters, the FCA has explicitly called out the likelihood that some firms may even need to consider redress to customers where inadequate systems or poor controls, such as poorly designed or implemented warnings around scams, have played a role in consumers falling victim to APP fraud in the first place.

 

In more detail

The mandatory reimbursement requirement provides consumers with significant new rights to reimbursement in connection with certain losses relating to APP fraud in connection with payments made through Faster Payments or CHAPS. The scope and impact of the measures to achieve the reimbursement requirement – which take effect through Specific Directions 19 and 20 issued by the PSR – have been amongst the hotly debated reforms in the sector over recent years. Partly in recognition of concern from affected PSPs, and following further interrogation of 2023 data relating to APP fraud, the PSR reduced the maximum compensation limit under the rules from £430,000 (aligned to the present maximum compensation capable of being awarded by the FOS) as originally consulted upon, to £85,000 (which reflects the statutory maximum deposit protection afforded to consumers by the FSCS).

The effect of the new mechanism is that, subject to the consumer standard of caution exception, when a consumer who has made one or more FPS APP scam payments reports a reimbursable FPS APP scam payment to their sending PSP, the sending PSP must reimburse the consumer in full. Subject to any ‘stop-the-clock’ provisions being engaged, the sending PSP must generally reimburse consumers within five working days of the consumer making this report; and although reimbursement responsibility lies with the sending PSP, liability is shared between sending and receiving PSPs.

Although the cap on compensation under these measures has been reduced to £85,000, the PSR has clearly signposted to consumers that where they are dissatisfied with the way in which their PSP has behaved, they have the ability to complain to the firm, and to have this complaint referred to the FOS. Importantly, despite this reduction in the limit, there has been renewed concern that the higher compensation limit of the FOS – currently set at £430,000 – might be a ‘back door’ to a higher reimbursement limit with which firms will need to comply. The PSR has been clear that the revised, lower limit is expected to cover the great number of instances of APP fraud; but it has also signalled that the FOS has a wide remit, and that it will look at the individual facts and circumstances of each case. 

It is fair to say that, whilst measures such as confirmation of payee have played an important role in combatting APP fraud in recent years it remains one of the prevalent examples of financial crime across retail banking and payments. Consequently, whilst at one level, the possibility of firms facing sizeable compensation liabilities arising from FOS decisions is not new; the introduction of mandatory reimbursement adds a new dimension. It is possible, for example, that the FOS may take its own particular interpretation of the consumer standard of caution exception; and may also look to the wider circumstances of a customer’s experience when assessing complaints relating to losses exceeding £85,000.

For its part, the FCA very clearly sees the PSR’s mandatory reimbursement measures as only one part of the picture relating to firms responsibilities to manage and mitigate payment fraud risk in their businesses. The Consumer Duty is front and centre of the FCA’s approach to setting the standards for firms in this area, as in most other areas of retail business. Under the Duty, firms must avoid causing foreseeable harm. The FCA sees a consumer becoming victim to APP fraud as an example of foreseeable harm, where this arises due to inadequate systems and controls to detect and prevent scams; or where there are inadequate processes to design, test, tailor and monitor the effectiveness of scam warning messages. Firms are reminded of their obligations to put things right – at pace – where foreseeable harm is identified, and this may well include redress where it is appropriate. There is much packed into these relatively short letters from the FCA. 

 

Key points

All in all, whilst mandatory reimbursement is a major reform, APP fraud is likely to remain a regulatory hot topic for some time to come. 

featured image

Subscribe to our Connections insights Sign-up now

Tags

payments, financial institutions, financial service regulation, consumer duty

Get in touch

Avatar
Matthew Gregory
Partner

Get in touch

Avatar
Matthew Gregory
Partner
Key takeaways from MIPIM 2025: Future-proofing data centres
3/25/2025 4:21:32 PM

Key takeaways from MIPIM 2025: Future-proofing data centres

By Kirsty Harrower
As the digital infrastructure landscape continues to evolve, increasing AI workloads present both challenges and opportunities for data...
1
35
36

Latest Insights

Summer reading arrived early: European Commission aims for balancing act in its review of merger guidelines
5/9/2025 8:36:59 AM

Summer reading arrived early: European Commission aims for balancing act in its review of merger guidelines

By Alexandra Rogers Sabine Holinde
18
18
Shaping future successes: My takeaways from "An evening with Annie Vernon"
5/8/2025 1:38:17 PM

Shaping future successes: My takeaways from "An evening with Annie Vernon"

By Emma Humphries
Maritime decarbonisation: Current issues facing shipping companies
5/1/2025 1:36:52 PM

Maritime decarbonisation: Current issues facing shipping companies

By Kelli Bodal Hansen Philip Roche
12
12

Explore our site

  • About
  • Careers
  • Diversity, equity and inclusion
  • People
  • Services
  • Insights
  • News

Key industries

  • Consumer markets
  • Energy, infrastructure and resources
  • Financial institutions
  • Life sciences and healthcare
  • Technology
  • Transport

Locations

  • Global coverage

Norton Rose Fulbright © 2024. All Rights Reserved.

  • Amsterdam
  • ●
  • Athens
  • ●
  • Austin
  • ●
  • Bangkok
  • ●
  • Beijing
  • ●
  • Brisbane
  • ●
  • Brussels
  • ●
  • Bujumbura**
  • ●
  • Calgary
  • ●
  • Canberra
  • ●
  • Cape Town
  • ●
  • Casablanca
  • ●
  • Dallas
  • ●
  • Denver
  • ●
  • Dubai
  • ●
  • Durban
  • ●
  • Düsseldorf
  • ●
  • Frankfurt
  • ●
  • Hamburg
  • ●
  • Harare**
  • ●
  • Hong Kong SAR
  • ●
  • Houston
  • ●
  • Istanbul
  • ●
  • Jakarta*
  • ●
  • Johannesburg
  • ●
  • Kampala**
  • ●
  • London
  • ●
  • Los Angeles
  • ●
  • Luxembourg
  • ●
  • Melbourne
  • ●
  • Mexico City
  • ●
  • Milan
  • ●
  • Minneapolis
  • ●
  • Monaco
  • ●
  • Montréal
  • ●
  • Munich
  • ●
  • Newcastle
  • ●
  • New York
  • ●
  • Nairobi**
  • ●
  • Ottawa
  • ●
  • Paris
  • ●
  • Perth
  • ●
  • Piraeus
  • ●
  • Québec
  • ●
  • Riyadh*
  • ●
  • San Antonio
  • ●
  • San Francisco
  • ●
  • São Paulo
  • ●
  • Shanghai
  • ●
  • Singapore
  • ●
  • St. Louis
  • ●
  • Sydney
  • ●
  • Tokyo
  • ●
  • Toronto
  • ●
  • Vancouver
  • ●
  • Warsaw
  • ●
  • Washington DC *associate office **alliance
  • Legal notices and disclaimers
  • Impressum
  • Standard terms
  • Blog network terms and conditions
  • Cookies policy
  • Privacy notice
  • Website access conditions
  • Fraud alerts
  • Modern Slavery Statements
  • Health plan machine readable files
  • Anti-Facilitation of Tax Evasion Statement
  • Suppliers
  • History
  • Remote access
  • Sitemap
Offices and locations

Norton Rose Fulbright © 2024. All Rights Reserved.

  • Amsterdam
  • ●
  • Athens
  • ●
  • Austin
  • ●
  • Bangkok
  • ●
  • Beijing
  • ●
  • Brisbane
  • ●
  • Brussels
  • ●
  • Bujumbura**
  • ●
  • Calgary
  • ●
  • Canberra
  • ●
  • Cape Town
  • ●
  • Casablanca
  • ●
  • Dallas
  • ●
  • Denver
  • ●
  • Dubai
  • ●
  • Durban
  • ●
  • Düsseldorf
  • ●
  • Frankfurt
  • ●
  • Hamburg
  • ●
  • Harare**
  • ●
  • Hong Kong SAR
  • ●
  • Houston
  • ●
  • Istanbul
  • ●
  • Jakarta*
  • ●
  • Johannesburg
  • ●
  • Kampala**
  • ●
  • London
  • ●
  • Los Angeles
  • ●
  • Luxembourg
  • ●
  • Melbourne
  • ●
  • Mexico City
  • ●
  • Milan
  • ●
  • Minneapolis
  • ●
  • Monaco
  • ●
  • Montréal
  • ●
  • Munich
  • ●
  • Newcastle
  • ●
  • New York
  • ●
  • Nairobi**
  • ●
  • Ottawa
  • ●
  • Paris
  • ●
  • Perth
  • ●
  • Piraeus
  • ●
  • Québec
  • ●
  • Riyadh*
  • ●
  • San Antonio
  • ●
  • San Francisco
  • ●
  • São Paulo
  • ●
  • Shanghai
  • ●
  • Singapore
  • ●
  • St. Louis
  • ●
  • Sydney
  • ●
  • Tokyo
  • ●
  • Toronto
  • ●
  • Vancouver
  • ●
  • Warsaw
  • ●
  • Washington DC *associate office **alliance
Policies and disclaimers
  • Legal notices and disclaimers
  • Impressum
  • Standard terms
  • Blog network terms and conditions
  • Cookies policy
  • Privacy notice
  • Website access conditions
  • Fraud alerts
  • Modern Slavery Statements
  • Health plan machine readable files
  • Anti-Facilitation of Tax Evasion Statement
  • Suppliers
  • History
  • Remote access
  • Sitemap
Visit our global site, or select a location
North America
  • Canada (English)
  • Canada (Français)
  • United States
Latin America
  • Brazil
  • Mexico
Europe
  • Belgium
  • Deutschland (Deutsch)
  • France
  • Germany (English)
  • Greece
  • Italy
  • Luxembourg
  • Poland
  • The Netherlands
  • Turkey
  • United Kingdom
Middle East
Africa
  • Burundi
  • Kenya
  • Morocco
  • South Africa
  • Uganda
  • Zimbabwe
Asia Pacific
  • Australia
  • China
  • Hong Kong SAR
  • Indonesia
  • Japan
  • Singapore
  • Thailand
Regional practices
  • India
  • Israel
  • Korea
  • Marshall Islands
  • Nordic region
  • Pakistan
  • Vietnam