The Payment Systems Regulator (PSR) has launched two consultations in the lead up “to the implementation of its new authorised push payment (APP) fraud reimbursement requirements. ”
In June, the PSR set out its final position on “tackling APP fraud, which will mean the vast majority of victims will be reimbursed within five days of the fraud being reported to their bank.”
The PSR’s reimbursement requirements will aim to “ensure action is taken across the payments ecosystem to prevent APP fraud from happening in the first place, but also encourage, and reinforce the importance of, consumers remaining cautious when making payments.”
Before the new requirements come into force next year, the PSR said it would “seek views on the maximum level of reimbursement and claim excess, as well as on the consumer standard of caution.”
Consumer standard of caution consultation
In this consultation, the PSR outlines its proposed approach “to the consumer standard of caution.”
The PSR proposes that the standard should consist of three things:
- A requirement for consumers to have regard to specific, directed warnings given by their bank, which make clear the intended recipient is likely to be a fraudster. Although banks will need to take into consideration the complexity of an APP scam, including any social engineering consumers may have faced.
- A prompt reporting requirement where consumers who are, or suspect they are, a victim of an APP scam should notify their bank promptly and, in any event, not more than 13 months after the last fraudulent payment was made.
- An information sharing requirement where consumers should respond to any reasonable and proportionate requests for information made by their bank to help them assess a reimbursement claim, or to determine if a consumer is vulnerable.
- If it can be demonstrated that the consumer has been grossly negligent in not meeting one of more of these requirements, then they may not be reimbursed.
However, gross negligence is a very high bar “which will critically depend on the individual circumstances of each case.” The PSR only expects it “to apply in a small minority of cases. Gross negligence will never apply where a victim’s vulnerability is a factor in them being defrauded.”
Maximum level of reimbursement and claim excess consultation
In June, the PSR confirmed “that sending banks will have the option to apply a claim excess under the new reimbursement requirements, except in cases where the consumer is vulnerable.”
The regulator stipulated there will “be no minimum threshold for claims, but there will be a maximum limit.”
The PSR is now “seeking views on the most appropriate way of structuring a claim excess.”
This includes whether an excess should “be a fixed amount (similar to an insurance claim excess) or a percentage of the reimbursement claim amount.”
The PSR also proposes that “the maximum reimbursement level should be in line with the prevailing Financial Ombudsman Service limit of £415,000 per claim – which around 99.98% of APP fraud falls within.”
The regulator is also “consulting on whether the maximum level will apply to vulnerable consumers.”
Chris Hemsley, Managing Director at the PSR, said;
“The changes we are delivering will bring a major shift in preventing fraud, increasing reimbursement for victims, and incentivising the banks to do more to help their customers. The two aspects we’re consulting on now will help to strike the right balance between encouraging people to be careful when making payments, while ensuring they have confidence in knowing they’ll be better protected if they do fall victim to fraud.”
In October, the PSR will consult “on the draft general direction which will be given to all payment firms, requiring reimbursement for APP scams victims.”
By the end of 2023 the PSR will publish the claim excess and maximum level of reimbursement, additional guidance on the consumer standard of caution (gross negligence) and all legal instruments.
In 2024 the new reimbursement requirement will “come into force.”
The PSR is gathering views “on both consultations until Tuesday 12 September 2023.”
In line with the FCA’s definition of vulnerability, banks should “determine whether a consumer’s characteristics of vulnerability led to them to be defrauded.”
The PSR is also currently consulting “on the proposed legal instruments to put its reimbursement requirements in place until 25 August 2023.”