August EWJ 24 - Flipbook - Page 53
How the UK is Leading the way
in the fight against APP fraud
by James Evison, Partner, and Miranda Joseph, Senior Knowledge Lawyer, Stevens & Bolton
In 2023, a staggering £459.7 million was lost to authorised push payment (“APP”) fraud1. This is a fraud
where victims – either individuals or businesses – are
tricked into sending money to accounts controlled by
criminals. Often the victim is manipulated into thinking they are making an investment, helping law enforcement, purchasing goods or services, making
payments to loved ones or carrying out a business
transaction. Sometimes, the fraudsters will obtain personal details before carrying out the fraud, they may
spoof email addresses and in some cases may even use
sophisticated AI tools. It is as creative and prevalent
as it is malicious and even the most streetwise and
savvy can be taken in.
2019. This is a voluntary code which a significant proportion of the UK’s retail banks – particularly the larger
financial institutions – have signed up to. It sets out
good industry practice on helping customers to protect
themselves from APP fraud and, crucially for victims,
signatory banks agree to reimburse customers unless
they have ignored warnings or been grossly negligent.
The next stage of regulatory protection will be the
introduction of a new mandatory reimbursement
scheme by the PSR on 7 October 2024. However, unlike the CRM, it covers only a single payment system
– the Faster Payments System (“FPS”).
In practice, it will mean that consumers, micro
businesses and smaller charities should be reimbursed
up to a maximum of £415k per claim if they fall victim to APP fraud by paying fraudsters using the FPS.
To incentivise both the paying and recipient banks to
protect consumers, the cost of reimbursement will be
split 50/50 between the sending and recipient banks.
As with the CRM, there are some exceptions although
they appear to be narrowly framed. In this case, the
banks may be able to avoid reimbursement if the customer fails to comply with the “customer standard of
caution” through their own gross negligence.
A silver lining for victims (but perhaps not banks and
other financial institutions) is that a reasonable proportion of victims are now reimbursed. Around
£287m, 62% of all losses to APP fraud,2 was returned
to victims in 2023. That is a big improvement, however, it still leaves many victims without redress and
the consequences for them can be devastating.
The UK is using a multi-layered approach through
increased regulation, the courts and government
policy to tackle these faceless crimes, but legal practitioners still need to keep one step ahead.
The test for “gross negligence” here is showing a
significant degree of carelessness in, for instance, failing to have regard to interventions by the bank,
promptly report the fraud to the PSP and then the
police, and share information. However, PSPs are not
permitted to rely on this exception where they assess
the customer to be vulnerable. We will need to see
how PSPs approach this in practice and it could be an
area which generates disputes.
Regulation
In recent years, the UK’s financial industry, perhaps
seeing the writing on the wall following the Which?
super complaint to the Payment Services Regulator
(“PSR”) in 2016, has made progress in protecting consumers against APP fraud. The Lending Standards
Board, an industry self-regulation body, introduced
the Contingent Reimbursement Model (“CRM”) in
EXPERT WITNESS JOURNAL
51
AUGUST 2024
