The bringing in of a scheme for mandatory reimbursement for fraud victims is painfully slow, says a cross-party committee of MPs. The Treasury Committee objects to new proposals by the regulator which would hand the refund process to an industry body.
The Payment Systems Regulator (PSR) proposes that banks and building societies will be required to fully reimburse victims of authorised push payment scams within two days of the fraud being reported where the loss is over £100.
However, rather than taking control of bringing in mandatory reimbursement, the PSR is proposing handing responsibility to a separate body – Pay.UK – which is guaranteed by the financial services industry.
The committee sees this as an inherent conflict of interest, as Pay.UK will be responsible for ensuring the banks and building societies that are its own guarantors – and some are fundamentally opposed to the plans, the MPs note – pay out to reimburse consumers.
This creates an opportunity for the banking industry to slow down the reimbursement plans, which have already been delayed until 2024. The MPs state that mandatory reimbursement must be fully happening by the end of 2023.
The committee in a report also outlines that Pay.UK lacks tools to ensure the financial services industry is complying with the rules, as it has no regulatory or enforcement powers. The MPs call for the PSR to revise its plans and take back control of the reimbursement process.
Treasury Committee Chair, the Worcestershire Conservative MP Harriett Baldwin, said: “Victims of fraud have been waiting far too long for a fair and functional scam reimbursement scheme. However, while these new proposals are a step in the right direction, the way the regulator plans to implement them is fundamentally flawed. Putting an industry body in charge of reimbursing scam victims is like asking a fox to guard the henhouse.
“The regulator needs to take back control of the reimbursement process, rather than leave it in the hands of an industry body which is inherently conflicted.”
Background
Authorised push payment (APP) scams occur when a fraudster tricks someone into transferring money into another account. It is a common crime and causes untold misery, the MPs’ report says. In 2021 victims were defrauded of at least £583m as a result of APP scams. Once someone realises they have been scammed it is often too late to stop it.
In 2016, the consumer advice body Which? made a super-complaint to the Payment Systems Regulator (PSR) in which it argued that banks could do more to protect consumers from APP fraud. In 2019, a voluntary code for reimbursement of victims was developed, to which ten banks and other payment services providers (PSPs) are signatories. In the face of growing harm from APP fraud, the Treasury Committee called in November 2019 for the code to be made mandatory.
For the report, visit the UK Parliament website.
CRM Code
Meanwhile, The Lending Standards Board (LSB) has updated its Contingent Reimbursement Model Code (CRM Code), requiring signatory firms receiving scam payments to put in place measures to stop such transfers.
All signatory firms will also be required to go further in identifying new and existing accounts at higher risk of being used by criminals. By no later than December 2023, firms must be monitoring the payments that they are receiving to help them identify suspicious inbound payments and accounts that might be being used by scammers.
Emma Lovell, Chief Executive of the LSB, said: “It is essential that firms do all they can to stop criminals from opening bank accounts and using their services to receive scam payments. Strengthening the Code’s provisions means putting in place another tripwire for fraudsters looking to steal people’s savings – not to mention the money needed for essential living costs.
“Reimbursement can repair the financial impact on the victim, but it is still very much a lose, lose outcome. Victims lose because they will feel the after-effects and trauma of being scammed even after reimbursement and society loses as organised criminals reap the rewards of theft.
“We strongly believe that firms should continue to sign up and adhere to the CRM Code. Scammers aren’t slowing down, and so we cannot take our eye off the ball. Only by stopping scams can customers truly be protected. Maintaining an industry code focused on preventing and detecting scams ensures firms have the tools to stop more scams and demonstrates their commitment to good customer outcomes and protections.”
Comment
Rocio Concha, Which? Director of Policy and Advocacy, said: “While it’s good to see steps taken to make banks put in place extra checks they should have been doing anyway, the voluntary nature of the code means that scam victims will still face a reimbursement lottery depending on who they bank with.
“The Government must press ahead with plans to make all banks and payment providers reimburse scam victims in the vast majority of cases and give the payments regulator responsibility for an enforcement regime with tough penalties for any firms that break the rules.”
