Regulatory update: CP18 / 16 Authorised Push Payment Fraud – Extending the Jurisdiction of the FOS

Posted: 10th July 2018

Background

On the 26th June 2018, the Financial Conduct Authority (FCA) released a consultation to change the FCA complaints handling rules to reduce the harm experienced by consumers and small enterprises that have fallen victim to authorised push payment (APP) fraud. The rules are aimed to tackle the issues experienced when the customer believes that the payment service provider (PSP) has not done enough to prevent or respond to APP fraud. The FCA is proposing that PSPs handle fraud complaints following the Dispute Resolution: Complaints Sourcebook (DISP).

The FCA explains that there is a multitude of APP scam types. However, the two most common are:

1.    Impersonation - where victims believe they are paying a known and legitimate payee but are, instead, tricked into making a push payment into a fraudster's account (e.g. investment scams). 

2.    Purchase - where victims make a push payment for what they believe to be legitimate goods or services, but the promised goods or services are not legitimate.

In 2017, UK Finance recorded 43,875 cases of APP fraud and total losses of £236 million, making it clear that APP fraud is a growing problem. For further reading, or Regulatory Affair Manager Mark Townsley has recently shared a post on the definitions and regulatory pressures of APP fraud.

As a result of the new proposed rules, APP fraud complainants will be referred to the Financial Ombudsman Service (FOS) if they are unhappy with the actions of the PSP, which includes any lack of response from the PSP.  Therefore, the new proposal will allow victims to have access to dispute resolution through the FOS that is in line with the FCA’s objectives of protecting consumers and enhancing market integrity.

KEY FINDINGS

The FCA is exploring views on two specific proposals relating to the DISP sourcebook, and the Glossary of the FCA Handbook. These are:

Complaints about APP fraud

The FCA is proposing to apply complaint handling rules when responding or preventing an alleged APP fraud and bringing these complaints into the FOS in the compulsory and voluntary jurisdiction.

At the moment, the FOS cannot currently consider complaints by payers against PSPs who have received funds. Therefore, the FCA proposes that PSP handle their complaints in line with the DISP sourcebook complaint handling rules, which allows complaints to be referred to the FOS. The FOS is only allowed to consider complaints from third parties in limited circumstances. The proposal will extend the jurisdiction to review complaints against third parties from 1 January 2019.

Complaints about cooperation between PSPs

The proposal is seeking views when a fraudulent payment has been made and the receiving PSP fails to cooperate with the sending PSP.

The new Payments Services Directive (PSD2) creates an obligation for PSPs to ensure that the account details are correct. If the account details are incorrect, the receiving PSP must make all efforts to recover the funds.

PSD2 also obligates PSPs, when there are disputes between payment service users, to be considered by an Alternative Dispute Resolution. The FCA is consulting on bringing these disputes into the FOS’s voluntary and compulsory jurisdiction as soon as the rules are made applying to any APP fraud or omission, from the 13th January 2018.

NEXT STEPS

The FCA is asking for views on CP 18 / 16 to be received by the 26th September 2018. The FCA will consider any feedback and publish any finalised rules in due course

CONSIDERATIONS FOR FIRMS

The guidance on APP fraud is limited, and we are awaiting further information. In the meantime, firms should review their existing processes of fraud prevention, examine the gaps therein and learn how they mitigate the risk of APP fraud. UK finance has released a set of Standards, encouraging firms to improve their anti-fraud framework.

With regards to complaints and disputes, firms should be aware of how to manage these in a new Open Banking eco system, where new parties, Third Party Providers (TPP), Account Information Service Providers (AISP) & Payment Initiation Service Providers (PISP) will further cloud the process for complaint handling. A compliant and consumer first approach is needed in order to meet PSD2 and FCA mandates.

Firms should be mindful of the "Dear CEO" letter, from FCA Chief Executive Andrew Bailey, explaining that the Senior Management Regime (SMR) accountability requirements are a driver for firms to implement adequate measures to reduce APP scam fraud. SMR intends to reduce harm to consumers and strengthen market integrity by making individuals more accountable for their conduct and competence. In going forward, firms should have in place an appropriate anti-fraud framework. Further information can be found in our recently released Fraud White Paper.