Are your anti-fraud systems and processes fit for purpose?

What matters

Following the introduction of the reimbursement requirements for APP fraud by the Payment Services Regulator (‘PSR’) the FCA has written to CEOs of PSPs to make them aware of the FCA’s expectations.

What matters next

"PSPs should seek to reduce APP fraud by improving anti-fraud systems and controls. This includes: having effective governance arrangements, controls and data to detect, manage and prevent fraud; regularly reviewing fraud prevention systems and controls to ensure that they are effective; and maintaining appropriate customer due diligence controls at onboarding stage and on an ongoing basis to identify and prevent accounts being used to receive proceeds of fraud or financial crime."

On the 7 October 2024, the Financial Conduct Authority (‘FCA’) published a ‘Dear CEO letter’ to Payment Service Providers (‘PSPs’) impacted by the mandatory reimbursement requirements for victims of authorised push payment fraud (‘APP’).

Key facts: 

  • Following the introduction of the reimbursement requirements for APP fraud by the Payment Services Regulator (‘PSR’) the FCA has written to CEOs of PSPs to make them aware of the FCA’s expectations.
  • PSPs are required to ensure that they have appropriate oversight, systems and controls in place to comply with the requirements of the fraud reimbursement regime. 
  • The approach adopted by PSPs needs to be consistent with its obligations to provide good outcomes to customers under the Consumer Duty. 

Key takeaways:  

  • PSPs should seek to reduce APP fraud by improving anti-fraud systems and controls. This includes:  
    • having effective governance arrangements, controls and data to detect, manage and prevent fraud; 
    • regularly reviewing fraud prevention systems and controls to ensure that they are effective; and 
    • maintaining appropriate customer due diligence controls at onboarding stage and on an ongoing basis to identify and prevent accounts being used to receive proceeds of fraud or financial crime.
  • The FCA expects PSPs to have regard to the Consumer Duty and take action to rectify the situation where a customer has suffered harm as a result of inadequate systems and controls to prevent scams.
  • Where payments are made intra -firm (i.e. where payments are sent and received to accounts held by the firm or group) the FCA expects PSPs to meet its obligations under the Consumer Duty and if a lower level of protection is to be afforded to such customers (than would be the case if payments were made by FFS or CHAPS) PSPs are required to contact the FCA to provide an explanation of the steps taken to meet its obligations. The clear implication here is that the FCA would expect such customers to be treated in the same way as if the payments had been made by FFS or CHAPS.
  • The Treasury has published a Statutory Instrument that will amend the PSRs 2017 to enable PSPs to delay processing a payment transaction by up to 4 business days after they receive the payment order where they have reasonable grounds to suspect fraud or dishonesty. This will allow PSPs to adopt a risk-based approach to payments and give firms more time to assess suspected fraudulent payments. 
  • To reflect Treasury’s proposed changes, the FCA has consulted and plans to publish final guidance with an accompanying policy statement by the end of 2024.
  • The FCA and PSR will work together to monitor PSPs compliance with the reimbursement regime and will use data to monitor for conduct breaches and inadequate systems and controls. 

 

Disclaimer

This information is for general information purposes only and does not constitute legal advice. It is recommended that specific professional advice is sought before acting on any of the information given. Please contact us for specific advice on your circumstances. © Shoosmiths LLP 2024.

 


Insights

Read the latest articles and commentary from Shoosmiths or you can explore our full insights library.