Yesterday the CEOs of Payment Service Providers (PSPs) were all sent a letter by the FCA. Signed off by the FCA’s director of “Payments and Digital Assets” the letter sets the context of financial crime and the damage that it can do to society. PSPs can play an important role in preventing customers from falling victim to APP fraud and in preventing payments from reaching the hands of fraudsters.
Reducing and preventing financial crime is a number one priority for the FCA and this letter comes on the very same day of new rules relating to the support of the victims of Authorised Push Payment (APP) fraud coming into force. The new rules apply to payment transactions made through the Faster Payments System (FPS) and CHAPS.
The letter sets out the FCA’s expectations in relation to these new measures and reminds PSPs that they are expected to have in place appropriate oversight, and systems and controls, to be able to ensure compliance with the requirements. In summary, the requirements oblige PSPs to reimburse customers who fall victim to APP fraud via FPS or CHAPS payments, unless the customer was somehow involved in the fraud or acted with gross negligence.
Broadly, the rules are designed to encourage and enable PSPs to tackle APP fraud while minimising the impact on legitimate payments. The costs of reimbursement are to be shared between sending and receiving PSPs as a means of incentivising them to detect and prevent fraud. PSPs are encouraged to adopt a risk-based approach and to take the time to assess potentially fraudulent payments. The rules will allow four business days for PSPs to delay the processing of a transaction in cases where they have reasonable grounds to suspect fraud or dishonesty.
Further guidance for firms together with a policy statement are expected from the FCA later this year. Pending further clarification from the regulators, there is some helpful content in the letter and of which PSP firms should take note:
- Tighten anti-fraud systems and controls, including onboarding processes and transaction monitoring.
- Support controls with sound data and with strong and effective governance procedures.
- Keep systems and controls under review to ensure that they remain effective.
- Recognise and manage potential liability for APP fraud reimbursement and make appropriate adjustments to business models.
- Ensure that appropriate scam warnings are being delivered to customers.
- Prevent foreseeable harm to customers by providing full lifecycle support from point of sale to complaint, including providing clear information about dispute procedures and the availability of the Financial Ombudsman Service (FOS).
The need for PSP firms to ensure that they meet their obligations under the Consumer Duty is very clear and there is a specific reference from the FCA to the added risk of poor consumer outcomes stemming from low levels of consumer understanding around intra-firm payments not routed through FPS or CHAPs. The FCA places the onus of ensuring that customers understand that they may not be protected (or protected to a lesser extent only) for certain payments, depending on the payment process used, firmly on PSP firms. Any PSPs considering providing lower levels of protection for payments that are not sent through FPS or CHAPS, are encouraged to make contact with the FCA to explain how they intend to meet their Consumer Duty obligations in this space.
PSP firms can expect that the FCA will:
- Collaborate with the PSR to maintain a dual-pronged regulatory approach in relation to compliance with this new reimbursement regime.
- Gather data and use it to look out for:
- Prudential issues;
- Conduct breaches; and
- Inadequate systems and controls.
We can expect the FCA to be pro-active and robust in ensuring the protection of consumers and the payments system from fraud.
More on this to follow. In the meantime, you can connect with our financial services regulatory specialists here and sign-up to our regular financial services law and regulation updates here.