UK banks have been encouraged for years to sign on with the Contingent Reimbursement Model (CRM) Code, thereby complying with a voluntary set of rules established by the Payment Systems Regulator (PSR) for reimbursing victims of certain online scams. The voluntary rules did not achieve the results the PSR was hoping for. As a result, mandatory rules will be in force from October 2024.
Outseer, a globally recognized payment fraud prevention firm, encourages UK banks to familiarize themselves with the new rules so that they are prepared when they come into effect. The new rules could ultimately force financial institutions to reimburse fraud victims to the tune of hundreds of thousands of pounds.
Romance Scams Targeted
While the new rules apply to a variety of online scams, romance scams have been targeted specifically. These are scams in which victims are convinced to voluntarily send payments to fraudsters under the guise of developing romantic relationships. This sort of fraud is known formally as authorized push payment (APP) fraud.
APP fraud can be perpetrated by way of romance scams, goods and services scams, and other means. It’s an attractive crime as evidenced by the fact that fraudsters stole £580 in the first half of 2023 alone. Fortunately, banks were able to prevent an additional £651 million in APP fraud.
Nonetheless, scammers will continue APP attacks for as long as they can get away with them. The PSR understands this, and they believe one of the ways to combat such fraud is to force financial institutions to take a more active role in the fight. Thus, the new rules.
What the New Rules Do
The new rules set to go into effect in October do a couple of important things. First and foremost, they allow for forcing banks to reimburse up to £415,000 per APP incident, unless the involved bank can prove gross negligence by the victim.
Second, and perhaps more importantly, the new rules make accusations of gross negligence harder. They set a higher standard that banks need to prove in order to refuse reimbursement. Banks will no longer be able to dismiss fraud claims so easily under the guise of gross negligence.
Forcing Banks to Cooperate
The CRM represents a good faith effort by the PSR to encourage banks to take more aggressive action against APP fraud. But according to PSR data, the program did not work as well as regulators would have liked. The PSR reports a wide discrepancy between banks more willing to reimburse and those that refused to do so.
The bank with the highest reimbursement rates does so at a rate of 91%. On the other end of the scale, the data shows other banks with reimbursement rates of 10%, 20%, and 22%. Such low reimbursement rates are unacceptable to the PSR. They intend to tackle the problem by upping the bar on gross negligence and forcing banks unable to prove it to reimburse what could ultimately be large sums of money.
The UK Is Not Alone
The UK and PSR are not alone in trying to get banks to take more responsibility for APP fraud. In the U.S., the Protecting Consumers From Payment Scams Act was passed by Congress last year. Although it has yet to become law, the bill would require financial institutions and payment providers to reimburse victims of fraud regardless of negligence.
It is clear that regulators want banks to take a more active role in preventing APP fraud. Banks throughout the UK should do so by taking steps that include becoming familiar with the new rules set to be implemented later this year.