.svg)
The UK Payment Systems Regulator (PSR) has its consultation on two of its draft directions, which are the legal means to put its new authorised push payments (APP) scam reimbursement requirements in place.
Payments players in the UK now have a broad timeframe for APP fraud compliance.
This is because the PSR has been able to set out its plans following the Financial Services and Markets Act鈥檚 passage earlier this month.
The regulator has said that it is aiming to have new requirements in place by April 2, 2024.
However, it has said that stakeholders should expect the compliance requirements to be in place by 鈥渘o later than Q2 2024鈥.
In August, the PSR said that it will consult on the maximum level of reimbursement and claim excess, and provide additional guidance on the customer standard of gross negligence.
In September, the PSR will subsequently consult on its draft general direction to require reimbursement for APP scams victims from all payment firms.
By the end of 2023, the PSR hopes to publish the claim excess and maximum level of reimbursement, additional guidance on customer gross negligence and all legal instruments.
鈥淭his is a broad package of measures to tackle APP scams and protect victims of these frauds,鈥 said Chris Hemsley, managing director of the PSR. 鈥淥ur directions will put clear requirements and incentives in place to not only ensure payment firms improve how they stop fraud, but also make sure victims are treated fairly.
鈥淏y consulting on these directions now, we are sending a clear signal that we are moving to implement these proposals as soon as possible.鈥
Overall, the PSR鈥檚 plan is for three stages of reforms, including publishing fraud data in a consistent way, which shows rates across the different banks.
According to Max Savoie, partner at Sidley Austin, this may be with a view to naming and shaming, and banks will want to ensure that they are compared in a fair way. 鈥淭his is particularly the case for banks that are servicing other payment service providers."
The second stage of reform focuses on data sharing, he continued, adding that this has the potential to be helpful for managing fraud risk across the sector.
鈥淲henever sharing data, firms need to consider the risks that come with that, including the application of competition and data protection laws."
The third stage, meanwhile, is the new reimbursement requirement on which the PSR is currently consulting.
鈥淭his will generally push the risk of APP fraud onto banks unless they can demonstrate the customer acted with gross negligence, which in practice may be difficult to prove,鈥 he said. 鈥淰ulnerable customers will generally need to be reimbursed even in circumstances of gross negligence.鈥
Savoie told VIXIO that firms will need to put new procedures in place that enable them to quickly identify in-scope transactions and determine whether a customer is vulnerable for the purposes of the rules.
"There is a lot that firms will need to do in terms of refining their procedures, and there will need to be processes in place for reviewing customer reports, as well as for communicating with other service providers and for meeting reimbursement timelines,鈥 he added.
鈥淭he timeframes to make assessments are pretty tight and there are only limited circumstances in which firms will be able to stop the clock."
So far, it cannot be said that the industry is taking the plans lightly. In fact, some proposals from the PSR have courted controversy.
"Measures are clearly needed to combat APP fraud, which can have a devastating impact on victims, but there also needs to be more consideration of the unintended consequences such measures could have on open banking,鈥 Jack Wilson, head of public policy at TrueLayer, told VIXIO.
For example, Wilson cautioned PSR's changes to liability could lead to banks slowing down payments and changing their risk appetites so that more legitimate payments, including in open banking, are blocked or limited.
鈥淚mplementing the changes is also likely to add cost to processing payments,鈥 he said
鈥淪uch unintended consequences run counter to the PSR's own strategy of enabling account to account payments as a competitive retail payment method.鈥
For Wilson, existing measures such as Confirmation of Payee and the Contingent Reimbursement Model already show signs of working, with APP fraud trending downwards.
鈥淲e think more time is needed to assess this trend before further, more fundamental liability changes are activated."
The Payments Association, meanwhile, said that these rules could result in 鈥渦nintended consequences鈥.
For example, the lobbying group said that the decision to split the cost of compensation 50/50 between the sending bank/issuer and the receiving bank/issuer will likely make firms more cautious about opening marginal accounts, hurting low income and/or vulnerable customers.
In addition, the Payments Association echoed others in the industry when it said that social media firms need to be in scope of the plans.
However, this is tough for the PSR to implement, as it has told VIXIO that it is not mandated to regulate social media firms.
"The reason that regulators can't act is because these companies are American, and the US naturally is very protective of its tech industry,鈥 pointed out John Bertrand, director at On Demand Payment Technologies.
Bertrand added that the PSR is 鈥渢rying to do good鈥 with these plans.
"The issue is reimbursements, which appear to vary a lot between the main banks,鈥 he said. 鈥淭hese new requirements should put more scrutiny on the banks, and mean that reimbursement must be done within 48 hours."
The issue that UK players are now contending with is likely to make its way onto the continent soon, with the European Commission having unveiled extended reimbursement rights in revisions to the Payment Services Directive.
