Second Special Report
On 1 November 2019, the Treasury Committee published its Third Report of Session 2019, Economic Crime: Consumer View (HC 246). On 5 February 2020 we received the Government Response to the Report, on 31 January we received the Payment Systems Regulator Response to the Report, and on 12 February we received the Financial Conduct Authority’s Response to the Report, all of which are appended below.
Appendix 1: Government response
Introduction
The government has considered the Treasury Select Committee’s comprehensive report titled ‘Economic Crime: Consumer View’ published on 1 November 2019 and has carefully considered the Committee’s recommendations, which highlight important issues on economic crime and consumers.
The UK’s standing as a global financial centre, its openness to overseas investment and its embrace of new and innovative technologies create a vulnerability to economic crime. Economic crimes like fraud, corruption and money laundering enable and fund other crimes which cause lasting harm—such as child sexual exploitation, drug dealing, human trafficking and modern slavery. Our communities are left damaged, and often our most vulnerable citizens are harmed.
It is therefore imperative the UK is world-leading when it comes to responding to economic crime. In 2018, the Financial Action Task Force found that the UK had one of the strongest systems for combatting money laundering and terrorist financing of over 60 countries it has assessed to date. Criminals, however, are continuously adapting their methods and we know there is more work to be done. Last year, the government and private sector jointly published a landmark Economic Crime Plan, which encompasses our response to the recommendations made by both FATF and the first part of the Treasury Select Committee inquiry. This Plan provides a collective articulation of actions being taken by both the public and private sectors over the next three years to ensure the UK cannot be abused for economic crime. The public-private partnership approach ensures a joined-up response to economic crime and maximises the capabilities, resources, and experiences of both the public and private sectors.
The government has also transposed the 5th Anti-Money Laundering Directive into UK law, which came into force on the 10th January this year. This includes bringing letting agencies and art dealers into regulation for the first time, as well as implementing a comprehensive and world-leading approach to regulating cryptoasset exchanges and custodian wallet providers.
As a commitment of the Economic Crime Plan, the government will also publish an updated National Risk Assessment of Money-Laundering and Terrorist Financing by July 2020. This will serve as a stocktake of our understanding of these risks, including how they have changed since the 2017 NRA. The assessment is the result of an extensive consultation across government, including law enforcement, intelligence agencies, supervisors as well as the public and private sector.
Government response to the Committee’s recommendations
This paper sets out the government’s response to each of the Committee’s conclusions and recommendations to government. The Committee’s recommendations are in bold and the government’s response is in plain text. Paragraph numbers refer to those in the report. Where a recommendation is for the FCA, this has been referenced.
1. The type and scale of economic crime affecting consumers
It is clear, both in terms of financial losses and in the variety of scams suffered by consumers, that economic crime is a serious and growing problem in the UK. Trends need to be identified quickly. In order to ensure a clear picture of the scale and types of economic crime facing consumers, the FCA should publish data on economic crime within six months. It should evolve its data collection practices to ensure they allow for emerging trends, while still enabling year-on-year comparisons. (Paragraph 15)
The FCA will address this recommendation in their response.
2. Prevention
Data sharing
The government has not been listening to concerns that data sharing requirements for financial services firms are too restrictive and unfit for purpose. We welcome the establishment of the public-private working group. Its remit must include assessing whether the current data sharing requirements are fit for purpose. If not, the working group must make detailed proposals to reform those legal requirements including considering using existing subordinate legislation-making powers under the Data Protection Act 2018 to amplify or clarify exemptions in the Act. The group should report to us every six months on progress made. (Paragraph 24)
In recognition of the importance of data-sharing in combatting economic crime, improving information-sharing is one of the key strategic priorities in the Economic Crime Plan. The UK has been a world-leader in promoting the legitimate information-sharing on economic crime and its architecture includes the Joint Money Laundering Intelligence Taskforce (JMLIT), the provisions of the Criminal Finances Act 2017, the Data Protection Act 2018, and the Suspicious Activity Reporting (SARs) regime which is currently subject to an ambitious reform programme. Effective, legitimate and targeted sharing and use of information can only be achieved with the appropriate powers, gateways, frameworks and culture in place.
A public-private steering group has been established to oversee mapping work that examines whether the existing information sharing gateways, powers and partnerships are appropriate, clearly defined and universally interpreted. This mapping work is also identifying what barriers exist to information sharing and examining whether these barriers are legal, arising from regulatory expectations, technical, financial and/or cultural.
The steering group is further considering the case for any new provisions on information-sharing between private sector institutions. This must consider whether a new provision would be necessary and effective in delivering the objectives of information-sharing: to better prevent crime, protect potential victims, detect crime quickly, conduct investigations promptly and prosecute in a timely manner. The review must also take account of data subjects’ rights, considering data protection legislation and the Information Commissioner’s Office’s (ICO) data-sharing code of practice. Other ethical implications and competition risks will also be considered in making the steering group’s eventual recommendations.
The steering group is also overseeing the implementation of the commitment in the Economic Crime Plan to promote sharing of information in corporate groups. This will culminate in a statement setting out the government’s expectations on information-sharing within corporate groups, including between different business units, for economic crime purposes. This will help ensure that firms’ determination of risk encompasses global considerations and be used as a basis to promote greater international consistency in cross-border information-sharing.
The review is scheduled to result in a report shortly that sets out recommendations for reform. The government will share a copy of that report with the Committee and, if the review does propose any legislative changes, will update the Committee every six months on the progress made in delivering them.
Response Time
We are concerned over the length of time some accounts used in economic crime remain active once intelligence has been received on their potential misuse. Whilst we understand that prescribed timeframes could delay how quickly banks act, the difference in time each bank takes to act creates weakness in the UK financial system. The FCA should work with financial institutions to ensure consistency across the sector. We recommend that the FCA uses its powers to set a timeframe in which an account must be frozen when evidence has been received by a bank that it is receiving money fraudulently. (Paragraph 28)
The FCA will address this recommendation in their response.
Confirmation of Payee
Confirmation of payee will not solve economic crime alone, and as such the onus will always be on financial firms to develop further methods and technologies to keep up with fraudsters. (Paragraph 39)
The fact that banks were not previously confirming payees is a serious failure to protect customers from harm. Asking for such information but not using it would have created a false sense of security among some customers when sending payments. It might have been better for banks to not ask for this information at all if they were not going to use it for fraud prevention. (Paragraph 40)
We therefore recommend that Confirmation of Payee should be introduced as a matter of urgency. Every delay leaves more people vulnerable to falling victim to economic crime. If the implementation date of March 2020 begins to look in doubt, regulators should consider introducing sanctions, such as fines, to firms who have not met the deadline. (Paragraph 41)
The government agrees with the Committee that introducing Confirmation of Payee represents a positive step towards combatting crime.
As the Committee’s report notes, in August 2019 the Payment Systems Regulator (PSR) gave a direction to the UK’s six largest banking groups to fully implement Confirmation of Payee (CoP) by 31 March 2020. This direction applies to Payment Service Providers (PSPs) who collectively accounted for 90% of the total volume of transactions over FPS and CHAPS in 2018 and, as the PSR has noted, should therefore have a significant impact in countering APP fraud.
Should it prove necessary, under the Financial Services (Banking Reform) Act 2013, the PSR has powers at its disposal, including warning notices and financial penalties, for use in the event that a directed participant fails to comply with a direction.
The arguments put forward that Confirmation of Payee implementation could be harmful for competition if large firms implemented before small ones, is without merit. Competition in the banking sector exists for the benefit of customers, not for the benefit of firms. Customers should not be put at risk of becoming victims of fraud, in order to protect slow adopting firms from implementing protections for their customers. The Payment Systems Regulator should therefore ensure that all relevant firms can implement Confirmation of Payee by the end of 2020. (Paragraph 42)
The government welcomes the implementation of Confirmation of Payee as a means of combatting Authorised Push Payment (APP) scams and the August 2019 PSR direction mandating full implementation by many of the largest firms by the end of March 2020.
With the first phase of CoP implementation underway, Pay.UK has announced that it is considering further applications for CoP, including the potential of the proposition for bulk payments, PSPs using Head Office Collection Accounts (HOCA) or other corporate applications. Indicative timelines for agreeing a model and implementation period for this second phase are currently under review.
The PSR will work with industry to determine a proportionate approach and timeframe for further CoP implementation.
Subtle differences which might not be immediately obvious to many people, such as using ‘soliciters’ rather than ‘solicitors’, could represent a fruitful way for fraudsters to disguise fraudulent accounts as legitimate accounts, and therefore small inaccuracies should be flagged for consumers’ own protection. We recommend that spelling mistakes are flagged within the new Confirmation of Payee System. (Paragraph 43)
The government recognises that flagging spelling inconsistencies as part of the new CoP system could in some instances prevent APP scams.
The CoP rules contain minimum standards with regard to spelling-checks. As CoP is introduced, banks are coordinating together to ensure that the flagging of inconsistencies is implemented consistently.
Delaying payments
Fraudsters rely on the speed of the payment system to move money into a series of different accounts before a customer or a customer’s bank are aware that a fraud has taken place. The speed of transactions make it difficult for banks to trace stolen money once a fraud has occurred. Very few first-time payments need to be received instantaneously. Very large payments will often be scheduled days in advance. Therefore, high-speed payments on first time payments could be made redundant with only a limited impact on consumers. (Paragraph 49)
We recommend a mandatory 24-hour delay on all initial or first-time payments, during which time a consumer about to be defrauded could remove themselves from the high-pressure environment in which they are being manipulated. All future payments to that same account could flow at normal speed to minimise inconvenience to customers. If a situation arose whereby an initial payment was needed instantly, a customer could ring their bank and additional checks could be carried out for the funds to be released. (Paragraph 50)
Payments by Faster Payments deliver a range of benefits for individuals and businesses, allowing them to make time-sensitive payments whenever needed and providing them with more flexibility to manage their money. At the same time, as the Committee notes in its report, slowing down the process for initial payments could be a means of helping to prevent APP scams.
The report notes that banks have the ability to delay payments by Faster Payments in cases where fraud is suspected, and that in some cases they providers customers with the option of delaying payments. It is important to consider the costs and benefits of mandating a 24-hour delay for payments in terms of combatting fraud, especially as banks start to implement CoP.
Money mules
Financial firms who allow members of the public to open bank accounts should provide information about what a money mule is, and the penalties for being convicted, at the point of opening. This should take the form of an easy to read factsheet, rather than being buried in the small print of terms and conditions. (Paragraph 56)
Where groups of people most susceptible to being persuaded to become money mules are identified, targeted campaigns should be undertaken. For example, banks should fund work with universities, youth organisations, community centres, schools, Further Educational institutions and sixth form colleges to provide students with information, both when they join and at graduation. Targeted campaigns where other emerging trends are identified should also be undertaken. (Paragraph 57)
The government agrees with the Committee that financial firms should voluntarily provide members of the public who open bank accounts with clear warnings about the danger of acting as a money mule, including the penalties for being convicted. However, it is worth noting that this will not have a retrospective effect on the adult population that already have a bank account, thereby limiting outreach to existing customers. Given the increasing prominence of digital and in-app banking a wide range of nudges, beyond a factsheet, should also be considered by firms.
Though funding any information campaign activity would be a commercial decision for banks, HMT encourages industry to consider how they can best increase consumer awareness of the issue. The provision of this information should build upon, and complement, the financial sector’s existing initiatives aimed at stopping people from becoming the victims of crime or facilitating criminality. These initiatives include the “Don’t Be Fooled” campaign, a partnership between UK Finance and Cifas, fully funded by the banking sector, which aims to deter students from becoming money mules. The campaign educates students about how criminals operate and why they are a target. It also intends to communicate the serious consequences of becoming a money mule.
Freezing bank accounts
We recommend that the FCA should set a challenging timeframe in which an account must be frozen when evidence has been received by a bank that it is receiving money fraudulently. We understand the argument made by the FCA that a timeframe may encourage financial firms to work towards the prescribed timeframe, rather than as quickly as possible, but without a deadline, some accounts are remaining open for weeks allowing further fraud to occur unnecessarily. (Paragraph 58)
The FCA will address this recommendation in their response.
Third parties
When third parties are responsible for data breaches which lead to associated fraud, they should be responsible for the associated costs. The government should consider making third parties liable for associated costs to financial services firms and encourage the Information Commission to take this account when fining firms under the General Data Protection Regulations. (Paragraph 68)
There are a number of tools available to the ICO to ensure compliance with General Data Protection Regulations (GDPR) principles on data security.1 These include regulatory guidance, non-criminal enforcement, audit and monetary penalty notices. There are also criminal offences available to prosecute people who knowingly or recklessly obtain data without the consent of the data controller.2
The ICO takes a risk-based and proportionate approach to regulatory action against organisations and individuals that have breached data protection rules. That means organisations and individuals suspected of repeated or wilful misconduct or serious failures are likely to be subject to more serious sanctions than those who cooperate fully with ICO investigations and make genuine efforts to address risky processing activities.
The General Data Protection Regulation has only been in force for just over 18 months, but the ICO has shown a willingness to impose increasingly large fines in the most serious cases. Details of regulatory action taken, including against online services, is available on the ICO’s website.3
The factors that ICO take into account when imposing fines are set out in their Regulatory Action Policy4 and include things like the scale, the extent of any exposure to financial harm, and nature of the offending and any steps the data controller has taken to mitigate harm to data subjects.
The Information Commissioner has the power to serve a monetary penalty notice on a data controller of up to 4% of global turnover for the most serious and harmful contraventions. Sums recovered by the Information Commissioner by monetary penalties are payable into the Consolidated Fund.
De-risking
In the first instance banks should be as transparent as possible on de-risking to allow all individuals and firms the best possible chance of keeping their financial services. This may include providing greater information about why services have been withdrawn. There are examples of good practice on this and the FCA should ensure its rules allow for that to happen. (Paragraph 76)
The FCA has at times appeared unable to act to prevent de-risking from happening. The improved data gathering from the Financial Crime Report should assist it in its efforts The FCA and Financial Ombudsman Service should ensure that all instances of de-risking where a customer cannot come to resolution with their bank are fully investigated and banking services returned as quickly as possible wherever possible and appropriate. We would expect to see timely and appropriate action taken where instances of blanket de-risking are apparent. (Paragraph 77)
To combat economic crime, it is essential that Anti Money Laundering (AML)/Counter Terrorist Financing (CTF) supervisors and regulated firms take into account the specific ML and TF risks faced by their sectors and businesses. Where banks deem customers to be a high risk of money laundering, they are required to take appropriate and proportionate measures to address this risk in a proportionate manner. This may include choosing to no longer offer banking services.
While the decision to maintain or accept a banking relationship with a customer is a commercial one, the FCA has been clear that wholesale de-risking is not typically representative of effective money laundering risk management. Banks should not deal generically with whole categories of customers or potential customers and should recognise and appreciate the risks associated with different business relationships.
Where individuals or businesses are de-banked, it is important that they understand why they have been de-banked, and the FCA is working with financial institutions to help improve communications, including through a set of principles on how de-banking decisions should be made. Following the implementation of the Payment Services Regulations (2017), banks seeking to withdraw account services from payment services providers must submit an application to the FCA and PSR, who will assess these against criteria of being proportionate, objective and non-discriminatory. The government is further working to ensure de-risking does not create issues in the remittances sector by taking forward recommendations of the G20 taskforce on remittances, and working with stakeholders to ensure this can be done in a way that allows legitimate risks to be countered by financial institutions.
Artificial Intelligence
Banks should only use Artificial Intelligence if they have a high degree of assurance that its use will not result in bias. Regulators have a role to play to ensure it is used responsibility and does not pose indiscriminate risks to sections of society. (Paragraph 78)
The government is committed to supporting innovation in tackling economic crime. It has recently established a senior-level economic crime Innovation Working Group. This will provide a forum for government and private sector partners to explore how to promote innovation and RegTech solutions to improve the effectiveness of private sector preventive measures, while ensuring such new technology is used sensibly and with appropriate safeguards.
The UK’s regulators have also taken a world leading approach to fostering innovation. The FCA’s AML Techsprints in 2018 and 2019 brought together firms, regulators and law enforcement agencies to investigate how new technologies can be used to more effectively combat money laundering and financial crime responsibly.5 The FCA has also recently made clear its interest in seeing innovation in machine learning, more specifically federated learning and travelling algorithms, alongside innovation which makes finance work for everyone. Its Sandbox will allow firms to test that technology in an environment where the regulator can pose questions around access and inclusion. The FCA has further partnered with the Alan Turing Institute to explore the transparency of AI in the financial sector and the practical challenges it presents, such as unconscious bias.6 Meanwhile, the ICO, together with The Alan Turing institute, has published draft guidance on explaining decisions made with AI.7 The guidance suggests practical steps to ensure AI systems are designed and used in a way that is accountable, transparent, considerate of the context and reflective of the impact on individuals and society. The guidance also covers the implications of the General Data Protection Regulation, such as the requirement to complete a Data Protection Impact Assessment, and the Equality Act 2010, such as ensuring that decisions made with AI do not have a worse impact on individuals with protected characteristics.
3. Investigating fraud as crime
The announcement of a national fraud strategy is long overdue. It followed the damning criticism of Her Majesty’s Inspectorate of Constabulary and Fire and Rescue Services’ report. It must now be a priority for police forces to make the strategy work. One of the actions from the Economic Crime Plan 2019–22 is that the police response to fraud is improved. The government should provide us with an update on this action within six-months of publication of this report. (Paragraph 89)
The government will provide the Committee with an update on the implementation of the HMICFRS’ recommendations and other measures being taken to improve the police response to fraud within six months of the Treasury Committee’s report publication, as requested.
The police response
Complex fraud cases have not always been effectively ‘tasked’ or referred upwards. At times they are just moved from pillar to post. This is unacceptable for the victims of potentially devastating crimes. It is therefore welcome that this is both a focus of the police, and its inspectorate. (Paragraph 96)
Improvements to tasking will hopefully relieve some pressure on local forces. However, some cases will remain at the local level. The government must review how it provides support to individual police forces which consider they have complex frauds they could successfully investigate, where resources may otherwise prevent those cases progressing. (Paragraph 97)
The police response to fraud, including the provision of government support to police forces investigating complex frauds is being reviewed as part of the Serious and Organised Crime (SOC) Review, led by Sir Craig Mackey QPM.
The SOC Review will consider the powers, capabilities, governance and funding required to tackle serious and organised crime threats, including fraud, across law enforcement and the justice system in England and Wales. The findings and recommendations of the review will be presented to the Minister for Security in Spring 2020.
Reporting
We are pleased to hear that in the main, reports of economic crime from financial institutions to the police are happening in a timely manner so the police can start an investigation promptly. However, we are concerned that banks do not always appear to be reporting instances to the police where, for example, the bank has reimbursed the victim. Given the high-speed nature of the financial system, any delay in reporting to the police could prevent recovery of funds and allow fraudsters to profit at a victim’s expense. (Paragraph 100)
The government should require all frauds to be reported regardless of their size, and whether or not a financial institution has reimbursed a consumer. (Paragraph 100)
The government recognises the importance of ensuring the timely reporting of fraud to law enforcement agencies in order to facilitate investigation and recovery of funds. As the national lead force for fraud, the City of London Police encourages all organisations to report fraud to the police, providing them with access to web-based applications that facilitate reporting. However, the government will consider the committee’s recommendation that all frauds be reported regardless of their size, and whether or not a financial institution has reimbursed a customer.
It is not currently always clear to consumers whether a fraud should be reported to an individual consumer’s bank, the police or to Action Fraud, nor is it always clear what each entity would do with the information provided. The process for reporting an economic crime needs to be clarified. We welcome the plans to issue guidance to Action Fraud and chief constables to ensure consumers reporting a crime are clearly told both how reported instances of fraud will be used, and also how they won’t be used, when they report a crime. (Paragraph 105)
The serious criticism of Action Fraud in the ‘Her Majesty’s Inspectorate of Constabulary and Fire & Rescue Services’ report and in the media need to be addressed. In its response to this report the government should set out what it has done to address this issue. (Paragraph 106)
The government has been overseeing a programme of activities to improve Action Fraud in response to the HMICFRS report findings and issues highlighted in the media.
In May this year, City of London Police appointed an additional Detective Chief Superintendent to deliver service improvements in the National Fraud Intelligence Bureau. This includes implementation of new processes for triaging and developing serious and organised fraud, and to oversee delivery of HMICFRS recommendations. New performance indicators have been agreed as part of Home Office and City of London Corporation accountability measures.
As a result of consultation with forces, Action Fraud victim lists highlight vulnerability and are now disseminated to forces on a weekly rather than monthly basis. Crime dissemination documentation has been redesigned to make it easier to interpret and action. Force demand and performance information has moved from bi-annual reports to monthly dashboards. Monthly and annual threat assessments have been improved to provide a more comprehensive intelligence picture and overview of national protect activity.
Guidance has been issued to forces to improve practices across a number of areas including fraud reporting and calls for service, victim communication and investigation policies.
City of London Police has been working with the National Economic Crime Centre and National Crime Agency to embed fraud within national strategic tasking and a voluntary tasking for fraud was agreed by chief constables in November 2019.
City of London Police has made clear it will not tolerate the poor behaviour by staff in the call centre exposed in The Times newspaper earlier this year. The individuals involved have been dismissed. This was swift and decisive action. An improvement plan was developed in August 2019 with 81 actions based upon an initial review by Concentrix and IBM. Actions cover recruitment, training, culture and process. Over half of the actions have been completed.
An independent review of Action Fraud and the National Fraud Intelligence Bureau by Sir Craig Mackey has been commissioned by the City of London Corporation to identify where further improvements can be made in the service. The Home Office will work with the City of London Corporation to ensure recommendations of the review are implemented effectively.
3. Consumer rights and responsibilities
The Contingent Reimbursement Model Code
We welcome the Contingent Reimbursement Model Code—a framework for financial institutions to use to determine when reimbursement should be provided to victims of APP Fraud—as a way to protect consumers. We remain unpersuaded that the Code should be voluntary and strongly urge any relevant parties who have not yet signed up to the Code to do so. As the first year review of the Code approaches, the Code should now be made compulsory through legislation. (Paragraph 114)
In 2015, the government set up the Payment Systems Regulator (PSR) with a statutory objective to, among other things, ensure that payment systems are operated in a way that takes account of users’ needs. Since 2016, the PSR has been driving forward work to make sure consumers are better protected against APP scams.
The PSR established a steering group of financial institutions and consumer representatives to develop a voluntary code of good practice to help protect consumers against these kinds of scam. At the end of February 2019, the steering group published the Contingent Reimbursement Model Code for Authorised Push Payments (the Code), which sets out the agreed principles for greater protection of consumers and the circumstances in which they will be reimbursed, making a significant step in delivering improved protections for consumers. The Code became effective on 28 May 2019 and customers of those payment service providers that are signatories are protected under the Code from this date.
The Code is still in its infancy and the government believes it should be given time to embed and take full effect before its effectiveness can properly be assessed. The Lending Standards Board (LSB), which is responsible for the Code, has committed to a first annual review of its operation in Summer 2020 and will shortly publish more information about its planned approach, including its intention to consult widely with consumer representatives and the industry. The LSB is also well-advanced with its own thematic review of the provisions of the Code governing the reimbursement of consumers, which will be completed in early 2020. The government looks forward to reviewing these findings when they become available.
At the launch of the Code, an interim funding arrangement for compensating victims was established by several launch signatories to provide reimbursements from implementation until a new long-term funding arrangement could be implemented by the end of 2019.
Industry and the regulators continue to explore options for a sustainable long-term solution for reimbursing ‘no blame’ victims, and the Code signatories who provided the initial funding have agreed to extend the funding deadline until March 2020, allowing these discussions to continue.
These discussions should be given time and space to continue so that a mutually agreeable ‘no blame’ solution can be arrived at and implemented. We look forward to seeing how these discussions unfold.
We accept that keeping the Practitioner Guide private avoids it becoming a guide to committing fraud. However, the current consumer guidance is so high level, it does not give consumers a clear sense of what is expected of them. Without sight of how the Code should work in practice, consumers may be left unable to effectively challenge their bank. This could lead to an increased number of cases being referred to the Financial Ombudsman Service and a delay in any potential reimbursement. We recommend that a more detailed consumers’ guide is produced, which includes practical examples. (Paragraph 124)
The FCA will address this recommendation in their response.
Reimbursement
We welcome the FCA’s recent rule changes requiring financial firms receiving payments to ensure that they are not inadvertently assisting economic crime. However, we are concerned by the lack of power financial institutions have to recover money sitting in bank accounts once it has been reported as stolen. Given the development of MITS technology, the government should review the current legislation around recovery of stolen funds to ensure that victims can be reimbursed as quickly as possible, whilst protecting legitimate transactions. (Paragraph 129)
In the Economic Crime Plan the government, working with UK Finance, has committed to develop a framework to repatriate funds to victims of fraud by December 2021. This framework will seek to better utilise new technology to track and trace fraudulent transactions, such as the Mule Insights Tactical Solution (MITS). This will include reviewing current legislation around the recovery and repatriation to victims of stolen funds, and, if necessary, make recommendations for appropriate changes.
Gross Negligence
The existing Payment Services Regulations do not define what actions by a customer would be deemed as ‘gross negligence’. As a result, each individual firm can set its own bar of what customer behaviour it would deem to be grossly negligent. This could lead to a lack of consistency between how customers with the same circumstances are treated. We recommend that an accepted definition for gross negligence should be agreed by the regulators. The regulators should require financial firms to produce an easy to read lists of ‘dos and don’ts’ for customers, to show how the individual financial firms would define proper account usage in the majority of circumstances. Such lists would allow for variations between firms. (Paragraph 139)
The FCA will address this recommendation in their response.
Financial firms must ensure that vulnerability is a key factor in determining if a consumer was grossly negligent. The FCA should ensure that the outputs from their recent consultation on the Guidance for Firms on the Fair Treatment of Vulnerable Customers covers any finding of gross negligence. (Paragraph 140)
If firms do find individual consumers to have been grossly negligent, we recommend their customer responses quote the legislation the firms are relying upon to refuse making a reimbursement, alongside an explanation of how this conclusion was reached. Although it may cause distress, we believe that using the phrase ‘grossly negligent’ would provide a very clear explanation to the consumer why their claim is being refused, and on what grounds. (Paragraph 141)
The FCA will address this recommendation in their response.
Education
Education has an important role to play in the wider fight against economic crime. There is always merit in equipping consumers with skills to give them the confidence and knowledge to pause and think about whether or not the situation they have found themselves in could be a fraud. (Paragraph 148)
We recommend that financial firms should undertake targeted education campaigns where trends have been identified and when new scams appear. These should include information at the point of opening an account about the consequences of being a money mule and information regarding emerging frauds so that consumers can stay vigilant. (Paragraph 149)
The government agrees with the Committee’s recommendation that financial firms should voluntarily undertake targeted education campaigns where trends have been identified and when new scams appear, and that these should include the provision of information on opening an account.
The messaging should complement the existing “Take Five – to stop fraud” campaign, which is run jointly by Government and UK Finance. It is designed to equip individuals and small businesses most vulnerable to fraud with the confidence to challenge criminal approaches.
It is important that financial education is not a ‘one time’ exercise. We recommend that reminders are sent out to consumers in different formats and at different times. This should include online marketing and social media to target messages to younger consumers. This will ensure that firms are not only meeting their obligations of the Contingent Reimbursement Model Code, but also will help prevent fraudsters from succeeding in the first place. (Paragraph 150)
The government agrees that financial institutions should consider sending reminders to consumers in different formats and at different times to help them protect themselves against fraud.
The “Take Five” campaign encourages individuals and small businesses most vulnerable to fraud to challenge criminal approaches. Similarly, the “Don’t Be Fooled” campaign, a partnership between UK Finance and Cifas, aims to deter students from becoming money mules, by educating them on the threat and the serious consequences of doing so.
Published: 13 March 2019