Scam reimbursement: pushing for a better solution: Payment Systems Regulator’s response to the Committee’s Thirteenth Report

Sixth Special Report of Session 2022–23

Author: Treasury Committee

Related inquiry: Authorised push payment fraud reimbursement scheme

Date Published: 14 June 2023

Download and Share

Contents

Sixth Special Report

The Treasury Committee published its Thirteenth Report of Session 2022–23, Scam reimbursement: pushing for a better solution, (HC 939), on 6 February 2023. On 7 June 2023, we received a letter from the Payment Systems Regulator to the Treasury Sub-Committee on Financial Services Regulations, containing the response. The response has been appended to this Report.

Appendix: Response from the Payment Systems Regulator

Letter from the Payment Systems Regulator and attached Response to the Report

I am writing in response to the Treasury Sub-Committee on Financial Services Regulation’s Report, Scam reimbursement: pushing for a better solution, published on 6 February 2023. We welcome the Committee’s continued interest in Authorised Push Payment (‘APP’) fraud, and the opportunity to provide written and oral evidence to the Sub-Committee. We were grateful for the opportunity to provide an interim response to the Sub-Committee’s Report, while we developed our policy position. We have given careful consideration to the many responses to our consultation. Our refined policy position takes into account the wide range of views expressed.

Today there are more incidents of fraud than any other crime in the UK, and Authorised Push Payment (APP) fraud has risen quickly to become one of the largest types of payment fraud. By the time a victim becomes aware that they have been scammed, it is often too late to stop it. This can have a devastating impact on the victim’s life or business.

The PSR is committed to fighting APP fraud and, in a world first, we will be introducing a new requirement for Payment Service Providers (‘PSPs’) to reimburse qualifying customers who are the victims of APP fraud. Our approach will also:

  • Incentivise the payment industry to invest further in end-to-end fraud prevention by splitting the costs of reimbursement between payment-sending and payment-receiving PSPs in qualifying APP fraud cases;
  • Increase customer protections, so that most victims of APP fraud will be swiftly reimbursed to drive confidence in the UK payment system; and
  • Pursue our long-term ambition for Pay.UK to take on a broader role and actively improve the rules governing Faster Payments to tackle fraud.

Reimbursement is part of our multi-pronged approach to tackling APP fraud. Alongside this new requirement, we will be increasing transparency through a new balanced scorecard of APP fraud data, promoting intelligence sharing and expanding the roll-out of Confirmation of Payee. We have already seen positive change in the industry since we announced our plans, with increased efforts by firms to tighten up controls and share more data than ever before. We expect industry to continue these initiatives and adopt new, innovative approaches to prevent APP fraud.

We are not acting alone in fighting APP fraud. Collaboration is critical for tackling this problem effectively. The PSR is engaging extensively with the Financial Conduct Authority, HM Treasury, the Home Office, the Department for Digital, Culture, Media and Sport, Ofcom, and Policing and other public bodies to work towards our joint ambition to stop fraudsters operating in the UK.

We want to implement the new reimbursement requirement as soon as is practically possible. We recognise this will be challenging for some firms in the short term but, in the longer-term, it will consistently raise standards, increase safety and security for customers, and contribute towards maintaining the UK’s position as a global leader in payments. We are committed to achieving this goal and will work closely with Pay.UK and industry to drive effective, timely implementation

I am pleased to present, alongside this letter, our policy statement on our next steps towards implementing APP scam reimbursement. This will involve an intensive period of further engagement with industry participants, consumer groups, the Financial Conduct Authority, HM Treasury, the Bank of England, and others with an interest in ensuring this policy succeeds.

This letter sets out our response to the Sub-Committee’s Report and, where appropriate, outlines how our policy statement addresses the Report’s conclusions and recommendations.

Yours sincerely

Chris Hemsley

Managing Director

The Payment System Regulator’s response to the Sub-Committee’s recommendations

Pay.UK is an industry body. Its role in authorised push payment fraud reimbursement proposed by the Payment Systems Regulator has inherent conflicts of interest. These are particularly acute where Pay.UK is responsible for ensuring that the banks and building societies that are its own guarantors pay out large sums of money in reimbursement to consumers. (Paragraph 23)

We acknowledge the Sub-Committee’s concerns about the role of Pay.UK in the proposed reimbursement scheme. Pay.UK has an independent board and – importantly – is subject to oversight and regulation by the PSR. Reflecting this, we consider that Pay.UK is the appropriate body, in the long-term, to undertake the role of making, maintaining, refining, monitoring, and securing compliance with, comprehensive scheme rules that address fraud risks in the system. With the PSR overseeing both Pay.UK’s performance in this role and participants’ compliance with those rules.

However, we do recognise that at present there are factors limiting Pay.UK’s ability to fully take on this role. We will therefore implement the new reimbursement requirement via two routes. The first will be, as we originally proposed in our consultation document, to require via section 55 of the Financial Services (Banking Reform) Act 2012, that Pay.UK establishes scheme rules for the Faster Payment Service (‘FPS’), to require all PSPs using FPS to comply with our APP fraud reimbursement policy.

The second, additional measure will be to issue a General PSR Direction under section 54 of the Financial Services (Banking Reform) Act 2012 to all PSPs, requiring them to comply with the scheme rules established by Pay.UK under the section 55 requirement. We are currently awaiting the enactment of the Financial Services and Markets Bill, which is currently before Parliament, to give us the statutory authority to undertake these actions. Assuming the Bill becomes law in this session of Parliament, we will be able to impose these requirements on Pay.UK and Payment Service Providers by the end of 2023.

This approach will provide a more direct regulatory route to securing compliance with the new requirements and would also help to mitigate any risks of the conflicts of interest identified by the Sub-Committee’s Report.

We are concerned that the Payment Systems Regulator’s current position, confident that its proposals will work well but reserving the right to react with direct intervention if they do not, ignores the extent to which Pay.UK is conflicted. (Paragraph 24)

As described above, the amendments to our original policy proposals, outlined above, to simultaneously exercise our powers under section 54 and section 55 of the Financial Services (Banking Reform) Act 2012, will help to mitigate any risks of conflicts of interest identified by the Sub-Committee’s Report.

The PSR’s intention to require Pay.UK to use scheme rules to implement APP fraud reimbursement creates an opportunity for guarantors and other PSPs—some of which oppose reimbursement—to delay its implementation, including through influencing the Pay.UK board. (Paragraph 31)

The proposals we set out included using our powers to directly require changes to Faster Payment rules. We have retained this element of our proposals, which would then place a legal obligation on Pay.UK to implement the changes we set out by a date we specify.

We have also set out our decision to include a General Direction on all payment firms to comply with the rules that we would put in place.

Reflecting this, we consider that our approach will mitigate any risks of delay caused by any reluctance on the part of Pay.UK’s board to make the necessary changes. Any delay would risk triggering formal enforcement action by the PSR for a failure to comply with the directions in place on the company. Pay.UK is working collaboratively with the PSR on the plans to implement these changes in a timely and effective manner.

Pay.UK is less well-equipped than the PSR to deliver mandatory reimbursement quickly. Pay.UK requires a consensus of its members to change its scheme rules, whereas the PSR can exercise its powers of direction unilaterally. Pay.UK also lacks effective regulatory tools to ensure the swift compliance of PSPs. If the PSR leaves these proposals in the hands of Pay.UK it risks losing control of its timetable and increases the likelihood that mandatory reimbursement—which has already been unacceptably delayed until 2024—could be delayed yet further. (Paragraph 32)

Our decision includes our intention to issue formal directions on both Pay.UK and PSPs. As originally proposed, Pay.UK will be required to make the rule changes we set out, and—in a change to our initial proposals—all PSPs will be required to comply with them. Both requirements will be backed by our regulatory oversight and enforcement powers.

Consistent with the Sub-Committee’s recommendation, this change in our approach further reduces the risk of delay, by the PSR making more use of its powers of direction.

Victims of APP fraud have been waiting more than long enough. The PSR should ensure the payment systems industry has fully implemented mandatory APP fraud reimbursement by the end of 2023. The PSR should provide quarterly updates on progress against that deadline to the Sub-Committee. (Paragraph 33)

The PSR is fully committed to securing better protections for victims of APP fraud as swiftly as is practicable. We have taken, and will continue to take, the necessary policy and operational steps to ensure that we are able to meet the statutory obligations in the Financial Services and Markets Bill, once enacted. On the assumption that the Bill becomes law in this session of Parliament, we will then proceed to consult on the timetable for the full implementation of the new arrangements. As referenced at the December 2022 hearing, the steps required to implement the requirements are consistent with the protections coming into full effect in 2024.

We are happy to provide quarterly progress updates to the Sub-Committee.

Pay.UK is not a regulator. It lacks the necessary independence and enforcement powers to be effective in enforcing compliance with APP fraud reimbursement rules. (Paragraph 42)

As noted above, we have set out our plans to issue formal directions on both Pay.UK and PSPs in order to implement these new requirements.

Our long-term vision does not include Pay.UK taking a regulatory role but does envisage that over time it would play a greater role in monitoring compliance and making sure that all participants comply with the system rules. As a designated system – and consistent with the situation today – this is all backed by the PSR’s oversight and enforcement powers.

The Financial Services and Markets Bill, as introduced to the House of Lords, instructs the PSR to use:

  • its powers under section 54 of the Financial Services (Banking Reform) Act 2013;
  • (the Act) to direct payment system participants;
  • its powers under section 55 of that Act to require Pay.UK to make rules;
  • or a combination of the two to provide for the reimbursement of Faster Payments APP fraud victims. The PSR’s current proposal of using section 55 powers alone is a recipe for non-compliance and delay. Mirroring the PSR’s approach to Confirmation of Payee protections, making directions to payments service providers supported by detailed scheme rules, is more conducive to effective and timely progress. (Paragraph 43)

As we have outlined above, we are now proposing to issue a section 54 direction to all PSPs, alongside requiring Pay.UK to create detailed scheme rules under section 55.

The PSR’s proposal to delegate the mandatory reimbursement of APP fraud victims to Pay.UK through Faster Payments scheme rules is fundamentally flawed on three grounds:

  • Pay.UK is an industry body and is inherently conflicted;
  • It is conducive to further delay to an already unacceptably extended process; and
  • Pay.UK lacks the enforcement powers of a regulator (Paragraph 44 )

As noted above, our original proposal to place a direction on Pay.UK limits the scope for it to delay the necessary rule changes. Further, and as also noted above, we have amended our approach, and are proposing to issue a section 54 direction to PSPs, alongside requiring Pay.UK to create detailed scheme rules under section 55. This further limits the risk that PSPs fail to comply with the revised rules without facing appropriate consequences, backed by the PSR’s oversight and enforcement powers.

We recommend the PSR revise its plans to incorporate its use of directions to payment service providers under section 54 of the Financial Services (Banking Reform) Act 2013. This will give the regulator more control over the process and result in better outcomes for consumers. (Paragraph 45)

As we have outlined above, we are now proposing to issue a section 54 direction to PSPs, alongside requiring Pay.UK to create detailed scheme rules under section 55.

We hope these responses have provided a welcome degree of reassurance to the Committee. The Sub-Committee’s input and constructive challenge was helpful in supporting our ongoing process of developing and refining our initial proposals.

We are acutely aware that there remains a considerable operational challenge to realise our ambition for the UK to be the first country in the world that requires mandatory reimbursement for victims of APP fraud. We look forward to keeping the Sub-Committee updated on the progress of our work.