Recommendation 26

HM Government Not Addressed

Our initial work on APP scams led to the introduction of the CRM Code in May 2019. Since then, there has been a considerable amount of progress to protect victims and improve incentives for payment service providers (PSPs) to prevent APP fraud. The voluntary agreement by signatories to the Code represented a major step forward in increasing the protection that their customers are entitled to, while setting out standards for PSPs to improve fraud prevention and victim care. We welcome the Committee’s recognition of our work on the CRM Code and support for the code should be mandatory. The Code is now a key tool in preventing APP scams and has led to better protections for victims since its introduction. We have seen an industry-wide shift in focus toward prevention, backed by PSR-led initiatives such as Confirmation of Payee (CoP), the name-checking service that has helped reduce fraud and accidentally misdirected payments. We introduced Phase 1 of CoP in August 2019 when we issued Specific Direction 10 (SD10) to the six largest banking groups, requiring them to implement CoP. Since then, several other PSPs have voluntarily joined the service. Having analysed the impact of Phase 1, we have seen that CoP has limited the increase in APP scams, reduced the levels of fraudulent funds received by PSPs that have implemented CoP, and reduced the number of accidentally misdirected payments. We recognise that there is still a lot of work to do to stop fraud from happening, to reduce APP scams, and improve consistency and coverage of protection of victims. In February 2021 we published a call for views on the nature and scale of the issues with the CRM Code. In this document we stated that levels of reimbursement vary materially across PSPs and, as participation in the code is voluntary, many customers fall outside the protections it offers. We also invited views on three complementary measures to prevent APP scams and improve outcomes for victims. November 2021 we published a consultation paper setting out our upcoming activity and our proposals to tackle this growing issue. We proposed to: • Require the 12 largest PSP groups in the UK (including most of the biggest high street brands) and the two next-largest PSPs in Northern Ireland to publish comparative data on: Ȥ their APP scams reimbursement levels for customers who are APP scam victims Ȥ which PSPs their fraudulent payments have been sent to This means that, for the first time, customers will be able to understand how well their PSP is preventing APP scams and treating victims, and which PSPs are receiving these fraudulent payments. • Support and require industry to improve intelligence sharing, to improve detection and prevention of APP scams. • Make reimbursement for scam victims mandatory. While we do not have the powers to do this at present, we welcomed the announcement from John Glen MP, Economic Secretary to the Treasury, that the government will legislate to address any barriers to regulatory action at the earliest opportunity. We continue to work to ensure that we can act quickly once this legislative barrier is removed. In addition to the above three proposals, we continue to look at other ways of preventing APP scams and reimbursing victims. This includes looking at how the PSR, Pay.UK, and industry could implement rules (for example, in Faster Payments) within the parameters of existing legislation, and wider adoption of existing measures such as Request to Pay and the Biller Update Service. Next steps We are considering the responses to our consultation and continue to work at pace to implement these proposals. On data publication, we have been progressing a trial with 14 PSPs to understand what data is available, and to invite industry feedback on data templates and guidance. We plan to publish a direction on data publication in the summer. On mandatory reimbursement, we continue to work with the government to address the barriers to regulatory action. We are ready to impose measures that require PSPs to reimburse APP scam victims, following legislative change. We have developed our proposals in anticipation of the legislation coming into force, and will publicly announce our approach in autumn 2022. In the meantime, we continue our engagement with the LSB to ascertain what changes can be made to the CRM Code to improve outcomes. We are also engaging with a range of stakeholders to identify areas for coordination to drive a consistent and comprehensive approach to APP scams, including other sectors where these scams often originate. While our proposals are focused on our remit, we continue to engage in the broader debate with government, other regulators, and other sectors on what can be done more widely to prevent APP scams.