- Firms should consider retrospectively reimbursing victims of push-payment fraud
- Contingent Reimbursement Model should be compulsory
- 24-hour delay on all first-time payments needed
- Firms missing Confirmation of Payee deadline should be sanctioned
- Targeted information campaigns needed for potential money mules
- Banks should be more transparent around de-risking
The report was agreed when Catherine McKinnell MP was Interim Chair. Rt Hon. Mel Stride MP has since been elected as the Chair of the Treasury Committee. Rushanara Ali MP has been the Committee’s lead member for this inquiry and has therefore provided a quote below.
Report Summary
In the first half of this year, over £600 million was stolen from consumers. Economic crime is a serious and growing problem in the UK. One method to combat it is Confirmation of Payee, which will cross reference payee names with account numbers and sort codes. If financial firms aren’t ready to introduce it by March 2020, the regulators should consider sanctioning them. Another method which should be introduced is a 24-hour delay on all initial payments between accounts, providing time for consumers to consider if they are being defrauded. When money is stolen, the voluntary Contingent Reimbursement Model (CRM) is a welcome step to set out how its signatories should reimburse money lost to consumers by certain types of fraud. It should now be made compulsory, and firms should consider retrospectively reimbursing customers back to 2016. Regulators should define the term ‘grossly negligent’ to provide consistency on whether or not a consumer is reimbursed.
Key Points
- Fraud is the second most common crime type in England and Wales. There are two main types of economic crime affecting consumers: authorised push payments (APP), where the genuine customer processes a payment to another account whist is controlled by a criminal, and unauthorised fraud, where the account holder does not provide authorisation for the payment to proceed and the transaction is carried out by a third party. Both in terms of financial losses and the variety of scams suffered by consumers, it’s clear that economic crime is a serious and growing problem in the UK. To ensure a clear picture of the scale and types of economic crime facing consumers, the Financial Conduct Authority (FCA) should publish data on economic crime.
- At present, when a payment is sent, the initiator of the payment must give the payee’s name, account number and sort code. The latter two are cross referenced and confirmed with the receiving bank, but the payee’s name is not. Confirmation of Payee (CoP), which is set to be introduced in March 2020, involves the payee’s name also being confirmed. It’s a serious failure that banks weren’t already doing this. The regulators should consider sanctioning any firm that misses the March 2020 deadline.
- The Contingent Reimbursement Model (CRM) is a voluntary financial services industry code which sets out how its signatories should reimburse money lost to consumers via APP fraud. The CRM is welcome and should now be made compulsory in legislation. This won’t, however, provide any resolution to previous victims of such frauds. Financial firms have been warned since 2016 that they have been failing in their duty to protect customers by not linking information on account names to payments. Firms should strongly consider whether refusing to retrospectively reimburse customers who relied on the payee name is fair and just.
- Faster Payments are an instant transaction which are normally processed in seconds. Fraudsters rely on this speed to move money into a series of accounts before consumers and banks are aware. Very few first-time payments need to be received instantaneously. Therefore, there should be a mandatory 24-hour delay on all first-time payments, providing time for consumers to consider if they are being defrauded. All future payments to the same account could flow at normal speed. If an initial payment was needed instantly, a customer could ring their bank and additional checks could be carried out for the funds to be released.
- Money mules are individuals who allow their bank account to be used to move criminal funds. In 2018 there were around 40,000 cases that bore the hallmarks of money mule activity. For example, it was reported that students were selling their account log-in details to fraudsters who sought to evade the strict checking procedures when individuals try to open an account. Where groups of people who may be most susceptible to being persuaded to become money mules are identified, targeted information campaigns should be undertaken e.g. banks should work with universities to provide information for students.
- De-risking is where a bank ends its relationship with a customer it deems to be too high-risk. The Committee has been told that whole sectors have had their banking services withdrawn or refused in the first place without explanation and no avenue to query the decision. Banks must be as transparent as possible on de-risking to allow all individuals and firms the best possible chance of keeping their financial services. The FCA, which has at times appeared unable to act to prevent de-risking from happening, and the Financial Ombudsman Service should ensure that, where possible and appropriate, instances of de-risking where a customer cannot come to resolution with their banks are fully investigated and banking services returned as quickly as possible.
- The Committee has heard concerns about how law enforcement has been dealing with economic crime, and the lack of resources allocated to it. It is unacceptable that victims of potentially devastating crime can have their cases moved across law enforcement from pillar to post. It’s welcome, therefore, that this is both a focus of the police, and its inspectorate. It’s concerning that banks do not always appear to be reporting instances to the police where, for example, the bank has reimbursed the victim. The Government should require all frauds to be reported regardless of their size, and whether or not a financial institution has reimbursed a consumer. It is not always clear to consumers whether a fraud should be reported to a bank, the police or Action Fraud, nor is it always clear what each entity would do with the information provided. This process needs clarifying for consumers.
- When a firm concludes that a loss from an unauthorised fraud was down to the consumer’s own ‘gross negligence’, reimbursement is unlikely. Existing regulations don’t define ‘gross negligence’, allowing individual firms to set their own bar of what customer behaviour it deems to be grossly negligent. This could lead to a lack of consistency between how customers with the same circumstances are treated. The regulators should agree an accepted definition of gross negligence and require firms to provide a list of ‘dos and don’ts’ for customers to show how individual firms define proper account usage.
Member's comments
Commenting on the Report, Rushanara Ali MP, the Treasury Committee’s lead member for this inquiry, said:
“With scams getting ever-more sophisticated, it’s clear that economic crime is a serious and growing problem in the UK.
“The Treasury Committee’s report examines the scale of economic crime faced by consumers, ways that financial firms are combatting economic crime, how economic crime is investigated, and consumer’s rights and responsibilities.
“To ensure that consumers are protected, it should now be compulsory for financial firms to reimburse money lost to victims of Authorised Push Payment fraud, and they should consider doing so retrospectively.
“There should also be a mandatory 24-hour delay on all first-time payments, allowing consumers time to consider the risk that they are being defrauded.
“The Government and regulators should take on board all of the Committee’s recommendations to enhance consumer protection in the face of this harmful tide of criminal activity.”