Share this post
What is this article about?
New regulatory changes for Payment Services Providers (PSPs) to combat APP fraud, requiring them to reimburse victims up to £415,000 per claim starting October 2024.
Why is it important?
It aims to enhance consumer protection and address significant financial losses from APP fraud, which amounted to £459.7 million in the UK in 2023.
What’s next?
PSPs need to review compliance documents, complete registrations by August 20, integrate necessary systems by October 7, and stay informed on updates to ensure compliance.
The payment services providers (PSPs) community is on the brink of significant regulatory changes due in October 2024, as the Payment Systems Regulator (PSR) enforces new rules under the authorised push payment (APP) fraud reimbursement policy. This policy aims to combat the escalating issue of APP fraud, where victims are tricked into authorising payments to criminals. According to UK Finance, Britons lost approximately £459.7 million to APP fraud in 2023, highlighting the urgent need for robust protective measures.
The PSR’s decision mandates that banks and payment companies reimburse victims up to £415,000 per claim. The May 2024 bulletin from Pay.UK provides detailed guidance on the upcoming changes and the steps PSPs must take to comply. PSPs are advised to review the published documents, complete their registration promptly, and integrate the necessary systems to be ready by the October deadline.
However, this move has sparked considerable debate within the industry. The Payments Association (TPA) has voiced concerns about the timeline, advocating for a one-year delay to ensure proper implementation and avoid severe repercussions for smaller fintech companies.
Despite these concerns, the new rules are set to take effect in October, making it imperative for all stakeholders to stay informed and prepared. Key actions for PSPs include reviewing all compliance documents, completing registration by August 20, and integrating RCMS systems. Regularly monitoring updates from Pay.UK and attending industry briefings will also be crucial. By staying proactive and engaged, PSPs can ensure compliance, protect their customers, and contribute to a more secure payments ecosystem.
Key developments in the APP fraud reimbursement policy
The APP Fraud Reimbursement Policy, as outlined in the May 2024 bulletin by Pay.UK, mandates several new compliance measures for PSPs aimed at enhancing the transparency and effectiveness of reimbursement processes for APP fraud victims. The policy introduces significant tools and deadlines that PSPs must adhere to, ensuring they are well-equipped to handle the changes. (To see how the legislation affects your organisation, click here).
The bulletin highlights the introduction of two primary compliance tools for PSPs:
- RCMS Core: This tool provides a directory of PSPs and functionality for Reporting Standard A data submissions to Pay.UK, crucial for maintaining accurate and comprehensive records.
- RCMS Core + Claims Management: An extension of RCMS Core, this tool includes a robust claims management system, facilitating efficient processing and resolution of fraud reimbursement claims.
These tools are accessible via API or a secure web-hosted user interface, offering flexibility to PSPs in integrating the new systems into their existing frameworks. Comprehensive API specifications and contract frameworks have already been published, aiding PSPs in preparing their systems for seamless integration.
Publication of compliance documents: On June 7, 2024, Pay.UK released critical documents, including the FPS APP Reimbursement Rules and Compliance Monitoring Process. These documents were accompanied by a phased “Best Practice Guide,” which addresses various implementation challenges identified during the policy rollout. Pay.UK said the guide aims to provide PSPs with practical insights and recommended procedures to navigate the new requirements effectively.
Targeted marketing and registration campaigns: In May, Pay.UK initiated a targeted marketing campaign, contacting PSPs likely to fall within the APP Reimbursement scope as directed by the PSR. PSPs are encouraged to check Pay.UK’s website regularly for updates and documentation. Registration for APP reimbursement is now open, with firms expected to complete their registrations by August 20, 2024.
These developments are part of Pay.UK’s broader effort to ensure that all PSPs are adequately prepared for the October 2024 deadline. By providing these tools and resources, Pay.UK said it aims to facilitate a smooth transition and ensure compliance with the new APP fraud reimbursement policy, which it claims will protect consumers and enhance trust in the payments industry.
Key dates for PSPs
To ensure compliance and readiness for the new APP Fraud Reimbursement Policy, Payment Services Providers (PSPs) must adhere to several critical milestones outlined in the May 2024 bulletin by Pay.UK. These dates are pivotal for the successful implementation of the policy and the smooth operation of the associated systems and processes.
- 7 June 2024
Registration opens: PSPs can begin registering for the APP reimbursement process. Early registration is crucial to ensure adequate preparation time and compliance with subsequent requirements.
Major documentation release: Key documents, including the FPS APP Reimbursement rules and Compliance Monitoring Process, will be published. This release also includes the phased “Best Practice Guide,” which will provide detailed procedures and recommendations for PSPs to follow. - 31 July 2024
Contract release/issue ready for signing: Contracts for RCMS Core and RCMS Core + Claims Management will be available for PSPs to sign. Completing this step promptly is essential for PSPs to proceed with onboarding and system integration. - 20 August 2024:
Deadline for PSPs to register as in scope for SD20: PSPs must complete their registration and attest to Pay.UK that they are within the scope of Specific Direction 20 (SD20). This step involves answering relevant questions to prepare for compliance and accepting the Registration Terms & Conditions. - 7 October 2024
Deadline to reimburse all claims 50/50: By this date, PSPs must be fully capable of reimbursing APP fraud claims, sharing liability equally with other involved parties. This capability is crucial to meet the policy’s requirements and ensure consumer protection. - 30 November 2024
First entry for new reporting: PSPs must start submitting data under the new reporting standards. This initial reporting will help establish a baseline and ensure ongoing compliance with the new policy. - 31 March 2025
Final switch-over date: This marks the complete transition to the new reimbursement and reporting systems. By this date, PSPs must have fully integrated the RCMS Core and RCMS Core + Claims Management systems into their operations. (This date assumes planning data to support the 1 May deadline currently under consultation by PSR.)
These dates highlight the urgency and complexity of the upcoming changes. PSPs are encouraged to stay proactive and diligent in meeting these milestones to ensure a smooth transition and compliance with the new APP fraud reimbursement policy.
Next steps for PSPs
With the APP fraud reimbursement policy’s critical deadlines rapidly approaching, PSPSs must take immediate and strategic actions to ensure compliance and readiness. Here are the key steps PSPs need to follow:
- Review published documents: PSPs should begin by thoroughly reviewing all the published documents provided by Pay.UK. This includes the FPS APP Reimbursement rules, the Compliance Monitoring Process, and the phased “Best Practice Guide.”
- Complete registration promptly: The registration process opens on June 7, 2024. PSPs must ensure they register as soon as possible to avoid last-minute complications. The registration process involves attesting to Pay.UK that the PSP is within the scope of Specific Direction 20 (SD20), answering relevant questions and accepting the Registration Terms & Conditions. Timely registration will also facilitate signing contracts for RCMS Core and RCMS Core + Claims Management, scheduled for July 31, 2024.
- Integrate RCMS systems: Once registered, PSPs must focus on integrating the RCMS Core and RCMS Core + Claims Management systems into their operations. This integration is crucial for meeting the new reporting standards and managing reimbursement claims efficiently. PSPs can access these systems via API or a secure web-hosted user interface. Pay.UK has said it is important to utilise the comprehensive API specifications and contract frameworks published to ensure seamless integration.
- Prepare for reimbursement capabilities: By October 7, 2024, PSPs must be fully capable of reimbursing APP fraud claims, sharing liability equally with other involved parties. This capability is a core requirement of the new policy, designed to protect consumers and enhance the industry’s accountability. PSPs should establish robust internal processes and systems to handle claims efficiently and accurately.
- Stay informed and proactive: PSPs should regularly check Pay.UK’s website for updates and new documentation. Staying informed about changes or additional requirements will help PSPs remain compliant and prepared. Engaging with industry briefings, such as the June 20, 2024 Industry Monthly Briefing, can provide insights and guidance.
- Leverage available resources: Attending industry briefings and demonstrations, like the demonstration of the Reporting Standard A data capture and reporting functionality at the Industry Monthly Briefing on June 20, 2024, will be beneficial. These sessions also provide opportunities to address any questions or concerns.
- Monitor and adjust systems: PSPs must continually monitor their systems and processes to ensure they align with the new requirements. Regular audits and reviews can help identify and rectify compliance gaps. Adjustments may be necessary as the policy is fully implemented and operational challenges arise.
- Engage with The Payments Association: PSPs should maintain active communication with The Payments Association and other industry bodies. These organisations can provide support, share best practices, and advocate for the industry’s interests.
Industry concerns and The Payments Association’s position
The new APP fraud reimbursement policy has not been without contention. The Payments Association (TPA) has raised significant concerns about the potential impacts of these regulations. In a letter to City minister Bim Afolami, thirty members of TPA outlined several key issues that could affect smaller fintech companies and the broader financial services landscape.
Concerns raised: Robert Courtneidge, board advisor and payments expert at TPA, has highlighted that the proposed mandatory reimbursement scheme could threaten the viability of smaller fintech companies. He states, “The maximum per claim reimbursement threshold of £415,000 is considered both disproportionate compared to average losses for individuals of less than £2,000 and also illogical as a mandatory amount that must, in most cases, be paid out in 5 working days without any chance to properly review a case.”
Courtneidge further explains, “The Financial Ombudsman, from where the limit was taken, would never be able to review a claim in this timeframe. Even with the longest timeframe with the ‘stop the clock’ invoked of 35 working days, any similar claim in court for this value would take years and be very thoroughly reviewed. This timeframe for review and payout is irresponsible, making it impossible to allow for proper review of claims.”
He argues that this high threshold could lead to significant additional costs, making many payment service providers economically unviable and potentially forcing them out of the market. “Please understand, we are not saying to remove the higher limit, but to give sufficient time in the (less than 5%) of cases above the £30,000 threshold (suggested by us) for the sending and receiving banks to conduct a proper review to determine if there was fraud and if the criteria (which need to be decided) have been met so that the victim should be reimbursed. Without a proper dispute resolution mechanism and thorough scrutiny of cases, the UK will fail one of its most important industries.”
Impact on competition and innovation: TPA emphasised that the new rules could stifle competition and innovation in areas such as open banking and digital challenger banking. They noted that the increased costs associated with the mandatory reimbursement scheme could create higher barriers to entry for new players and make it more difficult for challenger banks to compete with established incumbents.
Consumer and industry risks: The association also expressed concerns about the potential for increased first-party fraud and moral hazard, as the near-100% reimbursement policy could be exploited by fraudsters. They pointed out that without clear criteria for consumers to act cautiously, the policy might inadvertently encourage riskier behaviour among consumers.
Call for a balanced approach: The Payments Association urged for a more balanced consumer standard of caution and a lower per claim upper liability threshold. They suggested reducing the threshold to £30,000 and implementing measures to incentivise consumers to exercise greater caution. Additionally, they called for delaying the reimbursement obligations until the necessary industry utility for managing reimbursement reporting and settlement is operational.
Need for multi-stakeholder involvement: Highlighting that 77% of all APP fraud cases originate online, TPA stressed the need for social media platforms and telecommunication providers to play a more active role in preventing fraud. They advocated for these entities to share the costs of mandatory reimbursement and participate in new data-sharing requirements to mitigate fraud risks at the source.
These concerns underscore the broader tension between regulatory demands and industry readiness. The Payments Association’s recommendations aim to ensure that the new reimbursement rules are both effective in protecting consumers and sustainable for the industry, particularly for smaller fintech companies.
Final thoughts
The APP Fraud Reimbursement Policy represents a pivotal shift in protecting consumers and enforcing accountability within the payments sector. As the October 2024 deadline approaches, payment leaders must act decisively: review all compliance documents, complete registration by August 20, and integrate RCMS systems promptly. Regularly monitor updates from Pay.UK and attend industry briefings for the latest insights. By staying proactive and engaged, PSPs can ensure compliance, protect their customers, and contribute to a more secure payments ecosystem.
Read more Payments Intelligence
Payments trends report 2024
Discover how AI-driven innovation, blockchain advancements, and evolving consumer behaviours are reshaping the payments industry.
Unveiling digital fraud: Insights into scam trends and prevention in the UK payment sector
APP scams cost UK victims over £340 million in 2023, exposing systemic vulnerabilities and the urgent need for stronger fraud prevention and collaboration.
Key insights in navigating fraud in open banking
Open banking faces rising fraud risks, demanding industry-wide collaboration and smarter security solutions to build trust and resilience.