Menu
Member's Hub
Join us
Member sign in
Login

The PSR’s RCMS consultation: What payment firms need to know

11 April 2025
by Payments Intelligence

LinkedIn
Email
X
WhatsApp

What is this article about?

The PSR’s consultation on mandating the Reimbursement Claims Management System (RCMS) for APP fraud claims handling

Why is it important?

The consultation will shape how and when the RCMS is adopted, with major implications for compliance, fraud prevention, and operational readiness across the payments industry.

What’s next?

The PSR will gather industry feedback in April 2025 to determine whether and when RCMS adoption should become mandatory, with implementation unlikely before late 2025.

The UK’s fight against authorised push payment (APP) fraud has taken a major step forward with the implementation of mandatory reimbursement rules. Now, attention turns to the infrastructure that will support the long-term success of those rules—namely, the Reimbursement Claims Management System (RCMS).

Developed by Pay.UK, the RCMS is designed to provide a standardised, secure way for payment service providers (PSPs) to manage, track, and communicate APP scam reimbursement claims. In April 2025, the Payment Systems Regulator (PSR) will launch a formal consultation on whether to mandate the use of the system, and if so, when.

While the system offers a promising path to greater efficiency and transparency, the PSR has acknowledged the significant effort already required from industry to implement the new reimbursement regime. Now, it wants to hear from stakeholders on what comes next.

Industry Voices

It's important for the UK to have a centralised claims management system for APP scams—something that can offer the process for consumers and merchants to make valid claims and fight fraudulent claims. The card schemes have long had the chargeback system, which allows for resentments and arbitration, and whilst not perfect, that system allows both parties to the transaction to find a middle ground. This is especially important with the rise in first-party (friendly) fraud and to give merchants trust in the system to help grow adoption. Implementing such a system will have its challenges, but today, technology can be leveraged to build a more sophisticated system than the one that has existed for decades with the schemes. 
Masha Cilliers headshot
Masha CilliersAmbassador, The Payments Association
The rollout of the centralised claims management system (RCMS) marks a major shift in how APP scam claims are handled. While integrating legacy systems will be tricky, the move promises greater consistency, collaboration, and transparency across the industry. PSPs will need to upgrade tech, retrain teams, and ensure airtight data security—but the payoff is worth it. Faster, clearer claims processing benefits both consumers and providers, and improved data insights mean better fraud detection. This isn’t just a compliance exercise—it’s an opportunity to modernise, outpace fraudsters, and create a safer, smarter payments ecosystem.
Monica Eaton
Monica EatonCEO, Chargebacks911

Why the consultation matters

The PSR’s consultation on the RCMS is not just another box-ticking exercise. In earlier statements, the regulator had signalled that if requirements were confirmed following consultation, May 2025 could be a possible go-live date. That timeline has now been ruled out.

While the regulator initially suggested that mandatory use of RCMS could come as early as May 2025 (if confirmed following consultation), it has now said this timeline is no longer feasible. Instead, the April consultation will focus on whether to require RCMS adoption and when any such requirement could realistically come into effect.

No regulatory requirements on RCMS usage will be introduced before late 2025, and only after careful consideration of consultation feedback.

In short, the industry has been through a lot in a short space of time. PSPs of all sizes have spent months building systems, updating processes, and training staff to comply with the October 2024 rules. Overlaying a new technology mandate on top of that—particularly for smaller PSPs and fintechs—could risk overstretching firms and compromising compliance elsewhere.

The PSR is, therefore, taking a more measured approach. The April 2025 consultation will ask for industry views on when and how any future RCMS requirements should be implemented. While late 2025 is the earliest anticipated go-live date, nothing is set in stone. The regulator has said it will carefully consider feedback before deciding next steps.

What the consultation will cover

🔍 The PSR’s RCMS Consultation
What Will Be Covered?
🗓️ Mandate Timing and Phasing
Exploring when RCMS adoption could realistically be mandated. Considering a phased or tiered rollout based on firm size, transaction volume, or technical readiness.
⚙️ Operational Readiness
Assessing whether PSPs are technically prepared to connect with RCMS. Identifying barriers such as staffing capacity, system integration, training, and legal complexity.
📊 Data Standardisation and Sharing
Evaluating the potential of RCMS to improve fraud data accuracy and availability. Examining whether current data protection and governance frameworks meet industry expectations.
💷 Cost and Resource Impact
Understanding implementation and maintenance costs across the sector. Addressing concerns over uneven burden, particularly for smaller PSPs and newer market entrants.
🛡️ Victim Experience
Considering how RCMS could enhance the claims process for fraud victims. Aligning the system with broader standards for transparency, fairness, and consumer redress.

Based on the PSR’s March 2025 update, here’s what PSPs can expect the consultation to explore:

Timing and phasing of mandates

  • What would be a realistic implementation date for mandating RCMS usage?

  • Should there be a phased or tiered approach, e.g., by firm size or transaction volume?

Operational readiness

  • Are PSPs technically ready to integrate with the RCMS?

  • What barriers exist in terms of staffing, training, systems or legal constraints?

Data standardisation and sharing

  • Will RCMS improve the accuracy and availability of fraud data across the ecosystem?

  • Are PSPs comfortable with the data protection and governance mechanisms in place?

Cost and resource impact

  • What will the system cost to implement and maintain?

  • Are there concerns about disproportionate burdens on smaller firms?

Victim experience

  • Will RCMS make the claims process faster, simpler, and more transparent for victims?

  • How can the system be aligned with wider expectations for consumer redress?

Industry reaction: Balancing innovation and practicality

While there is broad support for a centralised system in principle, firms will likely raise practical questions in their consultation responses.
Larger PSPs may be more confident in their ability to integrate with RCMS quickly, particularly if they’ve already made progress in onboarding. However, smaller PSPs, including fintechs, building societies, and payment institutions, may argue that they need more time, funding support, or flexibility in how adoption is phased.

There are also questions about governance and access. Will all PSPs be treated equally within the RCMS framework? How will disputes between sending and receiving firms be resolved within the system? And how will the PSR use the data it receives via RCMS to monitor compliance and enforcement?

Critically, firms want reassurance that RCMS won’t simply become another compliance burden but will actually deliver value in terms of automation, case resolution speed, and reduction in manual overhead.

Stakeholder engagement

The PSR has been clear that stakeholder engagement is crucial. The RCMS will not be mandated overnight, and the consultation is intended to gather views from a wide cross-section of the industry — not just banks and building societies but also e-money firms, fintechs, processors, and trade bodies.

Firms should start preparing their responses now and consider the following:

  • Running internal assessments of technical readiness
  • Gathering evidence on likely costs and integration timelines
  • Speaking to vendors, industry bodies, and legal teams
  • Submitting coordinated responses where possible to amplify key concerns

RCMS Key Dates

Hover over me

What this means for compliance teams

While the April 2025 consultation does not impose any immediate regulatory obligations, compliance teams should treat it as a signal to prepare, particularly for the possibility of RCMS becoming mandatory in late 2025.

The PSR has been clear: PSPs’ feedback will shape any future requirement’s direction and timing. However, that feedback will only be meaningful if firms have already begun thinking through the operational and compliance implications.

Here’s what compliance teams should consider in the weeks ahead:

  • Assess your current preparedness: Map out where you are in relation to potential RCMS onboarding. Have you engaged with Pay.UK? Do you know what integration would require in terms of systems, data flows, and resources?
  • Identify internal gaps: What policies, controls or reporting mechanisms would need to be updated if RCMS became a regulatory requirement? Are your fraud teams and case handlers aligned with compliance on this?
  • Coordinate with legal and technology teams: Ensure your legal advisors are aware of the potential governance and liability implications of using RCMS and that your tech teams understand what system integration might involve.
  • Document cost implications: Be ready to provide input on the adoption’s financial and operational impact. If your firm wants to argue for a phased or proportionate timeline, supporting evidence will strengthen your case.
  • Prepare to respond to the consultation: Whether directly or via a trade association, firms should plan to engage with the consultation. Assign ownership internally and track the PSR’s timeline.
LinkedIn
Email
X
WhatsApp

Read more Payments Intelligence

The Payments Association

St Clement’s House

27 Clements Lane

London EC4N 7AE

+44 20 3540 9760
 

© Copyright 2024 The Payments Association. All Rights Reserved. The Payments Association is the trading name of Emerging Payments Ventures Limited.

Emerging Ventures Limited t/a The Payments Association; Registered in England and Wales, Company Number 06672728; VAT no. 938829859; Registered office address St. Clement’s House, 27 Clements Lane, London, England, EC4N 7AE.

PA@TheCity Non-Member Guest Policy

Follow us on

Back to main menu

Membership

Our members

Member benefits

Become a member

Merchant Community Membership

Our merchants

Join the merchant community

Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.
Sign in
Become a member
Contact us
Careers
Youtube Spotify Twitter Linkedin

Welcome

Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Haven't set up an account yet?
Having trouble logging in?

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?

E-mail us