The PSR’s RCMS consultation: What payment firms need to know

11 April 2025
by Payments Intelligence

What is this article about?

The PSR’s consultation on mandating the Reimbursement Claims Management System (RCMS) for APP fraud claims handling

Why is it important?

The consultation will shape how and when the RCMS is adopted, with major implications for compliance, fraud prevention, and operational readiness across the payments industry.

What’s next?

The PSR will gather industry feedback in April 2025 to determine whether and when RCMS adoption should become mandatory, with implementation unlikely before late 2025.

The UK’s fight against authorised push payment (APP) fraud has taken a major step forward with the implementation of mandatory reimbursement rules. Now, attention turns to the infrastructure that will support the long-term success of those rules—namely, the Reimbursement Claims Management System (RCMS).

Developed by Pay.UK, the RCMS is designed to provide a standardised, secure way for payment service providers (PSPs) to manage, track, and communicate APP scam reimbursement claims. In April 2025, the Payment Systems Regulator (PSR) will launch a formal consultation on whether to mandate the use of the system, and if so, when.

While the system offers a promising path to greater efficiency and transparency, the PSR has acknowledged the significant effort already required from industry to implement the new reimbursement regime. Now, it wants to hear from stakeholders on what comes next.

Industry Voices

It's important for the UK to have a centralised claims management system for APP scams—something that can offer the process for consumers and merchants to make valid claims and fight fraudulent claims. The card schemes have long had the chargeback system, which allows for resentments and arbitration, and whilst not perfect, that system allows both parties to the transaction to find a middle ground. This is especially important with the rise in first-party (friendly) fraud and to give merchants trust in the system to help grow adoption. Implementing such a system will have its challenges, but today, technology can be leveraged to build a more sophisticated system than the one that has existed for decades with the schemes.

The rollout of the centralised claims management system (RCMS) marks a major shift in how APP scam claims are handled. While integrating legacy systems will be tricky, the move promises greater consistency, collaboration, and transparency across the industry. PSPs will need to upgrade tech, retrain teams, and ensure airtight data security—but the payoff is worth it. Faster, clearer claims processing benefits both consumers and providers, and improved data insights mean better fraud detection. This isn’t just a compliance exercise—it’s an opportunity to modernise, outpace fraudsters, and create a safer, smarter payments ecosystem.

Why the consultation matters

The PSR’s consultation on the RCMS is not just another box-ticking exercise. In earlier statements, the regulator had signalled that if requirements were confirmed following consultation, May 2025 could be a possible go-live date. That timeline has now been ruled out.

While the regulator initially suggested that mandatory use of RCMS could come as early as May 2025 (if confirmed following consultation), it has now said this timeline is no longer feasible. Instead, the April consultation will focus on whether to require RCMS adoption and when any such requirement could realistically come into effect.

No regulatory requirements on RCMS usage will be introduced before late 2025, and only after careful consideration of consultation feedback.

In short, the industry has been through a lot in a short space of time. PSPs of all sizes have spent months building systems, updating processes, and training staff to comply with the October 2024 rules. Overlaying a new technology mandate on top of that—particularly for smaller PSPs and fintechs—could risk overstretching firms and compromising compliance elsewhere.

The PSR is, therefore, taking a more measured approach. The April 2025 consultation will ask for industry views on when and how any future RCMS requirements should be implemented. While late 2025 is the earliest anticipated go-live date, nothing is set in stone. The regulator has said it will carefully consider feedback before deciding next steps.

What the consultation will cover

🔍 The PSR’s RCMS Consultation

What Will Be Covered?

🗓️ Mandate Timing and Phasing

Exploring when RCMS adoption could realistically be mandated. Considering a phased or tiered rollout based on firm size, transaction volume, or technical readiness.

⚙️ Operational Readiness

Assessing whether PSPs are technically prepared to connect with RCMS. Identifying barriers such as staffing capacity, system integration, training, and legal complexity.

📊 Data Standardisation and Sharing

Evaluating the potential of RCMS to improve fraud data accuracy and availability. Examining whether current data protection and governance frameworks meet industry expectations.

💷 Cost and Resource Impact

Understanding implementation and maintenance costs across the sector. Addressing concerns over uneven burden, particularly for smaller PSPs and newer market entrants.

🛡️ Victim Experience

Considering how RCMS could enhance the claims process for fraud victims. Aligning the system with broader standards for transparency, fairness, and consumer redress.

Based on the PSR’s March 2025 update, here’s what PSPs can expect the consultation to explore:

Timing and phasing of mandates

What would be a realistic implementation date for mandating RCMS usage?
Should there be a phased or tiered approach, e.g., by firm size or transaction volume?

Operational readiness

Are PSPs technically ready to integrate with the RCMS?
What barriers exist in terms of staffing, training, systems or legal constraints?

Data standardisation and sharing

Will RCMS improve the accuracy and availability of fraud data across the ecosystem?
Are PSPs comfortable with the data protection and governance mechanisms in place?

Cost and resource impact

What will the system cost to implement and maintain?
Are there concerns about disproportionate burdens on smaller firms?

Victim experience

Will RCMS make the claims process faster, simpler, and more transparent for victims?
How can the system be aligned with wider expectations for consumer redress?

Industry reaction: Balancing innovation and practicality

While there is broad support for a centralised system in principle, firms will likely raise practical questions in their consultation responses.
Larger PSPs may be more confident in their ability to integrate with RCMS quickly, particularly if they’ve already made progress in onboarding. However, smaller PSPs, including fintechs, building societies, and payment institutions, may argue that they need more time, funding support, or flexibility in how adoption is phased.

There are also questions about governance and access. Will all PSPs be treated equally within the RCMS framework? How will disputes between sending and receiving firms be resolved within the system? And how will the PSR use the data it receives via RCMS to monitor compliance and enforcement?

Critically, firms want reassurance that RCMS won’t simply become another compliance burden but will actually deliver value in terms of automation, case resolution speed, and reduction in manual overhead.

Stakeholder engagement

The PSR has been clear that stakeholder engagement is crucial. The RCMS will not be mandated overnight, and the consultation is intended to gather views from a wide cross-section of the industry — not just banks and building societies but also e-money firms, fintechs, processors, and trade bodies.

Firms should start preparing their responses now and consider the following:

Running internal assessments of technical readiness
Gathering evidence on likely costs and integration timelines
Speaking to vendors, industry bodies, and legal teams
Submitting coordinated responses where possible to amplify key concerns

RCMS Key Dates

Hover over me

What this means for compliance teams

While the April 2025 consultation does not impose any immediate regulatory obligations, compliance teams should treat it as a signal to prepare, particularly for the possibility of RCMS becoming mandatory in late 2025.

The PSR has been clear: PSPs’ feedback will shape any future requirement’s direction and timing. However, that feedback will only be meaningful if firms have already begun thinking through the operational and compliance implications.

Here’s what compliance teams should consider in the weeks ahead:

Assess your current preparedness: Map out where you are in relation to potential RCMS onboarding. Have you engaged with Pay.UK? Do you know what integration would require in terms of systems, data flows, and resources?
Identify internal gaps: What policies, controls or reporting mechanisms would need to be updated if RCMS became a regulatory requirement? Are your fraud teams and case handlers aligned with compliance on this?
Coordinate with legal and technology teams: Ensure your legal advisors are aware of the potential governance and liability implications of using RCMS and that your tech teams understand what system integration might involve.
Document cost implications: Be ready to provide input on the adoption’s financial and operational impact. If your firm wants to argue for a phased or proportionate timeline, supporting evidence will strengthen your case.
Prepare to respond to the consultation: Whether directly or via a trade association, firms should plan to engage with the consultation. Assign ownership internally and track the PSR’s timeline.