.svg)
The UK Financial Conduct Authority (FCA) has circulated a Dear CEO letter outlining what it expects payment and e-money firms to do in light of the new reimbursement requirements that came into effect on October 7.
A new letter has explained the FCA’s role as firms begin to comply with new authorised push payment (APP) fraud customer protections.
The letter sets out the role of the Consumer Duty in the new rules, and what firms can expect from the FCA through a data-led approach to monitoring progress.
“If you have not already done so, we are asking you to ensure that your firm has appropriate oversight, systems and controls in place to comply with these requirements,” states the letter, signed by Matthew Long, director of payments and digital asset supervision at the regulator.
The Consumer Duty
The APP fraud requirements are expected to align with the FCA’s oversight of payments and e-money firms under the Consumer Duty, which is a key focus of the Dear CEO letter.
Under the Consumer Duty, firms must avoid causing foreseeable harm; Long’s letter cites an example of foreseeable harm as including a consumer becoming victim to a scam relating to a firm’s financial products due to the firm’s “inadequate systems to detect and prevent scams, or inadequate processes to design, test, tailor and monitor the effectiveness of scam warning messages presented to customers”.
Further, the letter states that if a firm identifies that it has caused customers harm, either through its action or inaction, then it must act in good faith by taking appropriate action to rectify the situation.
“This includes considering whether remedial action, such as redress, is appropriate,” the letter advises, adding that firms should support customers throughout the product or service life cycle, especially when handling complaints.
The FCA also reminds payment service providers (PSPs) that, under the Payment Services Regulations 2017, they must inform users about alternative dispute resolution procedures, including access to the Financial Ombudsman Service, in their pre-contractual information.
Fraud management and prevention
In the letter, Long also says that PSPs should be working to reduce APP fraud by improving their anti-fraud systems and controls.
“This is also the best way for PSPs to limit their potential liability,” he says. “Ongoing monitoring will help to improve PSP involvement in any available data sharing initiatives.”
In 2023, the FCA had already set out best practices for PSPs to mitigate the risks of APP fraud. The Dear CEO letter states that the FCA will continue to collaborate with PSPs to enhance their anti-fraud systems and controls, focusing on preventing harm to customers and addressing the risks associated with money mules laundering fraudulent funds.
In the letter, PSPs are advised to implement effective governance arrangements, controls, and data systems to detect, manage and prevent fraud, and are also advised to conduct regular reviews of their fraud prevention systems to ensure effectiveness.
Additionally, the FCA stresses that it is important to maintain appropriate customer due diligence controls during onboarding and on an ongoing basis, as it is crucial for identifying and preventing accounts from being used to receive proceeds of fraud or financial crime.
Capital and liquidity
According to the letter, “PSPs should recognise and manage their potential liability and the impact this may have on their capital and liquidity”.
Capital and liquidity issues have been highlighted by a variety of stakeholders in light of new requirements, with the UK’s Payments Association warning that the new rules raise prudential risks for smaller payment and e-money firms.
“We expect PSPs to review and adjust their business models and transactions to mitigate against any risk of prudential impact that may result from potential APP fraud reimbursement liabilities,” the FCA has said.
Concerns about ‘On us’ APP fraud reimbursement
The letter also covers internal book transfers, also called “on us” or intra-firm payments, which occur when both the sending and receiving payment accounts are held with the same firm or group and can therefore be executed through an internal channel rather than an external payment system, such as "Faster Payment Service" (FPS).
The PSR’s reimbursement policies for APP fraud will only apply to payments routed through FPS and the "Clearing House Automated Payment System" (CHAPS).
“Consumers are unlikely to understand that the level of protection that a PSP provides against APP fraud may vary depending on the type of payment process used,” the FCA warns, stating that it is worried that consumers will not understand if they receive a lower level of protection in respect of an intra-firm payment, compared to a payment made by FPS or CHAPS, and that this will lead to poor consumer outcomes.
“Under the Consumer Duty firms are required to act to deliver good outcomes for consumers,” the FCA has said.
Here, it has outlined expectations for firms, including that payment and e-money firms will need to ensure their approach here reaches Consumer Duty standards.
“If you are planning to provide a lower level of protection to ‘on us’ APP fraud reimbursement compared to payments made through FPS and CHAPS, we ask you to contact us to provide an explanation of the steps you have taken to meet those obligations,” the FCA has warned.
Going forward
According to the letter, the FCA and the PSR will work together to monitor firms’ compliance with the PSR’s reimbursement regime.
“We will use data arising from the reimbursement regime to monitor for prudential issues, conduct breaches and inadequate systems and controls and ensure that it is effectively protecting consumers against APP fraud without adverse impacts on the broader payments system,” the letter advises.
As part of the process for monitoring PSPs’ implementation of the payment delays legislation, the FCA is also looking to gather data from PSPs on payment execution timings to assess the level of additional friction in the system, and values and volumes of delayed payments under the new rules.
