Financial Conduct Authority publishes two ‘Dear CEO’ letters on authorised push payment fraud reimbursement

On 7 October 2024, the UK Financial Conduct Authority (the FCA) published two ‘Dear CEO’ letters setting what it expects firms to do on authorised push payment (often called ‘APP’) fraud reimbursement. The letters are addressed to:

banks and building societies; and

payment and e-money institutions.

These letters quickly follow the Payment Systems Regulator’s policy statement, PS24/7, which was published on 3 October 2024 setting out new maximum reimbursement limits for APP fraud victims at £85,000 (which followed the Payment Systems Regulator’s press release and consultation on 4 September 2024). That decision came into force on 7 October 2024.

The Dear CEO letters set out the FCA’s expectations. These include:

Anti-fraud systems and control: Firms should have effective governance arrangements, controls and data to detect, manage and prevent fraud, and regularly review their fraud prevention systems and controls to ensure that these are effective. Firms should also maintain appropriate customer due diligence controls (both at onboarding and throughout the relationship).

Consumer duty: There is a perhaps unnecessary reminder that the consumer duty requires firms to avoid causing foreseeable harm. There is an example of such harm: a consumer becoming victim to a scam where a firm has inadequate systems to detect and prevent scams.

On us APP fraud reimbursement: Where there are internal transfers (often called “on us” or intra-firm payments) which do not use an external payment system, the FCA is concerned that consumers may not understand that a different (and lower level) protection will be provided. Firms are required to ensure their approach complies with the consumer duty.

Capital and liquidity: for payment and e-money institutions, the FCA reminds firms to recognise and manage their potential liability and the impact APP fraud may have on their capital and liquidity.

Systems and controls: the FCA says firms must ensure that they have appropriate oversight, systems and controls in place to comply with its requirements.

Payment Systems Regulator publishes new Powers and Procedures Guidance

On 20 September 2024, the UK Payment Systems Regulator (the PSR) published an updated version of its guidance entitled ‘Powers and Procedures Guidance’. Section 96 of the Financial Services (Banking Reform) Act 2013 requires the PSR to published guidance.

The guidance updates the PSR’s guidance which was first published in 2015 (and updated in 2020). The PSR’s response paper sets out the changes. These updates include:

– changes to paragraph 5.7 of the guidance: dealing with the process for opening an investigation; and

– changes to paragraph 5.12 of the guidance: dealing with flexibility for staff deployed on monitoring or enforcement to work across functions.

Bank of England, FCA, PRA and PSR conduct review of Memorandum of Understanding for payment systems in the UK

On 28 March 2024, the UK Financial Conduct Authority published a statement about the joint-authority Memorandum of Understanding which is in place between the FCA, the Bank of England, the Prudential Regulation Authority and the Payment Systems Regulator.

The statement confirms those authorities have carried out their eighth review of the MoU in 2023.

The key points are the authorities:

– consider their co-operation is “working well”;

– continue to exchange “expertise, information and data related to regulated activities”;

– continue to “work together closely on issues of common regulatory interest and seek to avoid duplication in their requirements and engagement with industry”;

– have “identified areas for future co-operation and co-ordination, including revisions to the MoU regarding proposed stablecoin regulation, embedding the reforms from the Financial Services and Markets Act 2023 (FSMA 2023), as well as further enhancing the sharing of information and data”; and

– will continue “to work, as needed, with the Treasury in its preparation of a National Payments Vision”.

Firms will therefore need to be acutely aware of the overlap, and co-operation, between authorities throughout their engagement and interaction with those authorities.

Payment Systems Regulator consults on its proposed five year strategy

On 10 June 2021, the UK Payment Systems Regulator (the PSR) published a consultation paper setting out its proposed five year strategy.

The PSR proposes to focus on four key strategic outcomes:

– All users should have access to payment services that meet their needs in terms of functions, quality, cost and other relevant factors.

– Users’ interest must be adequately protected when using payment systems so that they can use systems and services with confidence.

– Payment systems should be designed and operated to enable effective competition in the provision of payment services.

– Payment systems should be efficient and commercial sustainable.

The consultation period ends on 10 September 2021. The PSR aims to publish its finalised strategy before the end of 2021.

Payment Systems Regulator updates its webpage setting out its expectations of firms during the COVID-19 pandemic

On 1 May 2020, the UK Payment Systems Regulator updated its webpage setting out its general expectations of payment firms in light of the global pandemic, COVID-19.

The PSR expects firms to “be taking reasonable steps to ensure they are prepared to meet the challenges coronavirus could pose to customers and staff” and “report to us immediately if they believe they will be in difficulty or if circumstances could lead to them being unable to offer the full range of their services“.

Payment Systems Regulator consults on a specific direction on the implementation of the confirmation of payee service

On 9 May 2019, the UK Payment Systems Regulator (the PSR) published its response to the first consultation on the proposed implementation of the confirmation of payee service, and published a new consultation on a specific direction on the implementation of the service.

After considering the feedback, the PSR has refined its approach. It has decided to give a specific direction to Lloyds Group, Barclays Group, HSBC Group, Royal Bank of Scotland Group, Santander Group and Nationwide Building Society (being the six largest payment services providers).

The proposed effect of the specific direction is to require:

From 31 December 2019: the directed PSPs must respond to compliant confirmation of payee requests; and

From 31 March 2020: the directed PSPs must send confirmation of payee requests and present responses to their customers.

The consultation period ends on 5 June 2019.