As Finnovation.UK shifts its focus to the new APP Fraud Reimbursement rules, we are excited to present a mini-series of articles dedicated to exploring the impact and potential consequences of the new mandatory requirements, particularly for e-money institutions. This series aims to provide valuable insights and to highlight considerations regarding how these changes will affect EMIs. The articles are presented as follows:

• Part One: APP Fraud Reimbursement Rules - Key Considerations for EMIs

• Part Two: Strategies for EMIs to Protect Against APP Fraud

• Part Three: The Case for APP Fraud Insurance

In today’s digital age, Authorised Push Payment (APP) fraud is a real concern for both consumers and financial institutions. As scammers become increasingly sophisticated, adapting their techniques in response to the evolving digitisation of the financial system, it is no surprise that protecting people making payments is an area of regulatory focus. 

According to UK Finance, APP fraud losses reached £459 million in 2023 alone. APP fraud occurs when a scammer tricks an individual into authorising a payment to an account controlled by the fraudster. This type of fraud can take many forms, such as invoice redirection, where businesses are tricked into paying a fake invoice; romance scams, where victims are tricking into believing they are in a relationship; or impersonation scams, where individuals are deceived into transferring money to a fraudster posing as a trusted entity.

The financial burden of APP fraud on consumers can be devastating, often resulting in significant financial losses with little hope of recovery. Historically, victims of APP fraud have faced difficulties in getting their money back, as the payments were authorized by the account holder. In 2019 a voluntary code was introduced - the Contingent Reimbursement Model (CRM) Code - and many banks signed up, however with adherence being optional, and at times applied inconsistently, there were calls for a more robust and fair reimbursement system to protect consumers.

In response, the Paymemts System Regulator is introducing the new Mandatory Reimbursement Rules which come into force on 7th October 2024, bringing EMIs [using Faster Payments] officially into scope. These rules build upon the CRM and are designed to provide stronger protections for consumers and ensure that victims of APP fraud are compensated promptly and fairly.

This raises a number of important considerations for EMIs. Identifying who is at fault can be a challenge at the best of times - the sending bank, the receiving bank, the customer - however for EMIs using an agent bank, agents and distributors, there is an additional layer of complexity and risk exposure when considering whether redress (reimbursement of the fraudulent payment amount) is appropriate, and who is responsible for funding the repayment to the claimant. The reality, however, is that the vast majority of claims will be valid and that both the receiving and sending banks will be equally liable, with EMI principals also having to reimburse for fraudulent payments occurring within their agent and distributor network. 

With reimbursements being mandatory up to £415k per claim, and having to be repaid within 5 business days of the report of the fraud, the financial impact is likely to be measurable, and concerning, particularly for those smaller EMIs who may not have the balance sheet to sustain such losses. EMIs will need to enhance their fraud protection and detection measures. Further, where agents and distributors act on behalf of the EMI, the EMI will have to take extra care to make sure that the required anti-fraud measures are in place and are being adhered to across their network.

This raises the question of what EMIs can do to protect their end customers and also to prevent themselves from being exposed to this potentially financially crippling risk.

In our next article we will explore the key elements of the new rules; the challenges and considerations for EMIs; how EMIs can mitigate against exposure to these financial risks; before our third article in which we will describe the role of APP fraud insurance as a protector for EMIs, particularly those managing a network of agents and distributors.