The Payment Systems Regulator (PSR) is set to introduce significant changes to combat Authorised Push Payment (APP) fraud, with new regulations coming into effect in October 2024. These rules are designed to enhance consumer protections while incentivizing payment service providers (PSPs) to bolster their fraud prevention measures. In this article, we break down the key aspects of these changes and how businesses, particularly those in high-risk sectors, can adapt.
What is APP Fraud?
APP fraud happens when a fraudster deceives a business or individual into transferring money to an account controlled by the fraudster. Unlike traditional fraud, where a criminal might gain unauthorized access to an account, APP fraud is based on deception, convincing the victim to willingly make the payment. Common types of APP fraud include:
- Invoice Scams: Fraudsters impersonate suppliers and send fake invoices to businesses, leading to payments for goods or services that never materialize.
- Investment Scams: Businesses or individuals are lured into fake investment opportunities.
- Impersonation Scams: Fraudsters pose as legitimate entities, such as banks, to convince victims to transfer funds.
The New PSR Regulations for APP Fraud
The new regulations introduced by the PSR focus on reimbursing victims of APP fraud, strengthening banks’ responsibility to prevent scams, and improving outcomes for businesses and consumers alike. Here’s what the changes entail:
Reimbursement Requirements
Starting from October 2024, PSPs must reimburse APP fraud victims within five business days for losses incurred through Faster Payments. The cost of reimbursement will be split equally between the sending and receiving PSPs (50:50). This rule applies to both businesses and individuals.
While the cap for reimbursement is set at £85,000, PSPs may choose to reimburse higher amounts. However, they cannot claim amounts above £85,000 from the receiving PSP. Additionally, an excess of up to £100 may be applied per claim, though this does not apply to claims made by vulnerable consumers.
Gross Negligence and Consumer Standards
PSPs can refuse reimbursement if they can prove that the victim acted with gross negligence. This is defined as a higher standard than common law negligence and applies if the consumer fails to meet one of the four requirements:
- Intervention Requirement: Consumers must consider warnings and interventions made by their PSP before authorizing a payment.
- Prompt Reporting Requirement: APP scams must be reported within 13 months of the last payment to qualify for reimbursement.
- Information Sharing: Victims must comply with requests for additional information, giving PSPs up to 35 business days to gather evidence for reimbursement claims under ‘stop the clock’ rules.
- Police Reporting Requirement: Consumers must agree to report the scam to law enforcement authorities if requested by the PSP.
However, these exceptions do not apply to vulnerable customers, who will be protected regardless of whether they meet these conditions.
Impact on Businesses
These new regulations will have a significant impact on businesses, particularly those in high-risk sectors such as cryptocurrency, foreign exchange (FX), and online gaming. As the responsibility to reimburse victims is shared between both the sending and receiving banks, banks are likely to become more cautious when working with businesses that are perceived as higher risk for APP fraud.
Increased Scrutiny from Banks
Banks may become more selective about which businesses they choose to work with, particularly those in high-risk industries like cryptocurrency and FX. For businesses in these sectors, it may become more difficult to secure high-risk business bank accounts as banks seek to reduce their exposure to fraud risks.
Compliance and Due Diligence
To mitigate the risks of APP fraud, businesses must strengthen their internal compliance measures. Enhanced Know Your Customer (KYC) and Anti-Money Laundering (AML) protocols will become essential for businesses to maintain relationships with banks. Additionally, PSPs will need to develop technologies, such as behavioral biometrics, to identify customers acting under duress or in high-risk scenarios.
Contact Risk Link today and let us guide you through the process. We have the expertise and connections to help you thrive.
How RiskLink Can Help
For businesses operating in high-risk sectors, navigating these new regulations can be challenging. RiskLink, with over 20 years of experience, specializes in helping businesses secure high-risk business bank accounts. Through our network of trusted banking partners, we provide tailored solutions to ensure your business meets compliance requirements and mitigates fraud risks. Additionally, we offer ongoing support to help businesses stay ahead of regulatory changes.
Conclusion
The October 2024 changes to APP fraud regulations introduce stricter reimbursement rules and stronger consumer protections. For businesses, particularly in high-risk sectors, these changes require significant adjustments in compliance and fraud prevention strategies. By working with experienced partners like RiskLink, businesses can ensure they meet these new requirements while minimizing their exposure to fraud risks.