Enforcing the liability of payment service providers for fraudulent transactions

Financial Services and Markets Bill 

In this blog we take a look at the topic of the liability of payment service providers for fraudulent transactions which features within the Financial Services and Markets Bill which is currently at its Second Reading in the House of Commons.

This email provides all you need to know about the Government’s work to address any barriers to regulatory action regarding enforcing the liability of payment service providers for fraudulent transactions.

A précis for the layperson

At almost 330 pages the Financial Services and Markets Bill makes heavy and, to the layman, confusing reading but helpfully the accompanying Explanatory Notes (234 pages) unwraps the detail of the Bill in a more manageable form.

For some delving into the 550+ pages will be a necessity but, for the rest of us, here is a précis of the aspects of the Bill relating to addressing any barriers to regulatory action regarding enforcing the liability of payment service providers for fraudulent transactions.

Financial Services and Markets Bill

The Financial Services and Markets Bill was introduced to Parliament on 20 July 2022.

The Chancellor’s speech at the Financial and Professional Services Dinner at Mansion House on 19 July 2022 set out the importance of the financial services sector to the UK economy, and the central role of the Financial Services and Markets Bill in delivering the government’s vision for an open, green, and technologically advanced financial services sector that is globally competitive.

The UK Government states that:

The Bill seizes the opportunities of EU Exit, tailoring financial services regulation to UK markets to bolster the competitiveness of the UK as a global financial centre and deliver better outcomes for consumers and businesses.

The Bill seeks to:

  • Implement the outcomes of the Future Regulatory Framework (FRF) Review
  • Maintain the UK’s position as an open and global financial hub
  • Harness the opportunities of innovative technologies in financial services
  • Bolster the competitiveness of UK markets and promote the effective use of capital
  • Support the levelling up agenda, promote financial inclusion and consumer protection.

At almost 330 pages the Financial Services and Markets Bill makes heavy and confusing reading but helpfully the accompanying Explanatory Notes (234 pages) unwraps the detail of the Bill in a more manageable form.

The Government states that:

…the Bill introduces measures that support financial inclusion by ensuring people across the UK can continue to access cash with ease; enabling credit unions to offer more products; introducing a regulatory gateway designed to improve the quality of financial promotions; and enhancing protection for victims of authorised push payment scams.


Enforcing the liability of payment service providers for fraudulent transactions

The explanatory notes explain the government’s position on enforcing the liability of payment service providers for fraudulent transactions via the Financial Services and Markets Bill – but here’s a quick summary:

The value and volume of ‘authorised push payment fraud’ (APP) is increasing in the UK.

The value and volume of “authorised push payment” (APP) scams has increased significantly in recent years. An APP scam occurs when someone is tricked into making a payment to a fraudster under false pretences, for example, where someone is deceived into authorising a payment to a person for something they believe at the time is a legitimate purchase.


Currently there is a discrepancy regarding protection for the end user between ‘unauthorised’ and ‘authorised’ payment fraud.

APP scams are different to unauthorised payment fraud, where money is taken from someone’s account without their knowledge or consent. Victims of unauthorised payment fraud are protected by legislation, with statutory requirements on payment service providers (for instance, a payer’s bank) to reimburse victims for the losses they incur under such circumstances.

The government acknowledges that some PSP’s have taken voluntary action to protect the end user regarding unauthorised payment fraud (APP Fraud).

Although no statutory reimbursement requirement exists for APP scams, some payment service providers have made voluntary commitments to reimburse APP scam victims in certain circumstances, including by signing up to a voluntary contingent reimbursement model code that sets a framework for how liability should be apportioned when a scam occurs.

This voluntary action by some PSPs has led to inconsistencies in end user protection determined by the choice of payment provider and / or PSP interpretations.

Although no statutory reimbursement requirement exists for APP scams, some payment service providers have made voluntary commitments to reimburse APP scam victims in certain circumstances, including by signing up to a voluntary contingent reimbursement model code that sets a framework for how liability should be apportioned when a scam occurs.

The Payment Systems Regulator (PSR) has proposed options to address the problem for transactions that are processed via Faster Payments.

The Payment Systems Regulator (PSR) regulates designated payment systems and their participants (including banks and other payment service providers). In 2021, the PSR published a Call for Views, and subsequent Consultation, on APP scams. In these documents, the PSR proposed options to address the problem, including requiring participants in the Faster Payments Service to reimburse APP scam victims. The vast majority of APP scams occur over the Faster Payments Service, as it is the principal payment system which payers use to make instant credit transfers.

But…..

The PSR state that there is a legislative barrier in the Payment Services Regulation 2017 that prevents it from using its regulatory powers to implement mandatory reimbursements.

The PSR has stated that there is at present a legislative barrier in the Payment Services Regulations 2017 preventing it from using its regulatory powers to implement mandatory reimbursement. Specifically, regulation 90(1) of the Payment Services Regulations 2017 provides that where a payment service provider (for example, a bank) has executed a payment in accordance with the unique identifier (for example, the sort code and account number) provided by the payer, then the payment is deemed to have been correctly executed, and so the payment service provider cannot be liable for defective execution.

HM Treasury has previously stated that the government would legislate to address any barriers to regulatory action.

In November 2021, the Economic Secretary to HM Treasury made a statement that the government would legislate to address any barriers to regulatory action on this matter. In May 2022, the government published a policy statement setting out further detail on this policy approach.

The provisions in this Bill seek to provide the PSR with the ability to require mandatory reimbursement by PSPs in cases of APP scams.

This Bill amends the Payment Services Regulations to clarify that nothing in regulation 90 affects the liability of a payment service provider where the PSR has exercised its regulatory powers in relation to APP scams. This will enable the PSR to use its regulatory powers (whether in relation to payment system operators, payment service providers, or in combination), to require mandatory reimbursement by payment service providers in cases of APP scams.

The Bill also requires the PSR to take regulatory action on APP scam reimbursement by the participants of the Faster Payments Scheme through a consultation and regulatory requirement.

The Bill also places a duty on the PSR to take regulatory action on APP scam reimbursement by participants in the Faster Payments Service, by requiring the regulator to consult on a draft regulatory requirement, and impose a regulatory requirement, within two and six months respectively of the legislation coming into force.

Three areas for debate

It will be interesting to track the passage of the Financial Services and Markets Billthrough Parliament and to see what level of scrutiny, suggested amendments and support the Bill receives in respect of APP fraud.

Areas that might be worthy of consideration are:

1: The time to act is now not later

UK Finance state that there were 195,996 reported incidents of Authorised Push Payment (APP) scams in 2021 with gross losses of £583.2 million, compared with £420.7 million in 2020 (an increase of 39%). 

The time to act is now, whereas “requiring the regulator to consult on a draft regulatory requirement, and impose a regulatory requirement, within two and six months respectively of the legislation coming into force” suggests yet another delay in ensuring that the users of payments across the UK are appropriately protected against the fraudster.

In the time it takes for the Bill to pass through Parliament, the “six months” to cover the PSR’s processes and an implementation period for PSPS’s it is not inconceivable to suggest that a further £750million of APP fraud will occur for which the consumer will not be appropriately protected.

2: Faster Payments is not the only fraudsters channel of choice

The PSR and, therefore, the Bill singles out the UK’s Faster Payments Scheme as the focus of attention.

The latest UK Finance fraud figures report that Faster Payments was used for 97% of fraudulent APP scam payments and accept that it is probable that the CHAPS MT103 payment values are likely to be higher than other payment types. However, with an increase of APP fraud via Bacs (+42%), interbank transfers (+8%) and international transfers (+24%) it is surprising that this consultation only focusses on the Faster Payment and CHAPS payment schemes.

Given that a fraudster will turn his / her focus to the point of most vulnerability we are concerned that an extended CoP coverage across Faster Payments and CHAPS will lead to the fraudsters attention turning to other payment types.

This includes the two billion Bacs Direct Credit payments processed annually and, perhaps, the sign-up process for new Direct Debits. Whilst there may be complexities in extending CoP checking to ‘push’ Direct Credits and ‘pull’ Direct Debits it seems that users of these systems ought to be afforded the same level of protection ‘enjoyed’ by users of other payment schemes.

With nearly £80million of APP Fraud being perpetrated via payment schemes other than Faster Payments (and the probability of fraudsters turning to other payment channels once scrutiny of Faster Payments transactions changes) the Bill ought to be payment scheme agnostic and protect the end user regardless of payment channel selected.

3: Focus on ‘before’ not ‘after’

Whilst enforcing the liability of payment service providers for fraudulent transactions is an important development in affording approbate levels of protection for end users of payments it is only relevant after a fraud has occurred. 

This means that the end user becomes a victim (with all the stress and strain that this entails) and the fraudster is enjoying the fruit of his / her labours.

Government, regulators, industry bodies, scheme operators and payment services providers need to place greater focus on preventing the fraud in the first place. 

Protecting the payment user and thwarting the fraudster before a payment is made is a far more appropriate response. 

Whilst not a silver bullet it is clear that performing a Confirmation of Payee (CoP) check prior to a payment being made or adopting new ‘payment overlay’ services such as Request to Pay are making significant impacts in both thwarting the fraudster by reducing fraudulent payments being made and avoiding misdirected payments being inadvertently sent to the wrong account.

Being ‘sure who we pay’ is central to ensuring trust and confidence in making digital payments – we believe that trust and confidence should be a basic tenant of making a payment.

Other areas covered

This is the second in a series of briefings which seek to unpack elements of the Financial Services and Markets Bill that relates to payments.

The scope of the Financial Services and Markets Bill covers:

  • Issue 363Access to Cash and Wholesale Cash Distribution
  • This briefing: Updates to the UK’s regulatory framework for financial services.
  • Implements the outcomes of the Future Regulatory Framework (FRF) Review.
  • Updates the objectives of the financial services regulators to ensure a greater focus on long-term growth and international competitiveness.
  • Seeks to secure and enhance the UK’s position as an open and global financial hub.
  • Brings stablecoins, a type of cryptoasset, into the scope of regulation when used as a form of payment, paving their way for use in the UK as a recognised form of payment.
  • Allows financial market infrastructure (FMI) firms to explore new technologies in temporary pilot schemes and reduces the risk of an incident at a third-party provider which has a systemic impact on the UK financial services sector.
  • Seeks to maintain the UK’s position as a competitive marketplace with robust regulatory standards by reforming the UK’s wholesale capital markets regime.

Passage through the Commons and the Lords

This is a public bill presented to Parliament by the Government.

The Bill was introduced to the House of Commons and given its First Reading on 20 July – this stage is formal and takes place without any debate.

MPs will next consider the Bill at Second Reading on Wednesday 7 September 2022.

Government Sources

The most relevant Government sources of information are:

Comments are closed.

Up ↑