On 7 October 2024, the UK’s financial landscape will undergo a seismic shift with the introduction of the Authorised Push Payment (APP) fraud reimbursement rules.
These new regulations, led by the Payment Systems Regulator (PSR), will impose mandatory reimbursement obligations on Payment Service Providers (PSPs), including fintech companies, requiring them to reimburse consumers who fall victim to fraud.
While the rules aim to enhance customer protection and curb the growing impact of APP fraud, they could have serious financial and operational implications for the fintech sector.
As we near this critical change, it’s vital that fintech companies understand the regulations, take steps to comply, and remain aware of how fraudsters might seek to exploit these new rules.
AuthoriPay, a leader in compliance support, is offering free consultation calls to help fintechs and PSPs navigate new regulations and mitigate associated risks. Click here to book your free consultation.
What the New Rules Mean for Fintechs and PSPs
The APP Fraud Reimbursement Rules apply to companies using Faster Payments (UKFPS) and retail CHAPS systems, including those accessing these services indirectly through third parties. For example, agents of an Electronic Money Institution (EMI) may be indirect users, but since their principal is connected to UKFPS and CHAPS, they are also covered by the reimbursement rules.
Under the new regulations, PSPs must reimburse victims of APP fraud, unless certain exceptions apply, such as first-party fraud or when individuals have acted with gross negligence. Vulnerable customers are protected, even if they fail to meet some cautionary standards. Business-to-business (B2B) firms, particularly those dealing with micro-enterprises and sole traders, will also need to implement procedures to comply with these rules.
The financial impact is notable. The cost of reimbursement will be shared 50:50 between the sending and receiving PSPs, offering some relief, but smaller fintech firms could still face significant financial pressure.
The PSR has confirmed that the maximum reimbursement limit for Faster Payments will be set at £85,000. Additionally, the Bank of England has aligned the CHAPS reimbursement limit to £85,000 to ensure consistency across both payment systems. The Bank has also committed to reviewing this cap within 12 months, with the potential for future changes based on industry and consumer feedback.
Compliance: What You Need to Do
Complying with the new APP fraud rules needn’t be overwhelming, but it requires targeted preparation. Here are key steps fintechs and PSPs should consider:
- Seek Expert Guidance: Consult with compliance experts who specialise in regulatory changes. They can help tailor solutions that mitigate risk while ensuring full compliance.
- Upgrade Fraud Detection Systems: Invest in technology that detects potential scams before payments are processed. Fraud prevention must be real-time, with monitoring tools that flag suspicious transactions early.
- Reassess Risk Management: Review current fraud risk management processes to ensure they are fit for the new regulations. PSPs may need to reconsider transaction limits for different payment channels and adjust fraud detection protocols.
- Improve Vulnerability Detection: PSPs should ensure that they are properly able to recognise vulnerability and apply appropriate measures, both to minimise APP fraud, and to be able to appropriately handle fraud claims from vulnerable customers.
- Engage with the PSR: Fintechs and PSPs should engage with the PSR’s published guidance to fully understand the regulatory expectations. This includes ensuring that internal procedures and terms and conditions are in place well before the deadline to avoid compliance issues.
- Register with the Pay.UK Reimbursement Claims Management System (RCMS): Registration with the RCMS is mandatory. Firms that fail to register may face fines and open themselves up to potential claims. Additionally, firms that use the system indirectly via third-party providers should inform the PSR to ensure compliance and avoid unnecessary risks.
- Educate Your Customers: Inform your customers about the new protections in place and how they can report fraud. Ensuring transparency and accessibility—particularly for vulnerable customers—will be key to meeting both compliance and customer service standards.
Risks and How Fraudsters Might Exploit the System
While designed to protect consumers, there are concerns that these rules could be exploited by fraudsters. The very nature of APP fraud, where scammers convince individuals to willingly transfer money, makes it hard for PSPs to distinguish between genuine and fraudulent claims. Fraudsters could exploit the system by using sophisticated methods to pose as victims, forcing PSPs to reimburse them under false pretences.
Moreover, the 50:50 cost-sharing model between sending and receiving PSPs raises the possibility of disputes. Smaller fintechs, in particular, may find themselves vulnerable, bearing financial penalties for transactions beyond their control—especially if fraudsters target PSPs with weaker security systems.
While the PSR intends to close any loopholes, the burden will largely fall on fintechs and PSPs to ensure their systems are robust enough to prevent fraudulent claims. Without stringent fraud detection and reporting processes, PSPs risk significant payouts to criminals.
Preparing for the Future
The introduction of the APP fraud reimbursement rules marks a watershed moment for the UK fintech and payments industry. Although the aim is to reduce fraud and improve consumer protection, these regulations also bring substantial challenges and financial risks for fintechs and PSPs. The rules are likely to drive investment in better fraud detection technology, but concerns remain about how easily the system could be exploited by fraudsters.
AuthoriPay, a leader in supporting firms with compliance and regulatory changes, is offering free consultation calls to any fintechs or PSPs affected by these new rules. As payments experts, we can help your business navigate the complexities of compliance and mitigate the risks associated with these regulations.
Please click here to book in your free consultation call.
As 7 October approaches, now is the time to ensure your business is ready for the “seismic change” the new APP fraud rules will bring.
Recent Comments