Fraud expert welcomes extension of APP reimbursement code

APP frauds occur when a victim authorises a bank transfer into an account which they believe is controlled by a legitimate payee, but actually belongs to a fraudster. Figures published by the UK Treasury show that APP fraud has been on the rise in recent years.

Now, the Lending Standards Board (LSB) has published updates to the CRM code, a set of voluntary practices agreed to by the nine largest financial institutions in the UK to detect, prevent and respond to APP fraud. Signatories also reimburse customers who lose money if they were not at fault.

The updated code requires all signatory firms to activate ‘confirmation of payee’ checks for outbound payments. The checks mean online banking users must input a person’s first and last name – along with the account details – before sending them money. Banks must also now explain reimbursement decisions to victims of APP fraud clearly. A third update adjusts the scope of the code, allowing a wider range of firms to sign up.

Jennifer Craven, fraud expert at Pinsent Masons, said: “It’s good to see confirmation of payee checks included in the updates CRM code. The requirement should level the playing field between banks which already impose the checks and those that currently do not – and ultimately help protect their customers.”

She added: “It is also positive to see provisions made to allow a wider range of financial institutions to sign up to the code. APP fraud is a growing issue and is not just limited to the UK’s biggest banks. Each new level of protection required by the code helps the fight against rising APP fraud.”

Emma Lovell, chief executive of the LSB, said that the changes to the code would: “up firms’ scam prevention efforts, ensure a wider spread of customers are protected from scams, and will help build transparency and understanding between firms and their customers.”
She added: “The rise and success of scams is not an issue financial services firms can solve on their own. By point-of-payment it is often too late - with victims socially engineered to proceed with the scam no matter what. We are therefore also calling on social media platforms, telecommunications companies, and utilities to step up and increase their efforts to intervene at every opportunity.”

The updates come amid an ongoing legal battle over the application of the so-called ‘Quincecare duty’ to APP fraud cases. Named after a 1992 case, it requires banks "to observe reasonable care and skill in and about executing the customer's orders” - meaning institutions must not execute a payment order if they have reasonable grounds to suspect that it is an attempt to misappropriate funds.

In March the Court of Appeal held that it is “at least possible in principle” that the Quincecare duty could apply to “the case of a customer instructing their bank to make a payment when that customer is the victim of APP fraud”. The ruling means Fiona Philipp, who is seeking to hold her bank accountable for the loss of £700,000 that she transferred to bank accounts in the UAE, can take her case to the High Court.