Out-Law / Your Daily Need-To-Know

Pressure grows on banks over APP fraud

Out-Law News | 05 Nov 2019 | 10:46 am | 3 min. read

A recent report by a UK parliamentary committee will increase the pressure on banks to act to combat authorised push payment (APP) fraud, an expert in asset recovery has said.

APP frauds occur where a victim authorises a bank transfer into an account which they believe is controlled by a legitimate payee, but actually belongs to a fraudster. The number of reported cases of APP fraud jumped 93% over the last year alone to 84,600, according to UK Finance, up from 43,900 in 2017.

The Treasury Select Committee suggested banks should consider reimbursing customers who have fallen victim to APP fraud since 2016, and further said that institutions should face fines if they do not implement the 'confirmation of payee' reforms by 31 March 2020.

The MPs, however, also called on government and regulators to take action to enable banks to better address the risk of APP fraud, including through enabling more effective data sharing within the industry.

They also recommended that the government make an existing voluntary code developed by the industry regarding reimbursement for APP fraud, which took effect in the summer, mandatory for firms.

Alan Sheeley of Pinsent Masons, the law firm behind Out-Law, said: "The report adds to the already considerable pressure on the banking industry to tackle the growing problem of APP fraud. There were already moves towards imposing the code on a mandatory basis."

"In particular, UK Finance has recently proposed introducing a transaction levy on all faster payments above £30, regardless of whether the payment services providers (PSPs) involved were code signatories, and as part of this suggested that even customers of non-code PSPs should be able to complain to the Financial Ombudsman Service if their PSP refused to compensate them for an APP fraud for which neither customer nor PSP were to blame. It was therefore only a matter of time before calls to make the code mandatory grew louder. This is a huge issue for banks," he said.

In its report, the Treasury Committee said that more needed to be done to respond to concerns raised about the restrictions facing financial services firms on the sharing of data to help combat fraud. UK Finance, the police, the Financial Conduct Authority and banks themselves are among those to have highlighted the issue.

Data sharing between banks on fraud does happen, but there are limitations. Concern has been expressed, for example, about a lack of clarity in the criminal exemptions that apply under the UK's Data Protection Act, and there have been calls for the government to create a general power and safe harbour for banks to share information for the purposes of preventing and detecting economic fraud.

The Treasury Committee welcomed the formation of a public-private working group looking at information sharing, which involves the Home Office, the Treasury, UK Finance and the National Economic Crime Centre, and said the group should review whether the existing data sharing requirements are fit for purpose and make recommendations for reform if it finds they are not.

The report also recommended that the government review the current legislation around returning stolen funds to victims, which can be difficult under the current regime even where those funds are traced into a receiving bank account.

"Effective sharing of information between banks and tracking of funds across the banking system, to identify and prevent frauds being perpetrated across multiple institutions and preserve stolen assets, is critical to mitigating losses generated by APP frauds," Sheeley said. "Banks are already engaging with each other and there have been important technological advances to help track stolen funds. However, removal of the remaining barriers to effective collaboration and the return of funds back to victims is much needed."

"In the meantime, banks should ensure they are sharing information on fraudulent activity, using the technology available to them to track funds, and freezing funds where fraud is suspected, to the greatest extent possible under the current regulatory and legislative regime. They should also be taking the same collaborative, proactive approach to recovering stolen money from the fraudsters themselves, as otherwise APP frauds will be an ever-increasing drain on the banking system," he said.

The MPs' report also said the process for reporting incidents should be made more transparent for victims.

"It is not currently always clear to consumers whether a fraud should be reported to an individual consumer’s bank, the police or to Action Fraud, nor is it always clear what each entity would do with the information provided," the Treasury Committee said. "The process for reporting an economic crime needs to be clarified. We welcome the plans to issue guidance to Action Fraud and chief constables to ensure consumers reporting a crime are clearly told both how reported instances of fraud will be used, and also how they won’t be used, when they report a crime."

Sheeley said he shared the concerns raised about fraud reporting in the report.

"Victims are often left wrongly assuming that their case will be taken forward, in the meantime losing valuable time to take steps under the civil law to trace and preserve their stolen assets," he said. "The proposal that guidance be issued to Action Fraud and police, to ensure consumers are informed of the options available to them to seek civil redress, is pleasing to read. However, we note that there is reference to civil remedies being an alternative if the criminal route is not pursued or is unsuccessful. In fact, we generally recommend civil proceedings be issued immediately as this will lead to greater chances of asset recovery owing to the speed of the civil system. Thereafter, criminal redress can be actioned by law enforcement."