The Payment Systems Regulator (PSR) has published its consultation on a proposed specific direction, which will require firms to follow new rules and reimburse victims of authorised push payment (APP) fraud.
This latest development is part of a package of measures delivering a major shift in the fight against APP fraud – providing new levels of consumer protection and much-improved support and reimbursement for victims.
This specific direction is one of the three legal means the regulator will use to implement mandatory reimbursement. The regulator consulted on the other two in July, which focus on Pay.UK as the operator of the Faster Payments System (FPS) – the payment system across which the vast majority1 of APP fraud currently takes place.
This new direction focuses on all payment firms that use FPS. It sets out:
- the reimbursement requirement and its scope
- the obligation on firms to follow the reimbursement rules
- the obligation on firms to report APP fraud data to Pay.UK
- the ongoing obligation on indirect access providers2 to inform the PSR of any payment firms they provide indirect access to
This specific direction replaces the draft general direction that was initially proposed by the regulator. Following feedback, the PSR has put forward a specific direction to provide more clarity around which firms are being directed.3
Today’s publication also includes the draft FPS rules for firms to follow, which the specific direction will underpin.
Chris Hemsley, Managing Director at the Payment Systems Regulator, said:
“The PSR is leading the way on the fight against APP fraud in the UK, providing consumers with a significant new level of protection against this devastating crime.
“As we progress with our plans, today’s proposed direction builds upon our recent consultations, making sure all the right foundations are in place for the new requirements to be implemented by industry as soon as possible and in the most effective way possible.”
What happens next?
The PSR wants these new consumer protections in place as soon as possible.
In its July consultation, the regulator sought views on the earliest date that the reimbursement requirement could come into effect. The evidence received through the consultation – particularly around when necessary industry systems will be in place – supports a new proposed implementation date of 7 October 2024.
The PSR is seeking views on this date, which balances the need to implement the new protections as soon as possible, against the need to avoid inconsistencies and confusion that could be caused by not allowing enough time for the arrangements to go live in an efficient way.
In the lead up to the new implementation date, which will be finalised and set in December, the PSR will publish:
- All legal instruments
- Consumer standard of caution policy and guidance
- Excess and maximum level of reimbursement policy
The Bank of England has also announced its intention that similar reimbursement requirements should apply to Clearing House Automated Payment System (CHAPS). The PSR is therefore looking at directing CHAPS participants, and expects to consult on this by the end of Q1 2024.
 According to the latest UK Finance data, FPS was used for 98% of fraudulent APP scam payments.
 An indirect access provider is a firm which has direct access to a payment system, able to give other firms indirect access. This obligation is so that we can ensure that all firms are aware of the reimbursement requirement.
 Directions and requirements can be ‘specific’ or ‘general’. Specific directions and requirements are addressed only to certain participants in regulated payment systems or participants of a specified description (for example, a named operator of a payment system). General directions are addressed to whole classes of participants (for example, all merchant acquirers).