Chris Hemsley - speech given at the Lending Standards Board's industry event - a virtual view of self-regulation - 21 July 2021


APP scams Confirmation of Payee

This is the text of the speech as drafted and may differ from the delivered version. This speech was delivered by our Managing Director, Chris Hemsley at the Lending Standards Board’s industry event ‘A virtual view of self-regulation’, providing thoughts on the CRM Code and APP scams. 

Hello, I’m Chris Hemsley, the Managing Director of the Payment Systems Regulator. Thanks for asking me to join today’s discussion on this really important subject.

Over the last few years, there has been a noticeable increase in the prevalence of APP scams.

Fraudsters are becoming ever more sophisticated. They continue to adapt their techniques to trick victims into sending money to them. The pandemic has created new opportunities for these criminals – making a terrible situation worse for their victims.

As you know, the PSR has been working with industry on this problem since 2015 - initially through the Payments Strategy Forum which identified solutions to stop these crimes from happening in the first place.

Together with industry and consumer groups, we’ve continued to make progress and I would like to touch on some key milestones we’ve achieved.

The first milestone was the implementation of the industry Contingent Reimbursement Model code (the Code). The Code is an important demonstration to customers that financial organisations take these crimes seriously and will protect them when they have done nothing wrong and yet fall victim to APP scams. For the first time, it meant there were protections available to people - protections which, quite simply, had never been available before.

This is a significant step, that has improved the lives of many victims. And something to be proud of.

Of course, there are still issues with the application of the Code, which I will come on to. But let’s also recognise the progress.

The second key deliverable was Confirmation of Payee (CoP) – the name-checking service designed to help people spot when new payee details aren’t right. Prevention continues to be a key area of focus – because even when a victim is reimbursed through the protections offered by the Code, they still suffer harm and money still goes to fund criminal activities.

While the Code and CoP have made a significant improvement on the situation beforehand, we know that more needs to be done to deliver consistent and better outcomes for the victims of APP scams – and in particular to prevent scams from happening in the first place.

But there’s no silver bullet to do this.

Indeed, this is an inherent and unavoidable feature of the battle against fraud and the harm it causes – we need to adapt and continue to make it harder for criminals. And our approach to protecting victims will need to adapt to improve outcomes.

So, the sad truth is, and reflecting the increasing numbers of APP scams, more work needs to be done.

Of course - it’s hard and we are dealing with sophisticated criminals, but this will continue to be a focus for the PSR - we’re not giving up and we don’t expect industry to either. Everyone who plays a role in the problem has a responsibility to find the solutions.

That’s why we published two calls for views this year – on APP scams and phase two of CoP. This is an ideal opportunity to share some of the themes emerging from these consultations.

First, on APP scams there was a good deal of agreement on some important principles.

Looking at the issue of allocating responsibility

  • Stakeholders agreed that financial institutions should have incentives to prevent fraud whilst ensuring that customers continue to take sufficient responsibility for their actions.
  • The feedback reinforced the important role that receiving banks play in relation to APP scams – scams can only take place with the use of a scammer’s account or a mule account.
  • The responses also highlighted the role that those outside of financial services sector need to play – particularly social media firms and those in telecoms.

There was a clear view that these participants should play a greater role.

I agree with this.

I am interested in what we can achieve in terms of setting out transparently and publicly where fraud originates. I support efforts to update our legislative framework to deal with online harms, where they originate.

But, we also need to retain sufficient focus on what we can achieve within our sector, within the current legal frameworks.

Data plays a key role in detecting and preventing scams

There are two levels to this:

  • Data to consumers – responses to our call for views indicated general support for greater transparency, but also that any data on APP scams that is published should provide a holistic view of a PSP’s performance – including their role in preventing scams and reimbursing victims. This could incentivise PSPs to prevent scams from happening and help raise standards of reimbursement.
  • <