From 7th October 2024, the Payment Systems Regulator (PSR) is bringing in a series of new rules for Authorised Push Payment (APP) fraud. Key amongst these changes is a new mandatory reimbursement framework in relation to banks and other payment services providers (PSPs). Previously, banks and PSPs were only bound to make voluntary refunds in these cases, but now these reimbursements are a requirement for cases of this nature.
The new system will for the first time establish a minimum standard of reimbursement that will involve a wider scope of customers who have been victim of fraud, the sharing of costs for reimbursing victims between sending and receiving PSPs, and will also provide additional protection for vulnerable customers.
Importantly, the PSR have set an upper limit for fraud victims to be refunded within the new five-day deadline.
What is this new limit?
Despite originally indicating that the new rules will share an upper limit of £415,000, as is the case with Financial Ombudsman Service (FOS) claim, the PSR has since reduced this amount to an upper limit of £85,000. This consideration was made due to the PSRs belief that this will still cover more than 99% of fraud cases.
This new limit, while supported by banks and financial institutions, has led to criticism over the implications surrounding the lowering of the maximum refund on the basis that this may reduce a banks motivation to prevent the fraud in the first place. This belief, combined with the new joint liability between PSPs in such cases, could suggest that banks are less likely to make the effort to prevent frauds in high value cases.
Which banks are affected?
The PSRs rules apply broadly to all UK banks and PSPs who participate within the Faster Payment Scheme, both directly and indirectly through third party intermediaries. Therefore, smaller or digital-only banks may still be bound by these rules even if they are not direct participants in the scheme.
This, however, excludes accounts provided by Credit Unions, Municipal Banks and National Savings Banks that do not participate in the Faster Payment Scheme.
Banks or financial institutions not operating within the UK or the UK’s jurisdiction may not be directly subject to these new rules. However, if they offer payment services within the UK or use UK payment systems such as the Faster Payments Scheme they will still have to comply with the new rules.
The Bank of England has also made it clear their intention to expand this protection with a comparable model to apply to CHAPS payments, although this has yet to be implemented.
What does this mean for crypto currency fraud?
The new Mandatory Reimbursement Requirement will supersede the current optional Contingent Reimbursement Model (CRM) code which many high street banks have already signed up to. The code is voluntary and covers a large range of APP fraud.
Unlike the CRM, the new model will place strict requirements on banks to protect nearly all UK money transfers. Crucially, however, the PSR have stated that this does not cover international payments or payments involving cryptocurrencies. As a result, this leaves a substantial gap in the regulation concerning cryptocurrency-based fraud.
This is a growing issue since research from the Smart Betting Guide has revealed that over £350 million has been lost to cryptocurrency, blockchain scams and hacks in the first half of 2024 alone.
While the PSR is monitoring the rise of digital currencies and crypto assets, there are currently no specific PSR rules governing crypto-only platforms or crypto banks (e.g., Binance, Coinbase).
Institutions that operate purely in the crypto space and do not handle traditional fiat payments through UK-regulated systems are not subject to the PSR’s payment system rules. However, this may change as stablecoins and digital currencies are being increasingly integrated into mainstream financial services.
So what does this mean for you?
The new PSR rules and upper limit on claims do not apply to cryptocurrency-based scams.
As crypto assets become more mainstream and recognised by the PSR, there may be scope for further development on the protections which banks will have to provide to prevent these scams.
The new rules, while much more comprehensive than the CRM, is not without potential fault. It will remain to be seen how PSPs respond to the new rules and upper limit put in place by the PSR come 7th October.
