Public policy often veers between prevention and cure.

This is not surprising; both are important.

Even if policy is effective in preventing crime, you need police officers to deter and detect the offences that still occur.  Effective policies to prevent ill-health will not do away with the need for health workers and hospitals.

But how do you know what balance to strike between prevention and cure?

This is much harder.

It’s harder in part because assessing the effectiveness of preventative policies is tough.  You need to know what would have happened in the absence of the policy.  (And note here the fact that an adverse trend continues is not necessarily proof of the ineffectiveness of prevention if the things would have been markedly worse still without intervention.)

It’s harder too because the cure is usually more visible and more reassuring.  Who is against more police officers or more health workers even if the cost diverts resources from prevention?

We face something of this prevention v cure dilemma when it comes to payment scams.

For consumers who lose money – often life-changing sums – when tricked by scammers into making unintended payments, the focus is understandably on reimbursement – cure in other words.

In this respect, the Code[1], now in force, governing the response to these scams represents a marked step forward.  It guarantees reimbursement to victims where they were not to blame for the success of a scam.  Eight firms, representing around 85% of the market, are now committed to the Code and to the principle of reimbursement. Other firms are also, in practice, reimbursing customers in these circumstances.

So the cure in in place.  But what about prevention?  This is surely one of those cases where prevention really does beat cure:  reduced anxiety and losses for consumers; lower costs for banks; reduced rewards for the scammers.

Well, prevention is certainly not being neglected, but nor is prevention yet as effective as it could be.

The telecoms companies have closed off some of the tricks used by scammers to con consumers into thinking that they’re speaking to their bank.

Banks themselves are increasingly providing warnings – both in-branch and on-line – when customers set up new payees.

Could we, however, do more to evaluate the effectiveness of these warnings,  especially on-line?  The evidence I have seen as part of LSB’s current review of the implementation of the Code is that too many customers simply click through such warnings.  And a warning which does not cause the consumer to pause for thought is simply not doing its job.

Banks are also acting to identify and close down the accounts – so-called mule accounts – which receive the proceeds of scams.  But are the incentives to act here as sharp as they ought to be?  Could we do more to follow money which has passed through these accounts and into the hands of the scammers?

Two things would in my view help to make prevention more effective.

The first is a coordinated response to the scammers, involving all the key players: the internet platforms, the telecom companies, the banks and other financial services companies, the regulators (in which I count LSB) and the law enforcement agencies.

We need, together, to analyse the scammers’ business model from beginning to end to understand how it works and what facilitates the scam.  We then need to work out at what points and with what interventions we can disrupt that business model cost-effectively.

And we need to keep on doing it, because the scammers will certainly evolve their technique in response to our counter-measures.

I’m pleased to say a great start was made on this front at a seminar convened by FCA and Ofcom last week which brought together all these players.  We now need to turn a one-off event into a continuing alliance. And that alliance is taking shape: FCA and Ofcom have supported Stop Scams UK which will be an independent organisation, led by the industry and supported by the regulators.

The other pre-requisite is to improve the incentives to make this alliance effective.

This means, by one means or another, mutualising the continuing costs which are currently borne mostly by consumers or by the paying bank.

Simply leaving the cost of reimbursing blameless consumers with paying banks does not create, in my view, a strong enough mutuality of interest in countering the scammers.

One attempt to find a mutual solution to the funding problem has foundered, but that should not be the end of the story.  We must look for another way forward.

Reimbursement – vital though it is to the victims of scams – is only half the story.  We need to prevent, as well as to cure.  And to prevent, we need to come together, not to leave the problem – and costs – with only one set of players.

 

[1] The Contingent Reimbursement Model (CRM) Code came into force in May 2019.  The Code is overseen by the Lending Standards Board (LSB).