Authorised Push Payment (APP) scams can cause their victims significant financial and emotional distress. The Covid-19 pandemic has seen a significant rise in APP scam cases which occur when a customer is tricked into sending often life changing sums of money to a scammer. Until 2019, there were few, if any, protections in place for victims of these scams. That was until the introduction of an industry Code – the Contingent Reimbursement Model Code (the CRM Code) – which sets out consumer protection standards to detect, prevent and respond to APP scams.
The Lending Standards Board (LSB), the primary self-regulatory body for the banking and lending industry, took over governorship of the Code just over two years ago, and since then, we have been working with Code signatories and the industry to ensure it has been applied consistently, and where it is not being adhered to, take action immediately.
Our oversight work in this space has included three thematic reviews, focusing on the effective warnings and reimbursement provisions, and a full review of the Code, including an industry consultation seeking to understand how effective it had been in its first year. Our reviews have highlighted that when applied correctly, the Code is working and is protecting customers from APP scams, but more needs to be done.
So what are the next steps for the Code?
Since our full review earlier this year, we have published an updated version of the Code which includes new provisions to strengthen firms’ internal governance of the Code and we have issued a further Call for Input, the results from which are being analysed.
Responses to our Call for Input suggest that the risk of APP scams is not evenly distributed amongst payment providers, and it was perceived by some respondents that the Code does not take account of more diverse business models. We are told that APP scams continue to evolve to use different mediums such as cryptocurrencies, perhaps due to their unregulated nature which favours the evasion of expedient tracing. Against the backdrop of the evolution of financial services and the payments ecosystem, it is vital that protections are afforded to as many customers as possible. We will therefore be undertaking work to further review the wording of the Code to ensure that a wider range of firms are able to sign up to it and implement its vital provisions, whilst still retaining a consistent level of consumer protection across the board. To that end, we have also introduced interim registration. This allows firms to demonstrate their commitment to becoming a full registered firm with an LSB Standard or Code and a timeframe in which to become compliant, whilst the LSB conducts due diligence of the firm to ensure the protections for customers are met at the point they reach full registration.
We will also set out a timeline for making the Confirmation of Payee (CoP) provisions, as set out in the Code, effective for those firms who have this functionality, and will remain conversant with the Payment Services Regulator (PSR) and Pay.UK as they strive towards Phase 2 of CoP activity.
Other key areas of work include refreshing the customer facing document which accompanies the Code, and working towards defining success measures of the Code, ensuring that we don’t lose sight of the vital importance of prevention and detection measures in the fight against APP scams.
A full report from this Call for Input will be published in the Autumn.
We have appreciated the support, input and challenge provided to us by stakeholders in our two years governing the Code, and the responses from across the industry to our consultation. Tackling APP scams is, and should remain, a collaborative effort. We look forward to continuing to work with the industry to ensure that consumer protections remain at the top of the agenda.