The FCA's 'Dear CEO' Letter on APP Fraud Reimbursement: What Firms Must Do Now
On the 7th of October, the Financial Conduct Authority (FCA) issued a ’Dear CEO’ letter outlining clear and actionable expectations for firms under the Authorised Push Payment (APP) Fraud Reimbursement scheme titled “FCA Expectations on Authorised Push Payments Fraud Reimbursement”. Two versions of the letter were published, one for payment and emoney institutions, and another for banks and building societies.
This letter underlines the FCA’s expectations around APP fraud reimbursement and includes the role of Consumer Duty in relation to the scheme.
For more information on the reimbursement scheme itself – click here to read our recent blog.
By aligning the APP Fraud Reimbursement Scheme with Consumer Duty, Eva Koreskova, Senior Associate from the Financial Crime team, and Alejandro Bondjale, Senior Associate from the Payment Services team, have highlighted key points and outlined specific requirements for firms.
Summary of the Letter and Requirements for Firms
In its letter, the FCA outlined what it expects firms to do from now on, following the launch of the reimbursement scheme on the 7th of October.
Anti-fraud systems and controls
The FCA mandates that firms take proactive measures to reduce APP fraud by enhancing their anti-fraud systems and controls. Effective anti-fraud controls are not only essential for limiting potential liability but also crucial in strengthening consumer trust.
Firms’ systems and controls must be able to prevent customers from falling victims of APP fraud, and they must help identify fraudsters and prevent them from receiving payments.
In particular, firms should:
- Establish and maintain effective governance arrangements, robust controls and data infrastructure that enables the swift detection, management and prevention of fraud:
- Centralised oversight: set up a dedicated fraud prevention committee or forum within the governance structure, with regular reporting to senior management.
- Strengthen data sharing to improve fraud detection and prevention.
- Develop fraud response plans to ensure timely and effective responses to fraud incidents.
- Prioritise the ongoing review of their fraud prevention systems and controls to ensure these remain effective and adapt to evolving threats:
- Schedule frequent internal and external audits to evaluate the effectiveness of fraud prevention systems and make necessary improvements.
- Conduct scenario and sample testing to identify potential vulnerabilities within the fraud prevention measures.
- Monitor key performance indicators to track and assess the efficiency of fraud controls over time.
- Ensure they maintain appropriate customer due diligence controls at the onboarding stage and on an ongoing basis to identify and prevent accounts being used to receive proceeds of fraud or financial crime.
- Regularly update CDD policies and procedures to align with new regulations and emerging threats.
- Conduct appropriate level transaction monitoring and periodic evaluation on a risk-based approach.
- Conduct customer education and awareness programs.
- Invest in staff training to ensure employees involved in onboarding and customer interactions are trained to identify red flags and apply CDD measures effectively.
Capital and Liquidity
The reimbursement requirement creates the need for firms to actively assess and manage their potential liability and the impact it may have on their capital and liquidity. The FCA expects Payment Services Providers (PSPs) to regularly review their capital and liquidity to mitigate any potential risk of prudential impact that may arise from potential reimbursement liabilities.
Established PSPs should start making the necessary arrangements to include potential APP fraud reimbursement claims in their financial forecasts, and ensure they have sufficient financial resources to cover potential reimbursement claims to uphold prudential requirements and financial stability.
Similarly, firms seeking FCA authorisation should also adjust their financial forecasts and liquidity calculations to account for potential APP fraud reimbursement claims, to demonstrate readiness and organisation at point of authorisation.
Consumer Duty
The FCA emphasises the need for firms to proactively prevent foreseeable harm to consumers by implementing robust systems to detect and prevent scams. Firms should design, test, tailor, and continuously monitor the effectiveness of scam warning messages presented to customers to ensure they are timely and effective.
By taking these preventive actions, firms can reduce the likelihood of consumer harm. Additionally, firms should have well-defined measures in place to promptly address any instances where harm may still occur, including immediate consumer support and structured redress procedures, thus reinforcing their commitment to consumer protection.
Lastly, firms are required to ensure their customers are adequately supported throughout the lifecycle of a product or service, particularly if making a complaint.
In order to fulfil these obligations, it is good practice for firms to review and monitor the effectiveness of their systems used to detect and prevent scams, as well as ensuring remedial measures are designed to effectively remediate consumer harm.
Information
As a continued expectation, the FCA requires PSPs to clearly inform payment service users about the availability of alternative dispute resolution (ADR) procedures, including the Financial Ombudsman Service. This information, including how to access these services, should be provided as part of the pre-contractual information under the Payment Services Regulations 2017.
Intra-firm payments
Intra-firm payments, or ‘on us’ transactions, occur when both the sending and receiving accounts are within the same firm or group, allowing them to be processed internally rather than through external channels like FPS or CHAPS. These transactions are not covered by the APP reimbursement requirement, potentially allowing firms to avoid liability.
The FCA is concerned that consumers may not understand that their protection against APP fraud varies based on how the transaction is processed, leading to poor outcomes. Therefore, the FCA expects firms to ensure their approach to ‘on us’ APP fraud complies with the Consumer Duty. PSPs planning to offer lower protection for ‘on us’ APP fraud must inform the FCA and explain the steps taken to meet their obligations under the Duty.
Firms should ensure their systems can detect APP fraud and keep customers informed about their risk exposure during intra-firm payments through regular reminders and communications, and by adjusting contractual terms accordingly.
How can Thistle Help?
Thistle offers specialised support to help firms meet their regulatory requirements, including APP fraud and Consumer Duty. With dedicated teams in Payment Services and Financial Crime, Thistle provides tailored solutions to address each component of the FCA’s expectations.
Payment Services and Financial Crime Services
- FCA Licensing Applications: Streamline licensing with strong anti-fraud controls.
- Compliance Support: Ensure ongoing alignment with anti-fraud requirements.
- Compliance Documentation: Develop robust anti-fraud policies and procedures.
- Tailored Audit and Advisory Services: Custom support to enhance fraud prevention systems.
- Fraud Risk Assessment: Identify and address APP fraud risks in your operations.
- Strategy and Policy Review: Align your fraud strategies with FCA standards.
- Fraud Controls Evaluation: Assess and improve controls for effective fraud prevention.
- Corporate Compliance Preparation: Prepare for APP fraud compliance and inspections.
- Fraud Detection and Monitoring: Real-time monitoring to catch fraud early.
- Rapid Response: Immediate support for fraud incidents, including remediation.
- Investigation Support: Temporary resources and expertise for effective resolution.
By partnering with Thistle, firms can enhance their anti-fraud systems, improve governance, and meet FCA expectations for APP fraud reimbursement with confidence. For enquiries, please contact us at 0207 436 0630 or via email at info@thistleinitiatives.co.uk.