Mandatory Reimbursements in Authorised Push Payment Fraud: Proactive actions Firms can take now!


INSIGHT
Published
Jun 4th '24
Share
Facebook

Following the final policy announcement in December 2023, the Payment Systems Regulator (PSR) have consulted with in-scope Payment Services Providers (PSPs) on measures to enhance fraud prevention and consumer protection. 

 

In summary, PSPs will need to reimburse Authorised Push Payment (APP) fraud victims within five days, sharing costs between sending and receiving PSPs. The rule applies to PSPs with Faster Payments and CHAPs, overseen by Pay.UK and the Bank of England. This is proposed to take effect from the 7th October 2024.

 

The practical implementation of the 50/50 reimbursement split remains uncertain. Concerns exist about potential conflicts of interest, especially for smaller receiving PSPs with limited resources becoming burdened by re-imbursements that larger sending PSPs can manage.

 

In the meantime, we have outlined key considerations that Firms can apply when evaluating financial crime frameworks ahead of the 7th October 2024.

 

Key considerations for Firms 

 

Re-considering your risk appetite:

Firms may decide it is no longer within their risk appetite to provide services to customers that they have identified as being more susceptible to fraud. However, Firms should continue to keep in mind the FCA has discouraged wholesale de-risking and focus on proportionate measures to mitigate the risks of fraud:

 

  • Do you frequently review your risk appetite statement to ensure it considers fraud risks? In particular, are you clear where you stand on the loss / customer experience continuum?
  • Can you demonstrate your risk appetite statement treats customers fairly (if you are thinking of revising your book in light of the changes)?
  • Are decisions regarding changes to your risk appetite documented formally within committee minutes?

 

Operational Challenges:

Implementing changes across teams and processes, such as establishing a fraud claims and reimbursement process, can create operational challenges across resource, processes and systems:

 

  • Have you considered the collaboration required across teams, such as Front Office and Finance, when designing reimbursement processes? Have you established clearly defined roles, responsibilities and training requirements for investigating fraud claims and reimbursements?
  • Have you forecasted the likelihood of future fraud claims? Have you assessed the potential effect of 50% reimbursements due to fraud on your annual liquidity?
  • Do you have appropriate oversight of fraud related processes, whether through a Head of Fraud or under the responsibilities of the MLRO? How do you know?
  • Does your case management system effectively capture data which can be extracted upon request to Pay.UK or the Bank of England?

 

Strengthening ID&V controls:

Vulnerabilities in ID&V controls increases the risk of receiving false documentation or impersonation fraud, which can enable the use of a product or service for fraudulent purposes:

 

  • Have you assessed the robustness of your ID&V process? How many incidents of fraudsters bypassing the ID&V process have occurred and have you assessed the root causes?
  • Have you considered implementing biometric verification methods like face recognition and do you understand how these methods work? Do you have a system testing plan in place and can show the actions taken in response to the results of testing?
  • How often do you review and update your ID&V process? Are they up-to-date with the latest fraud trends?
  • Have you considered implementing verification processes to reduce the risk of account takeover, such as, two factor authentication?
  • How well-trained are employees in understanding the importance of ID&V to mitigate fraud risk? Do you provide regular and effective training?
  • How do you balance the need for ID&V with customer experience? Do you have account blocking controls in place for customers who fail ID&V checks?

 

Screening against fraud databases:

Firms can strengthen screening controls through using fraud databases, such as CIFAS. This can help reduce the risk of those who have previously been identified for fraudulent behaviour using your services:

 

  • Does your onboarding and investigations process include the use of fraud databases? Are procedures clear on when and how to conduct screening against these databases?
  • How do you use information from fraud databases within your ID&V process?
  • Do you manage false positives effectively when screening against fraud databases?
  • Is there a clear escalation process for true matches when screening against fraud databases?

 

Transaction monitoring:

Transaction monitoring helps firms reduce and sometimes prevent fraud. Methods such as real-time monitoring, allows activity to be reviewed as it happens, increasing the chances of stopping financial loss from fraudulent behaviour. Transactional data can also help identify unusual behaviours and vulnerable customer groups:

 

  • Have you considered how real time monitoring can help reduce your exposure to fraud risks and enhance the ability to prevent fraudulent transactions?
  • Is your transaction monitoring system risk-based and calibrated to include fraud specific rules, for example, dormant account rules to mitigate the risk of mule accounts? Do you frequently review the effectiveness of the rules and thresholds?
  • Have you used transaction data for peer group analysis to compare customer behaviour against expected patterns? Have you identified customer groups historically more susceptible to fraud?
  • What is your investigation and blocking process for transactions flagged that may be fraudulent? How quickly do investigations occur?

 

Source: Avyse Partners. Reposted.

 

About us

At LS Consultancy, our consultants are industry experts that interpret the rules, regulations and spirit of the industry guidelines by assisting you “the client” in implementing a compliance programme that you can be confident is mitigating the risk of financial crime. What we can do:

 

  • We analyse the relevant jurisdictions legislation, regulation and industry guidance to ensure that your controls adopt the highest standard possible
  • Analyse and/ or Enhance your Business Wide Risk Assessment to ensure we consider money laundering and relevant predicate crimes
  • Assessment of your Customer Onboarding and/ or Periodic KYC reviews rely on independent documentation and supported by credible information from your customer – as this is key to your compliance programme.
  • Robust Transaction Monitoring and Screening whilst utilising your up-to-date KYC documentation/ information are fundamental.
  • Greater emphasis on training – why not go through live examples with your RM’s, Operational Teams and Compliance – discuss the areas of concern and come up with compliant solutions.
  • Ensuring your Compliance Monitoring Programme is conducted on a regular basis
  • Engagement with senior management through relevant committees

 

For further information please contact us where our industry experts will be happy to answer your questions.

 

Explore our full range today.

 

Need A Regulatory Marketing Compliance Consultant? A Bit More About Us

 

Contact us

 

Why Not Download our FREE Brochures! Click here.

 

Call Us Today on 020 8087 2377 or send us an email.

 

We welcome individual bloggers / Professional Writers / Freelancers to submit high quality contents. Find out more…

 

FOLLOW US

Connect with us via social media and drop us a message from there. We’d love to hear from you and discuss how we can help.

 

Facebook | Instagram | LinkedIn | X (formerly Twitter) | YouTube

 

Contact us