Publication of new reimbursement requirement from PSR

The new reimbursement requirements will come into force in 2024 – the specific start date will be part of a wider range of consultation commencing in early Q3, 2023.

The expectation is that with the already published information that PSP’s start work now to implement the reimbursement requirements.

The proposed de-minimis level of £35 for claims has been removed and will be replaced by a new excess (details to be agreed post Q3, 2023 consultation).

The time for the sending PSP to decide on a claim has been increased from 48 hours to 5 working days.

Guidance has been issued around the protection for vulnerable customers as part of the reimbursement requirements.

The PSR have confirmed that all categories of APP fraud will be in-scope of the regulation where the payment is sent and received by a PSP in the UK using the Faster Payments System – including Payment Initiation Service (PIS) transactions.

Additionally, the PSR recognises that the expansion outside of the current scope of payments (for instance – other payment schemes), whilst providing greater incentive for PSPs to act against fraud would lead to both higher implementation costs and delays to the implementation of the proposed standards.

The PSR have confirmed that their expectation is that gross negligence will only be applied in a “small number of cases”, and where gross negligence is suspected, it is the requirement of the PSP to prove the gross negligence.

The level of cases that are being overturned by the Financial Services Ombudsman, in relation to APP Fraud, as per the Contingent Reimbursement Model (CRM Code) has decreased from 73% to 50% (2020/1 vs 2021/2), however still remainsa high level of overturn rate resulting in a length wait for customer settlement and reimbursement.

The PSR have provided clarity in relation to vulnerable customers, and where a customer is deemed vulnerable the sending PSP must not apply the principle of gross negligence to the claim. 

By aligning the rules regarding vulnerability with the FCA’s approach, the PSR is ensuring consistent outcomes for customers are achieved.

The original principle proposed a minimum value of £35 under which a customer would not be able to make a claim for reimbursement.

A revised approach of a claim excess is instead proposed and will be part of a round of consultations which will occur in Q3, 2023. The PSR have confirmed that any excess that is agreed is optional at a PSP level.

Any claim excess which can be applied, will not apply to vulnerable customers.

The PSR have confirmed that they intend to introduce a maximumlevel of reimbursement for individual claims.

The maximum level of reimbursement will be subject to industry consultation in Q3, 2023

The time in which a claim can be made is to be aligned to the wider 2017 PSR Standards – which is set as 13 months from the final payment being claimed for.

PSP’s can at their own discretion make reimbursement outside of this window.

Customers can only claim under the reimbursement requirement from the effective date of the regulations, regardless of the 13-month condition.

The sending PSP is responsible for assessing the claim and making reimbursement to the customer.

The time limit for reimbursing customers has been increased from 48 hours to 5 working days. This clock can be pauses for specific actions that are required within the investigation into the customer claim.

The PSR have confirmed that the liability split will remain by default 50:50 between the sending and receiving PSP’s.

Pay.uk will be responsible for the operational guidance and reimbursement between PSPs, including the timely obligation for receiving PSPs to reimburse sending PSPs.

Initially there will be no mechanism to depart from the 50:50 liability split – pay.uk will be working on options for a refined cost allocation model in the future.

There are limitations to the ability of pay.ukto fully fulfil the role of PSO – specifically around the ability to enforce scheme rules to indirect participants.

Scheme rules will be overlaid with a general direction requiring all Faster Payments participants to comply with the rules.

Pay.uk will create and implement a compliance monitoring regime for all in-scope PSP’s, including indirect participants. All in-scope PSP’s will be required to provide data to pay.uk across a range of data points.

The liability for reimbursement regarding APP Fraud is to reside with the PSP involved, rather than their access provider in an indirect access provider.

The appropriate enforcement and regulatory changes will be applied to ensure that all firms (both direct and indirect) will comply with the relevant Faster Payment rules, and subsequently their responsibility under APP Fraud reimbursement.

Intelligence Sharing remains a key focus to improve fraud prevention.

The wider ecosystem (outside of PSPs) has a key role to play in fighting APP Fraud

Delaying payments –where high levels of risk are identified, PSPs should deploy appropriate interventions to pause, delay and stop suspicious payments. The Treasury is examining the best way to allow PSPs to adopt a risk-based approach to inbound and outbound payment processing.

The PSR, in their baseline scenario analysis, are assuming that the Enhanced Fraud Data (EFD) system will be delivered by, pay.uk with support from UK Finance, and PSPs to start to implement aspects of the system by the end of 2023.

The PSR have outlined the 3 perspectives around reimbursement costs:

1. PSPs that already reimburse a material share of their customers’ losses on the sending side may face increased average reimbursement costs as sending PSPs, but the change may not be substantial. However, they will face substantially increased costs on the receiving side.

2. PSPs that do not reimburse a material share of their customers’ APP fraud losses at present (as the sending PSP in the transaction), will become liable for significant new costs.

3. PSPs on the receiving side of transactions currently account for a negligible share of reimbursement (less than 5%), and so will face substantially increased reimbursement costs under our policy.

From all three perspectives, these increased reimbursed costs will mean that PSPs will now have much stronger incentives to invest in their fraud detection and prevention systems. The policy will also lead to much stronger incentives for sending and receiving PSPs to cooperate effectively in fraud detection and prevention. It is these additional costs – from increased spending by PSPs on their fraud detection and prevention systems – that represent the relevant cost for the purposes of our cost benefit analysis and is likely to be the most significant relevant cost that arises due to the policy.