On the 12 March 2024 HM Treasury (‘HMT’) communicated its proposal to introduce a new statutory instrument, Payment Services (Amendment) Regulations 2024, which will enable payment processing to be delayed, where there are reasonable grounds to suspect fraud or dishonesty.
What are the proposed changes?
The near-final version of legislation will allow more time for payment service providers (‘PSP’ or the ‘firm’) to internally investigate suspected fraudulent transactions. This means that outbound payments can be delayed by up to four business days from the date of the payment order. This expands on the current position in the Payment Services Regulations 2017, which requires PSPs to credit the transaction amount to the payee’s payment service provider’s account by the end of the next business day from receiving the payment order (D+1).
From current payments regulation, the Government identified the need to review outbound payment activity with more scrutiny. The publication of the new legislation will align with the Payment Systems Regulator’s implementation of the Authorised Push Payment (APP) Fraud reimbursement requirement on 7 October 2024, so the timing works well for industry.
The proposed legislative development fits into the Government’s overarching aim to deliver an effective fraud strategy in the industry, which includes its determination to tackle APP Fraud effectively.
The four day extension isn’t significantly impactful in resolving the current fraud epidemic, nor does it substantially alleviate the need for firms to ringfence funds for APP Fraud reimbursement costs. It does, however, help firms to make better decisions about its customers and pinpoint its own liability in the customer journey.
Who does it apply to?
The new legislation will only apply to firms executing authorised push payments within the UK, in sterling.
An exclusion to the legislation applies to small, medium and large businesses who may be obliged to make timely payments to suppliers, as long as their payment service provider agrees.
How does it benefit payment service providers?
For various reasons, the legislative proposal intends to help impacted firms by:
- Allowing firms to possess better control of the payment flow process, to question the authenticity of a transaction if it looks suspicious or dishonest on the ‘probability scale’;
- Adopting a risk-based approach to the acceptance or rejection of customers and transactions within its risk appetite, by fair and effective decision-making;
- Enabling more time for firms to conduct further or better due diligence checks on suspected fraudulent transactions, for a stronger evidence base to justify its rejection;
- Bolstering the firm’s fraud management controls by being more certain on transactions that they can refuse (unless unlawful to under AML regulations e.g. avoid ‘tipping off’ the customer) and to confidently provide better rationale behind their refusal before they cause financial and reputational damage to the firm;
- Protecting firms to ensure that they have sufficient time to contact third parties and law enforcement to establish whether to execute the payment;
- Safeguarding their interest by vetting high volume or value fraudulent transactions appropriately, which could otherwise cause major financial or reputational damage to the firm if processed quickly;
- Reviewing the finer detail in customer activity and documentation relating to suspicious transactions, which would otherwise be questioned properly if more time had been provided;
- Helping to build its ‘burden of proof’ in the APP Fraud reimbursement processes to substantiate evidence that the customer has acted in gross negligence, and not the firm itself; and
- Demonstrating the granular impact of Consumer Duty at critical points in the payment processing journey to further avoid consumer harm, including to vulnerable customers.
How does it help to tackle APP Fraud?
The prominent benefit to extending time for payment processing, provides the opportunity for firms to prevent fraudulent and illegitimate transactions in their ‘tracks’, particularly where APP Fraudsters operate quickly.
As a more data-led regulator, the FCA intends to impose reporting requirements on impacted firms. Whilst the additional set of metrics is helpful to them in monitoring the effectiveness of the new legislation, there is of course an administrative burden on firms to fill out yet another regulatory return or to add more or different data requirements to an existing one.
When will the extension come into effect?
The Government has recognised the importance of providing support to impacted firms by speeding up the enactment of the regulation for it to occur in Summer 2024. This provides some level of comfort to firms that there is some help to the whole APP Fraud management process.
Whilst firms have to pay to reimburse victims, the extra four business days will help with decision-making to ascertain if fraudulent activity is likely to have occurred or not.
Alert: “Disclaimer”:
However, it is important to note the “small print” here:
- Firms must inform customers of any delays in processing the payment order, the reasons behind their decision and what information or actions are needed to help them decide whether to execute the payment. This could deter a ‘regular’ customer from using the firm’s services, as four days may be considered far too long for some;
- The obligation for firms to inform customers of refusal reasons still applies, which must be conducted in a professional and tactful manner without ‘tipping off’ the customer about its suspicions
- There must be some caution applied to ‘refused’ transactions which the firm is unable to conclude as suspicious, particularly where the extra investigation time granted should enable reasonable conclusions to be made by them;
- The suspected fraud or dishonesty must be detected by no later than the end of the next business day following receipt of the payment order. There must also be a ‘good reason’ to use the four day delay, by establishing grounds for identifying the suspicion as the firm is effectively preventing someone’s money from being used over a longer period than usual. So, a good degree of certainty and judgment is required from the firm;
- Firms delaying the transaction whilst investigating the activity must bear the costs incurred resulting from the delay to payments i.e. interests and charges calculated from the date of the payment order; and
- An internal investigation of the suspicious transaction could trigger an increase in suspicious activity reports (SARs) which in turn means more operational, resourcing and training costs for firms.
What can affected firms do now?
Firms are invited to provide their formal response to HMT on the proposed statutory instrument by 12 April 2024 which might lead to further amendments to the final instrument and policy intent.
Firms should nevertheless start considering how the four day extension will impact their internal fraud framework, which could include policies, terms and conditions, due diligence processes and training.
If you would like to discuss further about how Cosegic could help, please get in contact with us using the button below.
Contact Us
Related resources
All resources
Webinar: Immediate Consumer Duty priorities and how to achieve customer understanding
The FCA publishes its proposals on research payment optionality, but with “guardrails”
Which regulatory areas does the FCA’s “Dear CEO” letter on supervisory strategy for asset managers and alternatives specifically target?
Does the FCA consultation on enforcement signal a more aggressive approach?