Fighting fraud

We expect authorised push payment (APP) fraud to remain at the forefront of the government’s response to tackling fraud. After all, in Philipp v Barclays the Supreme Court commented that APP fraud was an issue for the Government, Parliament and the regulators (and not for the courts). Although we note that the common law position (where a breach of duty claim arises against a bank in respect of an alleged breach of mandate) appears now to be narrower than the broader obligation under the mandatory reimbursement regime.

According to UK Finance’s H1 2024 report, there has been a decline in APP fraud. However, the statistics remain stark: £459.7 million was lost to APP scams in 2023.

The new mandatory reimbursement scheme for victims of APP fraud, which came into effect in October 2024, is just one of the measures designed to serve as a backstop for consumers. This scheme has no minimum threshold but features a maximum threshold of £85,000 (the same limit as the FSCS). Initially, the proposed threshold was £415,000, however this was reduced after it received understandable pushback from the industry and other stakeholders. The reduced threshold is a clear sign that the regulators are live to not placing too great a burden on firms, even if the principle that firms should backstop consumers’ losses remains in play.

The Government confirmed its new position on tackling payment fraud in the recently published National Payments Vision. A key aspect of that paper is the Government’s commitment to revoking the legislation on strong consumer authentication (SCA). Present SCA requirements appear to have reduced levels of fraud, but have resulted in “burdensome frictions” that impact consumer experience.

Going forward, the Government has committed to revoking the prescriptive SCA requirements to enable the FCA to collaborate on more agile and outcomes-based rules. We expect this will allow more flexibility for the industry to stem fraud while improving the overall customer experience. However, if these changes are to prove effective, robust collaboration between the financial sector and those who can unlock the benefits of next-generation technology will be required.

The much-awaited FTPF offence will come into force on 1 September 2025. The indirect (but obviously intentional) consequence of the FTPF offence is that in scope organisations will effectively be required to implement ‘reasonable procedures’ to prevent fraud. Where a qualifying fraud is committed within an organisation, it will be criminally liable for an FTPF offence, unless it can demonstrate that it had reasonable procedures in place at the time. See the Government’s guidance on what constitutes reasonable procedures.

It is important that organisations do not view establishing their procedures as a one-time event. As the Government’s guidance makes clear: “The nature of the risks faced by an organisation will change and evolve over time… The organisation will therefore need to adapt its fraud detection and prevention procedures in response to the changes in the risks that it faces.”

Organisations may feel that seven months leaves plenty of time for compliance.  However, the statutory guidance on the offence, published by the Government earlier this year, supports a more cautious perspective: “time is running short for corporations to get their house in order or face criminal investigation.”

The response of the regulators

The role of firms does not mean that regulators are absent from the fight on fraud.

It was recently announced that the SFO will receive £9.3 million in additional funding. This is expected to “strengthen […] capacity to recover criminal assets, manage […] cases, and help […] further explore machine learning technology to tackle the huge disclosure exercises” involved in complex economic crime.

The SFO 2024-29 strategy explains that the threat posed by fraud “has never been greater” and states that the SFO will play a “greater role in the national effort to tackle fraud”.

The FCA continues to keep fighting economic crime as a priority and fraud is a key commitment in its strategy. It has recently been working with tech firms to tackle illegal financial promotions and scam adverts. It has also been targeting “finfluencers” that are marketing high risk investments online and on social media (often to young people). The publicity generated from these crackdowns has allowed the FCA to reach those who would ordinarily be extremely hard for them to reach.