News

APP fraud: FCA consults on Approach Document changes to support proposed payments delay legislation

19 September 2024
Image
Image

The FCA is consulting on amendments to its Payment Services and Electronic Money Approach Document to provide guidance for payment service providers (PSPs) on how to apply the proposed outbound payments delay legislation published by HM Treasury in March this year. Under the proposed legislation, PSPs would be able to delay the execution of an outbound sterling payment within the UK by up to four business days from the time a payment order is received if they have reasonable grounds to suspect fraud or dishonesty by someone other than the customer. Following industry uncertainty about PSPs’ ability to delay inbound payments where they suspect fraud, the FCA is also proposing updates to its existing guidance on when and how PSPs should consider delaying inbound payments. The final legislation is still awaited. In all cases of payment delay, the FCA highlights the importance of PSPs’ Consumer Duty obligations.

Of particular interest to: Banks and other PSPs (including Gibraltar PSPs providing payment services in the UK) and relevant trade bodies; merchants that use PSPs for processing large volumes of transactions.

Key takeaways

Delays to outbound payments

  • The ‘reasonable grounds to suspect’ threshold for delaying payments is an objective test. The draft guidance lists a number of factors which might increase the risk that a payment order has been made following dishonesty or fraud, but the relevance and weight of each depends on the context.

  • The 4 business days is a maximum period within which PSPs must make a decision and should not necessarily be used automatically in every case.

  • PSPs will need to be mindful of their Consumer Duty obligations when notifying and engaging with the payer on any delay. It’s likely the PSP will need a real-time human interface (eg a phone service) to respond to customers’ questions, provide effective support and deliver good customer outcomes.

  • The payer’s PSP should also notify the payee’s PSP of the delay, to facilitate an effective investigation.

  • The FCA is looking for views on whether: (1) PSPs should also be obliged to notify and update payment initiation service providers (PISPs); and (2) further guidance is needed to clarify the scope of any financial obligations from a payment delay.

Delays to inbound payments

  • The effect of the existing force majeure provisions in the PSRs 2017 is that a payee’s PSP would not be liable for contravening its obligation to make funds available to a payee immediately after they have been credited to the payee’s PSP’s account where: (i) making the funds available to the payee would breach any of the provisions of Part 7 of the Proceeds of Crime Act 2002 and/or Part 3 of the Terrorism Act 2000; or (ii) for reasons outside the payee’s PSP’s control, it is impossible for their nominated officer to determine if making the funds available to the payee would breach any of the provisions of Part 7 of the Proceeds of Crime Act 2002 and/or Part 3 of the Terrorism Act 2000.

  • The threshold for triggering the force majeure provisions is high and the provisions only apply to exceptional cases.

  • The Joint Money Laundering Steering Group’s (JMLSG) detailed guidance for firms in the UK financial sector remains a ‘key resource’ for PSPs.

  • As for outbound payments, Consumer Duty obligations must be considered when a PSP decides to delay an inbound payment. Firms will need to be able to demonstrate through internal monitoring and reporting arrangements that they are delivering good outcomes and not creating unreasonable barriers to customers accessing their funds.

FCA ongoing monitoring and evaluation of proposed payments delay legislation
  • Initially, data (eg on volumes and values of delayed inbound and outbound payments, the length of delays) will be collected from industry on a voluntary, ad-hoc basis through existing supervisory engagement processes.
  • The FCA will then consider proposals for the scope and content of a permanent monitoring and evaluation regime, with the intention of streamlining data collection between the FCA and the PSR where possible.
What’s next?
  • The guidance consultation closes on 4 October 2024. The FCA plans to publish a revised Approach Document by the end of 2024.
  • The previous government’s intention was that the changes under the draft Payment Services (Amendment) Regulations 2024 would take effect on 7 October 2024 – the go-live date for the Payment Systems Regulator's new mandatory reimbursement requirement for APP fraud. However, we are still awaiting the laying of the final Regulations before Parliament.

Read on for a more detailed look at the FCA’s guidance consultation.

Background

The guidance consultation, 'GC24/5: Authorised Push Payment Fraud: enabling a risk-based approach to payment processing', proposes changes to the guidance in the FCA’s Payment Services and Electronic Money Approach Document (Approach Document) to explain how:

  • PSPs should apply the legislative changes that will be introduced under the proposed  Payment Services (Amendment) Regulations 2024 (draft Regulations) to minimise the impact on legitimate payments; and
  • it expects PSPs to address suspicious inbound payments while continuing to process payments quickly and efficiently. 

The draft Regulations were published by HM Treasury in March 2024. They amend the Payment Services Regulations 2017 (PSRs) to allow a PSP to delay the execution of an outbound sterling payment within the UK where it has reasonable grounds to suspect the payment order is the result of fraud or dishonesty by someone other than the payer. The accompanying HM Treasury policy note makes it clear that the changes will allow PSPs to adopt a risk-based approach to payments and give them more time to assess potentially fraudulent payments when needed.

Take a look at our previous Engage article for more on the draft Regulations and the policy note.

What does the draft new FCA guidance cover?

Delays to outbound payments

The draft new FCA guidance (see Annex 3 to the consultation paper):

  • Clarifies how PSPs should apply the ‘reasonable grounds to suspect’ threshold for delaying payments: This is an objective test. Staff within PSPs would need to be able to demonstrate that they took reasonable steps in the particular circumstances, in the context of a risk-based approach, to understand:
    • the nature and rationale of the transaction;
    • the amount involved;
    • the intended destination of the funds; and
    • whether the payee appears to have any links with criminality.

The draft guidance lists a number of factors which might increase the risk that a payment order has been made following dishonesty or fraud. These include: payment(s) made to a new payee and differing from the customer’s usual spending patterns; the payer’s PSP identifying evidence of increased digital or behavioural risk before or during the customer making the payment; and a payer’s PSP obtaining other evidence about the specific payment transaction, from third parties such as law enforcement agencies or the payee's PSP, that the payment transaction has a higher risk profile. No single factor is decisive; the relevance and weight of each depends on the context.

  • Gives further detail on how PSPs should use the extended timeframe (up to 4 business days) for processing transactions: The processing delay should not be any longer than is necessary for the PSP to investigate the transaction. The 4 business days is a maximum period within which PSPs must make a decision on whether to make a payment and should not necessarily be used automatically in every case.
  • Gives further detail on what the PSP should communicate to the payer about the delay and how the payer should be notified: The notification should include the reason for the delay (including enough information for them to understand the risks identified), and any information or action needed from the payer to enable the PSP to decide whether to execute the order. It must be provided or made available in an agreed manner as soon as possible, and no later than the end of the next business day following receipt of the payment order. PSPs will need to be mindful of their Consumer Duty obligations when notifying and engaging with the payer. According to the draft guidance, it is likely the PSP will need a real-time human interface (eg a phone service) to respond to customers’ questions, provide effective support and deliver good customer outcomes. As part of this, the PSP should notify the customer when they have decided whether or not to execute the payment order unless it is unlawful to do so (eg due to restrictions on tipping-off). Firms will need to ensure that they can demonstrate through internal monitoring and reporting arrangements that their systems and controls strike the right balance between protecting customers, including customers with characteristics of vulnerability, from fraud and ensuring that customers can use their products as reasonably anticipated without facing unreasonable barriers.
  • Explains that the payer’s PSP should also notify the payee’s PSP of the delay: This is to facilitate an effective investigation and reduce the risk of additional delays and duplicative investigations.
  • Clarifies that the existing corporate opt-out applies to the draft Regulations: PSPs will therefore be able to agree with their larger business customers not to delay payments in this way.
  • Asks whether PSPs should also be obliged to notify and update payment initiation service providers (PISPs) regarding any payment delay and whether there would be any challenges with doing so: This follows feedback from PISPs that, where a payment order is initiated by a PISP, it may help to reduce uncertainty about transaction execution if: (i) the payer’s PSP notifies the PISP of a delay at the same time as it notifies the payer; and (ii) the PISP was able to cancel the payment transaction order, with the payer’s consent. The draft Regulations do not include provisions that would require either of these actions.
  • Asks whether further guidance is needed to clarify the scope of any financial obligations from a payment delay: The FCA considers that the funds should be treated as remaining in the payer’s account for interest accrual purposes until the payment order is processed. Under the draft Regulations, if the payer incurs interest and charges as a direct result of the payment delay, the PSP will be liable for them and will have to reimburse the payer whether or not the payment order is ultimately made. Wider losses – eg the loss of opportunity from an investment – would not be covered. The FCA understands that HM Treasury intends to provide this same explanation in the Explanatory Memorandum to the policy.
Delays to inbound payments

The draft Regulations don’t make any changes to the PSRs for inbound payments because the government considers that PSPs are already permitted to delay inbound payments in certain circumstances under existing financial crime legislation.

However, in response to industry uncertainty in this area the draft new FCA guidance:

  • Clarifies the application of the existing force majeure (unforeseeable events that mean a contract cannot be fulfilled) provisions in the PSRs 2017 in relation to suspicious inbound payments:

    • It is the FCA’s view that the effect of the force majeure provisions is that a payee’s PSP would not be liable for contravening its obligation to make funds available to a payee immediately after they have been credited to the payee’s PSP’s account where: (i) making the funds available to the payee would breach any of the provisions of Part 7 of the Proceeds of Crime Act 2002 and/or Part 3 of the Terrorism Act 2000; or (ii) for reasons outside the payee’s PSP’s control, it is impossible for their nominated officer to determine if making the funds available to the payee would breach any of the provisions of Part 7 of the Proceeds of Crime Act 2002 and/or Part 3 of the Terrorism Act 2000 (eg where the nominated officer needs additional time to get information from the payee, the payer’s PSP or a law enforcement agency to determine whether they know, suspect, or have reasonable grounds for knowing or suspecting that a person is engaged in or attempting money laundering or terrorist financing).

    • The FCA expects a payee’s PSP to act as quickly as practicable to access or obtain the information it needs to make its determination, and funds should be made available to a payee as soon as its PSP has decided it is not prevented from doing so.

    • The FCA emphasises that the threshold for triggering the force majeure provisions is high and that the provisions only apply to exceptional cases. It would expect to see usage reflect this, with PSPs taking a rigorous case-specific approach to assess when the threshold has been reached.

    • The Joint Money Laundering Steering Group’s (JMLSG) detailed guidance for firms in the UK financial sector on how to comply with their legal and regulatory obligations on money laundering and terrorist financing remains a ‘key resource’ for PSPs.

    • As for outbound payments, Consumer Duty obligations must be considered when a PSP decides to delay making funds available to a payee. For example:

      • A PSP that has delayed making funds available to a payee should explain this to the payee to help deliver good customer outcomes where it can do so without breaching restrictions on tipping-off; and

      • PSPs are expected to review the customer impact of any increase in the proportion of payment transactions which delay available funds to the payee, and the proportion of these delayed payments PSPs later assess as being legitimate. The aim should be to minimise the impact of delays on legitimate inbound payments and thereby minimise the negative impact of delays on customer outcomes. PSPs are expected to have in place effective monitoring arrangements to identify issues and risks requiring rectification and take appropriate actions to drive continuous improvement of systems and controls.

What are the FCA’s plans for ongoing monitoring and evaluation of the proposed legislative changes?

While the FCA is not consulting on the details of the accompanying monitoring regime, for industry awareness it does outline what it intends to do in terms of collecting information:

  • Data will be collected from industry on a voluntary, ad-hoc basis through existing supervisory engagement processes;
  • This is likely to include information on volumes and values of delayed inbound and outbound payments, the length of delays, the outcomes and the value of APP fraud prevented.
  • Other relevant material could include information on the frequency of delays, impact by banking channel and a breakdown of true and false positives where payments have been delayed.
  • Once it has assessed the types and utility of information available via the ad-hoc method, the FCA will consider proposals for the scope and content of a permanent monitoring and evaluation regime. Stakeholders will be pleased to note that the intention is to streamline data collection between the FCA and the PSR where possible, to reduce the risk of duplicative data requests.

Next steps

The FCA’s guidance consultation closes on 4 October 2024. The FCA plans to publish a revised Approach Document for payment services by the end of 2024.

The previous government’s intention was that the changes under the draft Regulations would take effect on 7 October 2024 at the same time as the Payment Systems Regulator's new rules on mandatory reimbursement for APP fraud go live. However, we are still awaiting the laying of the final Regulations before Parliament. The FCA’s guidance consultation just states that it expects HMT to lay the instrument ‘in due course’.

If you would like to discuss the FCA’s draft guidance, please get in touch with one of the people listed above or your usual Hogan Lovells contact.

 

 

Authored by Virginia Montgomery and Lisa Davey.

Related topics

Related countries

Related keywords

Load more

More like this

image_1
News

UK retail banking and payments: Regulatory return to the office - recent developments to be aware of

03 October 2024
image_1
Insights and Analysis

Payments: East to West - June 2024

06 June 2024
image_1
Insights and Analysis

Deepfakes and financial fraud: what next for the UK financial sector?

24 April 2024
image_1
News

Payments: East to West March 2024

26 March 2024
image_1
News

UK “de-banking”: Government publishes draft legislation on changes to termination rules for PSPs

15 March 2024
image_1
News

Beware the Ides of March – practical considerations if your bank is failing

24 March 2023
image_1
News

Silicon Valley Bank UK Limited FAQs

13 March 2023
image_1
Insights and Analysis

Achieving good outcomes whilst managing competing priorities - Quality Assurance

16 December 2022
image_1
News

FCA Report on the review of borrowers in financial difficulty following COVID-19

18 November 2022
left_arrow
right_arrow

Search

arrow
arrow

Register now to receive personalized content and more!

 

Register
close
Register