PSR’s New Rules for Reimbursement will impact more PSPs

Contingent Reimbursement Model coming to a PSP near you

In May 2019, the Contingent Reimbursement Model (CRM) was introduced in the UK as a voluntary code to reimburse victims of Authorised Push Payment (APP) fraud. Since then, ten banks have signed up to the code. Between them, these banks account for 85% of Faster Payments and as of 2022, they reimburse victims around two thirds of APP fraud by value. However, this leaves a significant number of other banks and payment service providers (PSPs), who account for the remaining 15% of faster payments, where the customer cannot expect reimbursement if they’re a victim of APP fraud.

In June 2023, the U.K.’s Payment System Regulator (PSR) released a policy statement expanding the requirement for reimbursement to victims of APP fraud to PSPs beyond the original ten signatories of the CRM Code. This potentially makes any PSP in scope of the new reimbursement requirements if they send or receive a fraudulent payment as a Faster Payment. According to the PSR, this could bring around 1,500 additional PSPs in scope.

These PSPs not only include banks who are direct participants in faster payments but are not signatories to the current CRM code, but also indirect PSPs, who use direct participants as a gateway to participation in the faster payments scheme. This can either be through an agreement with a direct participant acting as an indirect access provider or via open banking. This will include building societies, credit unions and payment institutions who hold funds as part of the payment journey on behalf of their customers.

At a recent conference, it was noticeable that some PSPs, who are not currently subject to the CRM code, were unaware that they would be in scope of the new requirements. However, even with the changes coming in on a date yet to be confirmed in 2024, there is time to act and to put processes and systems in place to reduce exposure to the reimbursement requirements.

We’ve already seen some PSPs who are looking to identify and close accounts currently on their books that have a high probability of being used by mules. By minimising the number of mule accounts, exposure to receiving fraudulent payments can be reduced and so too the liability. Reducing the accounts available to fraudster as mules is one of the key objectives of the PSR in reducing fraud and even before the new reimbursement requirements come into effect, it’s good to see that banks are already taking action.

PSPs are also looking to enhance their fraud detection systems beyond the monitoring of outbound transactions so they can actively monitor inbound payments, too. If any received payments are identified as suspicious, then those funds can be held. If fraud is confirmed, then those funds can be used for the reimbursement. If the suspicious activity is not detected and the mule is allowed to transfer those funds out of the account, then any reimbursement will come from the PSP itself.

These activities take time to implement, so now is the time to act.

• Check if you are in scope of the new reimbursement requirements.
• Address any mule accounts that might be on your books.
• Ensure that your fraud detection solutions address not only outgoing payments, but also incoming payments too and that you have the ability to hold funds if deemed necessary.
• Understand the impact on your operations of inbound payments and the additional alerts that your fraud detection solution may create.
• Understand the additional capacity that may be needed within your operations to handle the additional processes for reimbursements, both making requests to receiving banks, but also processing those requests as a receiving bank.

The PSR expects that the new reimbursement requirement will reduce APP fraud over time and increase confidence in the faster payments so allowing greater competition with other payment methods with the benefits that will bring. However, in the short term, PSPs who are not prepared for this change are likely to face increased losses and reputational risk.

Now is the time to act. 

Visit our fraud detection solution page for more information on how NICE Actimize can help.