PSR reimbursement requirements and recent court decisions signal move to protect victims of APP fraud | Fieldfisher
Skip to main content
Select location United Kingdom
Insight

PSR reimbursement requirements and recent court decisions signal move to protect victims of APP fraud

Nathan Capone
15/07/2024

Locations

United Kingdom

On 7 October, the Payment Systems Regulator will introduce a new reimbursement requirement for authorised push payment fraud within the Faster Payments system. If an individual suffers an authorised push payment (APP) fraud within the Faster Payments system, the new provisions will (a) require payment service providers (PSPs) to reimburse customers within five business days; and (b) share the cost of reimbursing victims 50:50 between sending and receiving payment firms.

In 2022, there were around 207,000 reported APP fraud cases on personal accounts and losses totalled £485.2 million. The PSR expects the new requirements to lead firms to innovate and develop more sophisticated methods to change customer behaviour and make better decisions on when to intervene and stop payments.

Reimbursements will not apply to:

  • Civil disputes
  • Payments which take place across other payment systems
  • International payments (including SWIFT)
  • Payments for unlawful purposes
  • Where the customer has been grossly negligent (unless the customer is 'vulnerable')

There will be no minimum value threshold, but the maximum level of reimbursement is £415,000. A victim will have thirteen months to bring a claim from the date of the last payment.

The PSR expects the new requirements to decrease the level of APP fraud and many PSPs will need to enhance their fraud prevention systems and controls so as to avoid being required to make significant repayments. But are there potential drawbacks to the new requirements?

First, there is a potential risk that if customers are more confident of being reimbursed, they will take less care ensuring that their payee is not a fraudster and therefore the requirements may have a converse effect. In this respect, gross negligence is a very high bar for the customer standard of caution. It may also significantly increase friction in the payment journey for legitimate transactions as PSPs scrutinise transactions more heavily.

Secondly, the new requirements may provide an opportunity for fraudsters to create the appearance of an APP fraud (i.e. the fraudsters act as the payor and payee) in the expectation that they will be reimbursed by the PSP.

It is also worth noting that the new requirements will not protect consumers in all instances. For a payment to be an applicable APP scam payment, it must be executed in the UK and received in a relevant account in the UK (excluding the Channel Islands and Isle of Man)., which means that the 'start' and 'end' of the payment journey must be in the UK for the payment to be in the geographical scope of the policy. For example, if a UK resident client of 'XYZ FX' buys a property and has to pay a third party in Spain, and that FX company receives GBP, via Faster Payments, from its client's UK bank account and converts those funds to EUR and makes an onward payment to a fraudster's Spanish bank account, this would be outside the scope of the requirements. The fraudulent transaction is the payment initiated by the customer from XYZ FX to the third party in Spain and is not the transfer of funds from the customer's UK bank to XYZ FX.

Notwithstanding the intended limited scope of the policy, it is apparent from some recent decisions that the UK Court may be prepared, tentatively, to provide consumers who are victims of APP fraud with potential routes to recovery. Earlier this year, the first decision post Barclays v Phillip in a Quincecare claim was made in CCP Graduate School v Natwest & Santander [2024] EWHC 581 (KB). This was a summary judgment application regarding the ‘retrieval duty’ against banks which had been involved in fraudulent money transfers. Philip held that a bank could be sued by its customer for failing to take reasonable care in seeking to recover funds that the customer had been induced by fraud to pay out once the customer had notified the bank and countermanded the original instructions. In CCP Graduate School, the Court dismissed the claim against Natwest (for limitation reasons) but allowed the claim against Santander to proceed based on the failure to comply with the 'retrieval' duty.

More recently, Revolut has contested two claims by victims of APP fraud for having facilitated such transfers, and has attempted to have these summarily dismissed, but not with outright success.

In Larsson v Revolut Ltd [2024] EWHC 1287 (Ch), an individual was fraudulently induced to make SWIFT payments to accounts held with Revolut. Following receipt, the payments were transferred away from the Revolut account by the fraudsters. The Claimant alleged that Revolut’s failure to detect fraud was a breach of contractual or tortious duty, alternatively that it dishonestly assisted the fraudsters. The Judge dismissed the claims for breach of contractual or tortious duty. However, the claim for dishonest assistance was allowed to proceed, on the basis that there was a constructive trust over stolen money, which on the Claimant's case was breached when the money was dissipated. A claim against a financial institution for dishonest assistance is not new law. Banks may be found liable if they transfer or receive money that they know or should have known were the proceeds of crime. However, proving dishonest knowledge is typically very difficult in such cases as usually the bank has no knowledge about the underlying fraud at all, making it impossible to prove that it had dishonest knowledge.  Larsson is noteworthy in that the argument being made is that "Revolut turned a blind eye to its doubts as to the normative validity of the transactions and this amounted to "objective dishonesty"", i.e. it focuses on a process failure owing to the alleged suspicious nature of the relevant transactions. However, the claimant will still be required to identify an individual within Revolut who was 'dishonest ' in order to make good his claim.

In Terna Energy Trading DOO v Revolut Ltd [2024] EWHC 1419 (Comm), a company was similarly fraudulently induced to make a SWIFT payment to an account held with Revolut. It was alleged that this caused Revolut to be unjustly enriched, and so liable to give restitution to Terna. Here, the Judge scrutinised previous authorities, including Tecnimont Arabia Ltd v Natwest [2023] Bus LR 106. The conclusion in Tecnimont (which also involved an APP fraud) was that the argument that Natwest was enriched “at the expense of” the claimant was inapplicable as it "would fail to recognise the established manner in which international bank transfers are made". However, in this second Revolut case, the Judge explained that he was “convinced” that the reasoning in Tecnimont was wrong and declined to follow it.

This means that, potentially, outside of the PSR requirements and complaints to the Financial Ombudsman, a victim of an APP fraud has three potential litigation routes to recovering monies from a financial institution which made the relevant transfer in an APP fraud: (i) failure to comply with the 'retrieval' duty following Philip; (ii) dishonest assistance; (iii) unjust enrichment. The latter two claims are, at present, somewhat speculative, but certainly not inarguable as the two Revolut cases demonstrate.

Areas of Expertise

Fraud, Financial Crime and Investigations