PSR CP21/10 APP Scams consultation paper - Which? response

Summary

• Which? welcomes the PSR’s proposals to require the largest payment service providers(PSPs) to publish comparative data on their performance in relation to APP scams. Which? has long argued that better transparency can help to drive better outcomes in terms of the prevention of APP scams and the treatment of victims.
• The PSR’s proposals on firm-by-firm data will, though, only provide a partial picture which could be misleading. Which? therefore sets out a series of recommendations further below. These include that all PSPs should be required to report and publish data (potentially subject to a de minimis threshold for the very smallest and/or newly-authorised PSPs), and that data should be included on the time taken to resolve complaints and the stage at which complaints were resolved, including data from the Financial Ombudsman Service (FOS).
• Greater transparency will not directly help protect consumers from the urgent and growing harm caused by APP scams. Which? therefore remains concerned about the lack of progress being made by the PSR on data sharing between firms and consumer protection. In both areas, the PSR continues to consider voluntary measures, when these have repeatedly been shown to have failed to tackle the harm caused by APP scams.
• We are especially concerned that the PSR is currently ruling out amending the balance of liabilities within the existing CRM Code for any new system. This would mean that the CRM Code’s five overlapping and poorly understood exclusions for reimbursement would be copied and pasted under a new system for PSPs to be able to pick and choose from. This will not address the longstanding issues of low and inconsistent reimbursement rates identified by the PSR over the past two and a half years since the CRM Code was launched.
• The CRM Code was devised by an external steering group when the PSR could not intervene to make reimbursement mandatory, and the policy parameters set by the PSR were specific to that context. This context will change once the Government legislates and so should the PSR’s approach.
• Which? is calling on the PSR to urgently commit to establishing mandatory industry-wide standards for fraud data sharing and consumer protection, including a fair and effective system of reimbursement that is underpinned by legislation. While it is not the focus of this consultation, we also call on the PSR to make Confirmation of Payee mandatory for all PSPs, given the PSR’s separate findings that fraudsters are exploiting the partial adoption of this vital preventative measure. In particular:
  • The PSR should set out a deadline for the joint working group on fraud data sharing to propose industry standards, and make clear that the PSR will review these standards and then make finalised standards mandatory for all PSPs.
  • The PSR should rule out any option involving voluntary reimbursement standards (as included in the proposed Measure 3B) and commit to mandatory industry-wide standards of reimbursement based on a revised and simplified consumer standard that is underpinned by legislation. The Government should set out the liability regime for reimbursement in legislation so that this is given the strongest legal effect and not constrained to Faster Payments, now and in the future. This should mean that the reimbursement obligation covers CHAPS and on-us transactions, which are already covered by the CRM Code, as well as international payments, which the PSR determined were out-of-scope for the CRM Code but had said should be kept under review.
  • The PSR should direct all PSPs to introduce Confirmation of Payee as soon as is practically possible. Where firms provide strong evidence to demonstrate that they need more time than others, the PSR should set out a series of deadlines.