Skip to main content
Marsh logo

Article

Insurance considerations for the APP fraud reimbursement requirement

With the new UK reimbursement requirements for victims of authorised push payment fraud, we outline the insurance and risk implications for payment service providers.

05/09/2024 · 5 minute read

The UK Payment Systems Regulator (PSR) is introducing a mandatory reimbursement requirement for victims of authorised push payment (APP) fraud. The scheme, due to come into force from October 7, aims to hold payment service providers (PSPs) to greater account for fraudulent transactions suffered by customers. It is critical that all PSPs operating in the UK understand the requirements of this scheme and consider the risk and insurance ramifications it poses to their business.

APP fraud

In 2023, APP fraud losses within the UK totalled £459.7 million — with personal losses constituting the majority. Typically, APP fraud involves criminals using social engineering techniques to convince victims to send funds. Fraudsters may pose as people in positions of authority or imitate friends and relatives to request money via phone calls, emails, text messaging, or social media.

Incidents of APP fraud are increasing in the UK — in 2023 the recorded number of APP fraud cases rose by 12%. APP fraud seeks to take advantage of the enhanced speed of direct electronic payments offered by the faster payment service (FPS); in 2021 FPS was used in 97% of fraudulent APP payments.  

The PSR has acknowledged these concerns and, in response, developed the FPS APP scams reimbursement requirement. This scheme aims to offer more robust protection from APP fraud to customers, while enabling victims a clearer route to recovery.

The FPS APP scams reimbursement requirement

The reimbursement requirement is an industry-wide legal requirement for UK FPS transactions involving PSPs, which can include banks, building societies, and fintechs.

Initially, the PSR intended to impose a maximum reimbursement, beyond a £100 excess, of £415,000 — to be split equally between the offending PSPs. This figure aligned with the maximum award from the Financial Ombudsman Service (FOS) to limit the number of fraud cases being referred to the FOS for resolution. However, in response to lobbying from various lenders, fintechs, and politicians, the PSR has indicated it may elect to reduce the maximum reimbursement figure to £85,000.

Any funds the receiving PSP recovers from APP fraud must be split equally with the sending PSP. This equal split is to encourage PSPs on either side of the transaction to carry out due diligence and help reduce fraud within the industry. Potentially, any evidence of systemic failures and repeat offences from PSPs could open the door to wider regulatory scrutiny.

However, customers may fail to secure a reimbursement under the new legislation if they are found to have acted carelessly in respect to the ‘consumer standard of caution’. The burden of proof for customers acting with ‘gross negligence’ rests with the PSP. To protect customers and ensure they are acting with sufficient caution, PSPs can improve fraud prevention controls and adopt interventions, such as ‘confirmation of payee’ to prevent fraudulent transactions.

Customers may have failed to act with the ‘consumer standard of caution’, if they have:

  • Ignored or bypassed interventions from PSPs or a national authority that warned the payment they were attempting to conduct could be APP fraud.
  • Failed to report fraudulent transactions to their PSP within 13 months from the date of the last applicable transaction.
  • Been unresponsive to reasonable information requests from PSPs surrounding their claim.
  • Failed to either respond to orders from the relevant PSPs to report the case to the police or another relevant authority, or give consent for the relevant PSPs to report directly to the police.

Insurance considerations for PSPs

Marsh’s financial institutions (FI) claims report 2023 revealed that one-fifth of notifications made by banks related to crime insurance policies — with third-party fraud and cyber/telephonic crime amounting to 27% of all crime related matters.

It is critical that PSPs consider the insurance and risk issues that the reimbursement requirement introduces. Risks need to be quantified and modelled against, along with the possible losses they may entail.

The scale of APP fraud is significant, and bad actors have the opportunity to defraud customers from data leaks and possibly use developments in artificial intelligence to deceive customers.

Specific insurance and risk issues PSPs must consider, include:

  • Risks associated with their partnerships with other PSPs. Partners or third parties could present exposures that PSPs are currently unaware of if they are not adept at detecting and preventing APP fraud.
  • Infrastructure exclusions within a crime or professional indemnity (PI) insurance policy could apply if a PSPs’ system fails to send an intervention to a customer before a transaction. This is more relevant than ever, as 58% of claims notifications in 2023 from Marsh FI clients related to PI/civil liability insurance policies.
  • Under relevant insurance policies, excesses and retentions that are greater than the average APP fraud loss may limit the ability for an insurance recovery. The ability to aggregate APP fraud losses must also be considered to determine potential insurance recovery.
  • Directors and other business leaders need to be aware of their duties and ensure that their business is appropriately responding to the requirements of the new legislation and the expectations of PSPs in tackling fraud.

Acting before scheme introduction

It is essential that all organisations handling FPS payments are aware of the risks and liabilities that the APP fraud reimbursement requirement introduces. All PSPs should review their existing processes and controls to mitigate risk and ensure compliance before the reimbursement requirement’s introduction on October 7.

For further advice and discussion on topics raised above, contact your Marsh representative.

Our people

Will Davis

Will Davis

Financial Institutions Banks Leader

  • United Kingdom

Jospeh Hill

Joseph Hill

Product Executive, UK Financial and Professional Lines

  • United Kingdom

Related insights

essence of a bustling city financial district with towering skyscrapers

Report

Financial institutions claims report: 2023 year in review

10/05/2024
Placeholder Image

Article

Ensuring financial lines insurance addresses AI risk: 10 key questions

03/05/2024
Rainforest landscape with trees

Article

Climate litigation is a growing risk for financial institutions

20/03/2024
Business success and growth concept.Stock market business graph chart on digital screen.Forex market, Gold market and Crude oil market

Article

Protecting wealth management from digital risks

26/01/2024
View more