Fintech, digital assets, payments and consumer credit | UK Regulatory Outlook October 2024

Updates on authorised push payment fraud

PSR confirms £85,000 maximum reimbursement limit for APP fraud

On 25 September 2024, the Payment Systems Regulator (PSR) published a press release confirming its decision on the maximum reimbursement limit for victims of Faster Payments authorised push payment (APP) fraud, setting the new maximum limit at £85,000.

As previously reported (see last month's Regulatory Outlook for background), this is a significant change from the previously proposed limit of £415,000. The PSR considers that this decision:

• strikes an appropriate balance having regard to its innovation and competition objectives;
• provides world-leading protections to those falling victim to scams, given that over 99% of APP claims will be covered by the maximum limit; and
• gives firms strong financial incentives to continue to make improvements to their fraud prevention controls.

The Bank of England (BoE), as the operator of Clearing House Automated Payment System (CHAPS), has similarly decided that the maximum reimbursement for CHAPS will be £85,000, recognising the benefits to both industry and consumers in having a consistent limit across the two payment systems.

The new maximum limits came into effect on 7 October 2024. Both the PSR and BoE will closely monitor their impact and are expected to perform an evaluation of effectiveness after 12 months of operation.

PSR guidance on APP scams reimbursement requirement

On 23 September 2024, the PSR published guidance to support payment service providers (PSPs) in assessing whether an APP scam claim raised by a consumer is reimbursable under the Faster Payments scheme and CHAPS reimbursement rules, following a consultation period (reported in this Regulatory Outlook). If deemed instead to be a private civil dispute, such a claim will not be reimbursable.

The guidance sets out high-level factors that PSPs should consider when making a determination:

• communication and relationship between the consumer and the alleged scammer;
• trading status of the alleged scammer;
• alleged scammer's capability to deliver the goods and services related to the claim;
• extent to which the alleged scammer deceived the consumer as to the purpose of the payment; and
• information held by the receiving PSP(s) about the relevant account(s).

FCA 'Dear CEO' letters on APP fraud reimbursement

On 7 October 2024, the Financial Conduct Authority (FCA) published two "Dear CEO" letters setting out its expectations relating to the new APP fraud reimbursement measures, one to banks and building societies and the other to payment and e-money institutions (collectively PSPs), including:

• Anti-fraud systems and control. PSPs should: have effective governance arrangements, controls and data to detect, manage and prevent fraud, and regularly review their effectiveness; maintain appropriate customer due diligence controls, both at onboarding stage and on an ongoing basis to identify and prevent accounts being used to receive proceeds of fraud or financial crime.
• Consumer duty: under the consumer duty, PSPs must avoid causing foreseeable harm (which would include a consumer falling victim to a scam relating to a firm's financial products due to the PSP's inadequate systems); and
• "On us" APP fraud reimbursement: if PSPs plan to use internal book transfers (also called "on us" or intra-firm payments, where both the sending and receiving payment accounts are held with the same firm or group), consumers may be more exposed to APP fraud – as such, the relevant PSP should discuss this in advance with the FCA.

Other UK updates

UK Finance work on new payment and settlement capabilities in banking sector

On 17 September 2024, UK Finance (UKF) published a press release regarding its "regulated liability network (RLN) experimentation phase", on which it has been working with eleven of its members.

Described as a new type of financial market infrastructure that can deliver new capabilities for payments and settlement, including tokenisation and programmability, UKF highlighted a number of potential benefits including reducing fraud, improving efficiency in the home buying process, and reducing the cost of failed payments in the UK.

In particular, the UKF suggests that an RLN could be of use in relation to the BoE's approach to innovation in money and payments, as set out in the BoE's July 2024 discussion paper.

Payment Services (Amendment) Regulations 2024 published

On 9 October 2024, the Payment Services (Amendment) Regulations 2004 (SI 2024/1013) were published and will come into effect on 30 October 2024.

The amendment regulations amend the Payment Services Regulations 2017 (which require PSPs to execute payment transactions within maximum time limits), so that a payer's PSP can delay the crediting of the payee's PSP's account for certain in-scope payments from D+1 by up to a further 72 hours, (that is, D+4). The payer's PSP can delay where, within a specified time, the PSP establishes reasonable grounds to suspect  the order has been made subsequent to fraud or dishonesty perpetrated by a third party (which may include the payee).

The delay should be used to enable the PSP to determine whether the order should be executed and must not exceed a specified time limit.

PSR updates powers and procedures guidance

On 20 September 2024, the PSR published an updated version of its powers and procedures guidance, which was originally published in 2015 and last updated in 2020. The updated guidance – which was a result of a consultation period reflecting changes to the PSR's management structure – includes the PSR's:

• role and ways of working; and
• powers to take regulatory action under the Financial Services (Banking Reform) Act 2013, including its decision-making process and the process for appeals.

Individual pleads guilty to illegally operating crypto ATMs

On 30 September 2024, the FCA published a press release announcing that an individual has pleaded guilty to five offences relating to illegally operating crypto ATMs (which allow individuals to buy or convert funds into cryptoassets), the first UK conviction of its kind. Sentencing will take place in due course.

Businesses seeking to provide cryptoasset services falling within the scope of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 must be registered with the FCA. Currently, there are no legal crypto ATM operators in the UK.

Approach to implementing and operating Digital Securities Sandbox confirmed

On 30 September 2024, the BoE and the FCA published a joint policy statement (PS24/12), final guidance and other materials setting out their approach to implementing and operating the Digital Securities Sandbox, the first financial market infrastructure sandbox to be established under powers granted by the Financial Services and Markets Act 2023.

The sandbox (that will allow firms to use developing technology, such as distributed ledger technology, in the issuance, trading and settlement of securities), is now open to applications.

BoE response to discussion on longer RTGS and CHAPS operating hours

On 3 October 2024, the BoE published a response paper regarding a possible extension to Real-Time Gross Settlement (RTGS) and CHAPS operating hours. Although the BoE expresses a preference for a first-stage extension of 4.5 hours in the morning (with settlement starting at 1.30 am), no extension is expected before 2027.

The BoE now plans to work with industry to shape future RTGS and CHAPS settlement hours, and to publish a consultation paper in 2025 setting out a more detailed proposal.

EU updates

European Commission adopts delegated regulations under MiCA on complaints handling

On 30 September 2024, the European Commission adopted a delegated regulation specifying the requirements, templates and procedures for the handling of complaints relating to asset referenced tokens under the Markets in Crypto-Assets Regulation (MiCA).

On 1 October 2024, it adopted a delegated regulation specifying the requirements, templates and procedures for the handling of complaints by cryptoasset services providers under MiCA.