Fighting authorised push payment scams: final decision
Payment Systems Regulator
claims at such levels are very rare.
33
In addition, as noted in paragraph 1.18, above, smaller
PSPs have told us that they typically face APP fraud cases under £30,000 in value.
1.31 Based on the evidence that we have, we have assessed the prudential risks to PSPs
from rare high-value claims as being low for a number of reasons:
a. First, such high-value claims are very rare, even among the largest PSPs. Smaller
PSPs are unlikely to face a number of low-frequency, high-value frauds in a given year:
for example, in 2022, only approximately 25 APP fraud claims exceeded £410,000 out
of a total of more than 200,000 reported APP fraud cases.
b. Second, while funding conditions in the sector may deteriorate, they have remained
fairly robust to date, with most loss-making firms continuing to receive required funding.
c. Most importantly, there are a number of steps that PSPs can take to mitigate the
risks of high-value APP fraud transactions moving through their accounts. We will
work with impacted firms alongside the FCA to mitigate the impact, where possible,
if increased prudential risk arises.
Exclusion of credit unions from the policy
1.32 As set out in Chapter 3, above, we have excluded credit unions, municipal banks and
national savings banks from the reimbursement requirement. As set out there, this is
based on comparing the limited benefits of including them (as APP fraud involving
credit unions is currently very rare) with the potentially material costs.
1.33 On limited benefits, our data indicates that reported APP scams being sent to credit unions
are rare, with just three credit unions appearing among around 180 firms that received APP
fraud in 2022, accounting for about 40 instances of APP scams and losses totalling in the
region of £20,000, out of a total of £385 million of total APP scam losses in our dataset.
34
The accounts provided by credit unions are not high risk (mainly savings and loan accounts)
and outbound payments can usually only be sent to nominated accounts. As such, it is also
unlikely that fraud will migrate to these institutions if they are excluded from the scope of
the policy.
1.34 On costs, the extra burden of even partially complying with the policy could generate
significant costs for credit unions, impact negatively on financial inclusion and reduce the
availability of affordable credit, which could particularly affect more vulnerable low-income
consumers. This rationale is consistent with the reason for the exclusion of these kinds of
firms from the PSRs 2009.
1.35 We have not reflected this further in this cost benefit analysis, as the impact of excluding
credit unions is not material in the context of the wider policy.
33 See consultation paper CP23/6, APP fraud: Excess and maximum reimbursement level for FPS and CHAPS
(August 2023), page 16, which shows that a tiny fraction of claims are above £350,000 at present: that is,
approximately 40 cases per year across the whole sector.
34 Data we have collected from the 14 major banking groups in the UK. For caveats on the data, see the data notes
section in the APP fraud performance report (October 2023), Technical annex.