The Financial Conduct Authority (FCA) has issued two significant “Dear CEO” letters, marking the implementation of the new requirements for reimbursing victims of Authorised Push Payment (APP) fraud. The new rules, effective as of 7 October 2024, are aimed at reinforcing the UK financial system’s ability to detect, prevent, and manage fraud, as well as ensure that customers are reimbursed in a timely manner. These letters outline specific expectations for payment institutions, e-money institutions, banks, and building societies.
While the letters are tailored for different types of financial entities, they share a common theme across three key areas that the FCA has flagged for immediate attention:
1. Governance arrangements, systems, and controls
The FCA expects firms to strengthen their governance frameworks by ensuring they have appropriate oversight, systems, and controls in place to detect, manage, and prevent fraud. These controls should be applied during both the onboarding of customers and through continuous transaction monitoring to mitigate fraud risks. Effective governance ensures that firms are vigilant in identifying both fraudulent activity and fraudsters who exploit systems to receive payments.
2. Regular reviews of fraud prevention mechanisms
Firms are required to regularly review their fraud prevention mechanisms, processes, and controls to ensure they are not only compliant but effective. This includes both the technical aspects, such as transaction monitoring, and the human elements, such as staff training and procedural reviews. Proactive management of fraud risks will help firms stay ahead of emerging threats and reduce liability, especially given the significant financial and reputational risks that APP fraud poses.
3. Customer Due Diligence (CDD) controls at onboarding and ongoing monitoring
The effectiveness of Customer Due Diligence (CDD) controls remains critical, especially when onboarding new clients. These controls must extend to ongoing monitoring to identify any accounts that may potentially be used to receive proceeds of fraud or financial crime. Given the increased sophistication of fraudsters, it’s vital for firms to ensure that they are adequately screening customers, monitoring suspicious transactions, and reporting concerns to prevent fraud from taking root.
Why does this matter?
The FCA’s letters signal a strong push toward compliance with the new APP fraud reimbursement requirements, as well as a broader emphasis on preventing financial crime across all types of institutions. The FCA has made it clear that financial firms have a responsibility not only to comply with these rules but also to proactively work to protect customers from becoming victims of fraud.
APP fraud, which involves fraudsters tricking victims into authorising a payment to a criminal, has been a growing problem, costing consumers millions of pounds each year. These reimbursement rules apply to payments made through Faster Payments System (FPS) and CHAPS. Firms are now required to reimburse victims unless they acted fraudulently or with gross negligence. Furthermore, the rules introduce a shared responsibility for reimbursing fraud victims between sending and receiving firms, incentivising all parties to enhance their anti-fraud efforts.
To read the FCA’s letter to payment institutions and e-money firms, click here.
To read the FCA’s letter to banks and building societies, click here.
How Neopay can help
At Neopay, we specialise in helping firms strengthen their compliance frameworks, ensuring that they meet and exceed regulatory expectations. Our services include:
- Fraud framework review: We offer detailed assessments of your existing governance arrangements, systems, and controls, ensuring that they are robust enough to detect, manage, and prevent fraud effectively.
- Systems and controls Optimisation: Our team can help you review and optimise your fraud prevention mechanisms, ensuring that they are aligned with FCA expectations and effective in mitigating risks.
- Customer Due Diligence (CDD) enhancements: We assist firms in strengthening their onboarding and ongoing monitoring processes, ensuring that your CDD procedures are not only compliant but capable of identifying potential fraud risks.
- Compliance audits and support: Our tailored audits will help you identify gaps in your fraud controls and ensure your firm is fully prepared for any regulatory scrutiny. We also provide ongoing compliance support to keep your processes up to date.
Contact us today to learn more about how we can assist your business in maintaining robust anti-fraud arrangements and navigating the APP fraud reimbursement requirements.