On 23 January 2020, the Payment Systems Regulator (PSR) published a speech by Chris Hemsley, Managing Director of the PSR, setting out his views on, among other things, ensuring that victims of authorised push payment (APP) fraud are reimbursed when they have done nothing wrong.

The PSR welcomes the voluntary Contingent Reimbursement Model Code (CRM), which a number of banks signed up to in May last year but acknowledges that there are still loose ends to be tidied up, including: governance arrangements around the CRM; processes and rules to allow new institutions to join; clarity about how individual CRM banks can fund the reimbursement of consumers; and understanding how the CRM is applied and whether it is working in protecting consumers and reducing fraud.

Mr Hemsley supports the principle of using a rule change in the payment systems to introduce protection for victims under the code. He also takes the view that banks or building societies should be able to recover the cost from other firms, including those outside of the financial sector, where that third party firm has failed to take reasonable steps to prevent the fraud from happening.

As a step to prevent APP scams, the PSR has required the introduction of Confirmation of Payee by the end of March 2020. This measure requires banks to check the name on the account that someone is paying into as well as the account number and sort code so that customers can confirm that they are paying the intended recipient, helping to sport scammers or a misdirected payment.