The Treasury Committee has published a unanimously-agreed report on Economic Crime. The report says that in the first half of this year, over £600 million was stolen from consumers. Economic crime is a serious and growing problem in the UK. One method to combat it is Confirmation of Payee, which will cross-reference payee names with account numbers and sort codes. If financial firms aren’t ready to introduce it by March 2020, the regulators should consider sanctioning them. Another method that should be introduced is a 24-hour delay on all initial payments between accounts, providing time for consumers to consider if they are being defrauded. When money is stolen, the voluntary Contingent Reimbursement Model (CRM) is a welcome step to set out how its signatories should reimburse money lost to consumers by certain types of fraud. It should now be made compulsory, and firms should consider retrospectively reimbursing customers back to 2016. Regulators should define the term ‘grossly negligent’ to provide consistency on whether or not a consumer is reimbursed.

The report has found that:

  • Fraud is the second most common crime type in England and Wales. There are two main types of economic crime affecting consumers: authorised push payments (APP), where the genuine customer processes a payment to another account whist is controlled by a criminal, and unauthorised fraud, where the account holder does not provide authorisation for the payment to proceed and the transaction is carried out by a third party. Both in terms of financial losses and the variety of scams suffered by consumers, it’s clear that economic crime is a serious and growing problem in the UK. To ensure a clear picture of the scale and types of economic crime facing consumers, the Financial Conduct Authority (FCA) should publish data on economic crime.
  • At present, when a payment is sent, the initiator of the payment must give the payee’s name, account number and sort code. The latter two are cross referenced and confirmed with the receiving bank, but the payee’s name is not. Confirmation of Payee (CoP), which is set to be introduced in March 2020, involves the payee’s name also being confirmed. It’s a serious failure that banks weren’t already doing this. The regulators should consider sanctioning any firm that misses the March 2020 deadline.
  • The Contingent Reimbursement Model (CRM) is a voluntary financial services industry code which sets out how its signatories should reimburse money lost to consumers via APP fraud. The CRM is welcome and should now be made compulsory in legislation. This won’t, however, provide any resolution to previous victims of such frauds. Financial firms have been warned since 2016 that they have been failing in their duty to protect customers by not linking information on account names to payments. Firms should strongly consider whether refusing to retrospectively reimburse customers who relied on the payee name is fair and just.
  • Faster Payments are an instant transaction which are normally processed in seconds. Fraudsters rely on this speed to move money into a series of accounts before consumers and banks are aware. Very few first-time payments need to be received instantaneously. Therefore, there should be a mandatory 24-hour delay on all first-time payments, providing time for consumers to consider if they are being defrauded. All future payments to the same account could flow at normal speed. If an initial payment was needed instantly, a customer could ring their bank and additional checks could be carried out for the funds to be released.
  • Money mules are individuals who allow their bank account to be used to move criminal funds. In 2018 there were around 40,000 cases that bore the hallmarks of money mule activity. For example, it was reported that students were selling their account log-in details to fraudsters who sought to evade the strict checking procedures when individuals try to open an account. Where groups of people who may be most susceptible to being persuaded to become money mules are identified, targeted information campaigns should be undertaken e.g. banks should work with universities to provide information for students.
  • De-risking is where a bank ends its relationship with a customer it deems to be too high-risk. The Committee has been told that whole sectors have had their banking services withdrawn or refused in the first place without explanation and no avenue to query the decision. Banks must be as transparent as possible on de-risking to allow all individuals and firms the best possible chance of keeping their financial services. The FCA, which has at times appeared unable to act to prevent de-risking from happening, and the Financial Ombudsman Service should ensure that, where possible and appropriate, instances of de-risking where a customer cannot come to resolution with their banks are fully investigated and banking services returned as quickly as possible.
  • The Committee has heard concerns about how law enforcement has been dealing with economic crime, and the lack of resources allocated to it. It is unacceptable that victims of potentially devastating crime can have their cases moved across law enforcement from pillar to post. It’s welcome, therefore, that this is both a focus of the police, and its inspectorate. It’s concerning that banks do not always appear to be reporting instances to the police where, for example, the bank has reimbursed the victim. The Government should require all frauds to be reported regardless of their size, and whether or not a financial institution has reimbursed a consumer. It is not always clear to consumers whether a fraud should be reported to a bank, the police or Action Fraud, nor is it always clear what each entity would do with the information provided. This process needs clarifying for consumers.
  • When a firm concludes that a loss from an unauthorised fraud was down to the consumer’s own ‘gross negligence’, reimbursement is unlikely. Existing regulations don’t define ‘gross negligence’, allowing individual firms to set their own bar of what customer behaviour it deems to be grossly negligent. This could lead to a lack of consistency between how customers with the same circumstances are treated. The regulators should agree an accepted definition of gross negligence and require firms to provide a list of ‘dos and don’ts’ for customers to show how individual firms define proper account usage.

Commenting on the Report, Rushanara Ali MP, the Treasury Committee’s lead member for this inquiry, said “With scams getting ever-more sophisticated, it’s clear that economic crime is a serious and growing problem in the UK. The Treasury Committee’s report examines the scale of economic crime faced by consumers, ways that financial firms are combatting economic crime, how economic crime is investigated, and consumer’s rights and responsibilities.”

“To ensure that consumers are protected, it should now be compulsory for financial firms to reimburse money lost to victims of Authorised Push Payment fraud, and they should consider doing so retrospectively. There should also be a mandatory 24-hour delay on all first-time payments, allowing consumers time to consider the risk that they are being defrauded. The Government and regulators should take on board all of the Committee’s recommendations to enhance consumer protection in the face of this harmful tide of criminal activity.”

Responding to the Treasury’s Committee on Economic Crime, UK Finance Chief Executive Stephen Jones said “Investing millions in security systems to defend customers, supporting law enforcement in disrupting criminals and helping customers protect themselves from scams are core priorities for the finance industry.”

“The Authorised Push Payment voluntary Code is a key part of this work and provides important protections for customers of signatory firms from authorised push payment scams. Nevertheless, we welcome the Committee’s recommendations that issues of liability and reimbursement should best be addressed by new laws rather than just a voluntary Code alone, and the recommendation that third parties should be liable for the associated costs to financial services when they are responsible for data breaches that increase the risk of payment scams.”

“We look forward to working through these and the other thoughtful recommendations made by the Treasury Committee to enhance the ability of the finance industry to combat the ongoing threat of economic crime.”