Review of the Contingent Reimbursement Model Code for Authorised Push Payment Scams Consultation Document July 2020 Driving fair customer outcomes Annex 1:Fulllistofconsultation questions 6.2Publicationofconsultationresponses 6.1Howtorespond 6. Nextsteps 5.2Fundingthereimbursementofcustomers 5.1Theprocessofresolvingclaims 5. Resolvingclaims 4.3ConfirmationofPayee 4.2Effectivewarnings 4.1Awareness 4.  3.2Vulnerablecustomers 3.1Reducingtheimpactoncustomers 3.  2.2Coverageandbarrierstosigningup 2.1ThecurrentversionoftheCRMcode 2. Implementation 1.6Whoshouldrespond 1.5Aboutthisconsultation 1.4Reviewofapproachtoreimbursementcustomers 1.3Engagementwithstakeholders 1.2TheroleoftheLSB 1.1Background 1. Introduction CONTENTS Customer experience Prevention measures

18 17 14 12 10 8 4 3 Review of the Contingent Reimbursement Model Code for Authorised Push Payment Scams 2020 1. INTRODUCTION

1.1 BACKGROUND

In September 2016, the consumer body The code designed, the Contingent Which? submitted a super-complaint to the Reimbursement Model (CRM) Code, was Payment Systems Regulator (PSR) regarding launched on 28 May 2019. The voluntary code Authorised Push Payments (APP) scams. The sets out good industry practice for preventing complaint raised concerns about the level of and responding to APP scams. It also sets protection for customers who fall victim to APP out the requisite level of care expected scams. The PSR investigated the issue and of customers to protect themselves from published its formal response in December APP scams. Currently there are nine firms, 2016. The response recognised that further comprising 19 brands, signed up to the Code: work was needed and made recommendations for actions to be taken by industry. • UK plc Barclays In November 2017, the PSR published an update on the progress made. The PSR • The Co-Operative Bank recognised that there were still concerns Britannia and around the reimbursement of victims of APP • HSBC UK scams and consulted on the introduction HSBC, and M&S Bank of a ‘contingent reimbursement model’. • In early 2018, taking into account responses plc, , Bank of to the consultation, the PSR established Scotland plc and a steering group with representatives • Metro Bank from industry and consumer groups. The • Nationwide steering group was tasked with designing and implementing an industry code which • NatWest Bank plc would reduce the impact that these crimes Royal plc, have on consumers, micro-enterprises and NatWest Bank and small charities by introducing measures that • Santander UK would reduce the occurrence of APP scams Santander, and Limited and see victims of APP scams reimbursed. •

4 to reimbursementofcustomers. summary ofthereviewfirms’approach our stakeholderengagementanda out asummaryofviewscollatedthrough consultation, thefollowingsectionsset To providecontextalongsidethis consultation willformthebasisforthisreview. one-year post-implementation.This its impactontheindustryandconsumers, review oftheeffectivenessCodeand The LSBalsocommittedtocarryingoutafull approach toreimbursementofcustomers. undertaken athemedreviewoffirms’ the implementationofCodeandhas with arangeofstakeholdersregarding In thisrole,theLSBhascontinuedtoengage effectiveness, andtomaintainrefineit. implementation oftheCode,toensureits Code, theLSB’sroleistomonitor Having assumedgovernorshipoftheCRM overseeing complianceofthesestandards. in itsapproachtosettingStandardsand and APPscams.TheLSBisindependent business customers,branchclosures, by theLSBcoverlendingtopersonaland oversight. StandardsandCodesoverseen financial servicesthroughindependent in drivingfaircustomeroutcomeswithin body fortheCRMCode.TheLSBispivotal Board (LSB)becametheofficialgoverning On 1July2019,theLendingStandards 1.2 THEROLEOFLSB and arereflectedinthequestionsincluded. taken onboardwhendraftingthisconsultation These concernsandconsiderationshavebeen to theCodeoroffersimilarprotections. Initiation ServiceProviders(PISPs),tosignup firms, suchasbuildingsocietiesorPayment terms oftakingstepstoallowotherkey in termsofsigningupnewbanksand the protectionsofferedbyCode,both around howtoimprovethecoverageof A furtherkeyareaofdiscussionhasbeen operates, includingthoseregarding: concerns abouttheCodeandhowit stakeholders haveraisedanumberof Based onourengagementtodate, industry andconsumerrepresentatives. Advisory Groupwhichisformedofboth through thecontinuedmeetingsofCRM a combinationofbilateralmeetingsand various interestedstakeholdersthrough Over thepastyearwehaveengagedwith 1.3  • • • • • • ‘no blame’reimbursements. the futurefundingmechanismfor treatment ofvulnerablecustomers;and vulnerable, aswellidentifyingand which haveahigherriskofbeing expectations foridentifyingpayments the levelofscamsthatoccur; in theCodecomparedagainst operational costsofparticipating transaction monitoringrequirements; bank sitsoutsidetheCode; either thesendingorreceiving liability requirementswhere are inscopeoftheCode; the typesoftransactionsthat STAKEHOLDERS ENGAGEMENT WITH 5 Review of the Contingent Reimbursement Model Code for Authorised Push Payment Scams 2020 1.4 REVIEW OF APPROACH As with the feedback from stakeholders, issues TO REIMBURSEMENT raised in this review have been taken into OF CUSTOMERS account in the drafting of this consultation and are reflected in the questions included. Between October 2019 and January 2020, the LSB carried out a review of the approach to reimbursement of customers under CRM 1.5 ABOUT THIS CONSULTATION Code provision R2(1)(c). The Code requires As set out above, this consultation will that where a customer has been the victim form the basis for the LSB’s one year post- of an APP scam, firms should reimburse the implementation review of the CRM Code. customer. Provision R2(1)(c) sets out that if the While the focus of the review is the Code, customer has not met a reasonable level of we are including within the scope of the care when making a payment, reimbursement review two supporting documents: can be denied. However, firms must be able to demonstrate that in all the circumstances at the time of the payment, in particular • the Practitioners Guide, which was the characteristics of the customer and the developed by the LSB and is made complexity and sophistication of the APP available to signatories to the Code scam, the customer made the payment to support them in achieving the without a reasonable basis for believing that: requirements of the CRM Code. The guide also contains supporting annexes. • the payee was the person the • the Information for Customers document, customer was expecting to pay; which was published to promote awareness of the Code and to inform • the payment was for genuine customers of the various ways in which goods or services; and/or they can reasonably protect themselves • the person or business with whom from falling victim to an APP scam. they transacted was legitimate. The consultation sets out questions The review included an assessment of the across four different areas: key controls and processes firms have in place to demonstrate compliance with the • Implementation - with questions seeking provision including considering how firms to establish any challenges firms have have interpreted the provision and assessing faced in adopting the Code, any barriers the level and depth of staff training. that exist to new firms signing up, and areas where the Code could be improved Overall, the LSB found that all firms involved to take account of insight gained over in the review had taken positive steps to the first year of implementation. implement the requirements of the Code for reimbursing customers. However, a number • Customer experience - with questions of key areas of improvement were identified seeking to establish whether the Code – reimbursements; effective warnings; has met its objective to increase the customer vulnerability and record keeping. proportion of customers protected from the impact of APP scams, both via reducing The LSB has issued individual reports to each incidents of scams and by reimbursement, firm which contain recommendations and and to determine what the experience required actions and will be working to ensure of victims of APP scams has been in the these are implemented, including tracking year since the Code was launched. through to completion. The LSB intends on completing a follow-up review exercise later in 2020 to ensure all actions are fully embedded.

6 that fallwithinthescopeofthiswork. the Codeandtosupportingdocuments review maybeusedtoinformrevisions the workundertakenaspartofwider The responsestotheconsultationand • • how thatreimbursementisfunded. a customer,includinginrelationto when makingadecisiontoreimburse to establishwhatchallengesfirmsface Resolving claims-withquestionsseeking to theobjectivesofCode. (CoP) areworkingeffectivelytosupport warnings, andConfirmationofPayee education andawarenesscampaigns, seeking toestablishwhetherconsumer Prevention measures-withquestions the Codeorthisconsultationdocument. person orPSPinrelationtorelianceon or liabilityfortheactionsomissionsofany LSB doesnotacceptanylegalresponsibility advice requiredbyanypersonorfirm.The or firmandisnosubstituteforformallegal not containanylegaladvicetoperson The Codeandthisconsultationdocumentdo feedback by5pmon30September2020. raised inthisconsultationandanyrelated We wouldwelcomeresponsestothequestions consultation aresetoutinSection6,Nextsteps. The detailsofhowtorespondthis change asaresultoffeedbackreceived. content ofthesupportingdocumentsmay documents. ThetermsoftheCodeand for changestotheCodeorsupporting of theirresponse,toprovidesuggestions Respondents arewelcome,inthecourse of anytheelementsCode. respondents areencouragedinrespect discussion andrepresentationsfrom in thisconsultation,furthercomment, While wehavesetoutarangeofquestions and maywanttorespondthisconsultation. interest intheLSB’sreviewofCRMCode and theindustrymoregenerallywillhavean service providers,consumerrepresentatives Current Codesignatories,otherpayment 1.6 WHOSHOULDRESPOND 7 Review of the Contingent Reimbursement Model Code for Authorised Push Payment Scams 2020 2. IMPLEMENTATION

2.1 THE CURRENT VERSION OF THE CRM CODE

The CRM Code came into force on In addition to the Code, there is a Practitioners 28 May 2019. In overview, the provisions Guide, with supporting annexes. This guide of the CRM Code set out: is made available to signatories to the Code. There is also a consumer facing • overarching principles, Information for Customers document aimed at informing customers about the Code. • general expectations on firms, • standards for firms for detecting, preventing The overarching objectives of the CRM Code and responding to APP scams, principles as set out at the start of the Code are:

• the circumstances in which customers, 1. To reduce the occurrence of APP scams; including customers vulnerable to APP 2. To increase the proportion of customers scams, can expect to be reimbursed, protected from the impact of APP • governance of the Code. scams, both through reimbursement and the reduction of APP scams; The current version of the CRM Code 3. To minimise disruption to can be found here. legitimate Payment Journeys.

Question 1: To what extent do you agree or disagree that the current version of the Code is clear about its purpose and scope?

Question 2: If you are a firm that has signed up to the Code:

a) Are there areas of the Code which are not working effectively in ensuring the objectives of the Code are met? If so, could you please set them out and, where possible, provide examples of why this is the case. ) Are there areas of the Code which have been particularly effective in ensuring the objectives of the Code are met? If so, could you please set them out and, where possible, provide examples of why this is the case.

Question 3:  Given the objectives of the Code, to what extent do you agree or disagree that the Code has effectively encouraged both sending and receiving firms, where they are signatories to the Code:

a) To improve their ability to prevent fraud? b) To put in place better customer protection measures against APP scams? c) To provide reimbursements to customers in a timely manner? d) To introduce measures in such a way that there is minimal disruption to legitimate payment journeys? e) To repatriate funds that are found to be proceeds of an APP scam?

8 • the coverageofCRMCode: that actionisneededtoincrease of firmswheretheLSBrecognises Broadly speaking,therearethreegroups has notbeenasfasthadhoped. Code isvoluntaryandprogressonthisfront Code. However,becomingasignatorytothe possible arecoveredbytheprotectionsin this willensurethatasmanycustomers Code isakeyareaoffocusfortheLSBas Increasing thenumberofsignatoriesto then onefurtherfirmhassignedup. majority ofretailbankingcustomers.Since the Code,providingprotectionsfor effect, eightfirmsweresignedupto At thetimethatCodecameinto 2.2  as drafted,butwhohaveyettodoso; thatcouldsignuptotheCode, there isanexistingpipelineofmid-sized Question 5: Question 4: Question 7: Question 6: Question 8: COVERAGE ANDBARRIERSTOSIGNINGUP

the requirementsofCode? Has thePractitionersGuidebeenusefulinsupportingfirmstomeet looking toprovideinformationorsupportcustomers? Has theInformationforCustomersdocumentbeenusefulfirms successfully implementedbysignatories? To whatextentdoyouagreeordisagreethattheCRMCodehasbeen b)  a) WhathaspreventedyoufromsigninguptotheCode? If youareafirmthathasnotsignedupto the Code: broad arangeoffirmsaspossible? to ensurethattheprotectionsofferedbyCodecan beapplied toas What changestotheCode,oralternativeoptions,should beconsidered up totheCode? What changeswouldneedtobemadeforyouconsider signing to signuptheCodeasdrafted. that thereremainchallengesforfirms the Code,stakeholdershavehighlighted stakeholders toincreasethecoverageof While thereiscommitmentfrommany entry firmsfaceinsigninguptotheCode. Association (BSA)regardingthebarriersto Entity (OBIE),andtheBuildingSocieties (EMA), theOpenBankingImplementation UK Finance,theElectronicMoneyAssociation engaged withstakeholdersincludingthePSR, In thefirstyearofimplementation,LSB • • example buildingsocietiesandPISPs. of theCodeasitcurrentlystands,for are unabletomeettherequirements there isalsoanothercohortoffirmswho but whoarenotsignatoriestotheCode; effectively followingreportsofaAPPscam, framework forfirmstoengagequicklyand Best PracticeStandards,whichprovidea there arefirmswhosignatoriestothe 9 Review of the Contingent Reimbursement Model Code for Authorised Push Payment Scams 2020 3. CUSTOMER EXPERIENCE

3.1 REDUCING THE IMPACT ON CUSTOMERS A key objective of the Code is to The amount of money returned to consumers increase the proportion of customers in 2019 was £116 million (25% of the total protected from the impact of APP value), which is made up of partial or total scams, both through reimbursement recovery of the funds as well as goodwill and the reduction of APP scams. payments made by firms in some cases.

The Code aims to achieve this by encouraging UK Finance has also published separate firms to take measures to reduce the figures for cases assessed under the voluntary occurrence of scams, and by requiring firms Code between 28 May 2019 and 31 December to reimburse customers who are victims of an 2019. These figures show that the value of APP scam as long as the customer has taken losses assessed was £101.1 million with £41.3 sufficient care when making the payment. million reimbursed to customers, meaning 41% of reported losses were reimbursed. According to UK Finance figures published This is an increase in the proportion of losses in Fraud – The Facts 2020, APP scams reimbursed, up from 19% for APP scam cases accounted for 36% of financial fraud as reported between January and June 2019. measured by losses, in 2019, second only to Payment Card fraud (48%). In total While the Code has increased the proportion the value of the APP scams in 2019 was of victims’ losses reimbursed, this information £455.8 million across 122,437 cases. shows that APP scams remain a significant harm to consumers and highlights the This represents a 45% increase in the importance of the work being done to reduce incidence of APP scams when compared the impact of these scams on customers. to 2018 and a 29% increase in value.

10 3.2 VULNERABLECUSTOMERS 2020, foundthattheidentificationof between October2019andJanuary reimbursement ofcustomers,completed The LSB’sthemedreviewonthe scam, againstthatparticularscam. at thetimeofbecomingvictimanAPP customer tohaveprotectedthemselves, it wouldnotbereasonabletoexpectthat circumstances shouldbereimbursedas make itclearthatcustomersinvulnerable with furtherdetailsinR2(3).Theseprovisions customers issetoutintheCodeSF1(4) The expectedapproachtovulnerable Question 16: Question 15: Question 14: Question 13: Question 12: Question 11: Question 10: Question 9: improve protectionsforcustomerswhomightbevulnerable toAPPscams? Are thereadditionalprotectionsthatshouldbebuiltinto theCodeto vulnerable toAPPscamsappropriate? Is theapproachtakeninCoderegardingcustomers whomightbe effective inensuringcustomerswhoarenotatfaultreimbursed? to whatextentdoyouagreeordisagreethattheCodehas been Where customersreporttheyhavebeenavictimofanAPPscam, experiencing APPscams? effective inincreasingtheproportionofcustomersprotected from To whatextentdoyouagreeordisagreethattheCRMCodehasbeen customer experienceofAPPscams? If not,doesthishaveanimpactontheeffectivenessofCode andthe Are customerssufficientlyawareoftheprotectionsofferedbytheCode? been victimsofAPPscams? Customers documenthasbeenusefulforcustomerswhomay have To whatextentdoyouagreeordisagreethattheInformationfor APP scams? Code hasresultedinanimprovedcustomerexperienceforvictims of To whatextentdoyouagreeordisagreethattheimplementationof customers appropriate? when makingapayment?And,isthelevelofcareexpected of Is theCodeclearaboutlevelofcareexpectedfromacustomer as aconsiderationforreimbursement. but, whereitwas,wasnotalwaysused evidence ofvulnerabilitywasavailable vulnerability. Inasmallnumberofcases, allow fortheclearidentificationofany to ascamwasoftenclosedanddidnot of customerswhoreportedfallingvictim the LSBhighlightedthatquestioning In thesummaryreportfollowingreview, to scamswasnotverywelldeveloped. vulnerability andcustomers’susceptibility 11 Review of the Contingent Reimbursement Model Code for Authorised Push Payment Scams 2020 4. PREVENTION MEASURES

4.1 AWARENESS The Code sets out a general expectation Further still, under SF1(2), firms are that firms should participate in consumer expected to take reasonable steps to education and awareness campaigns, see make their customers aware of general GF(1), to educate consumers about APP actions that could be taken to reduce the scams and the risks of fraudsters using risk of falling victim to an APP scam. their accounts and ‘mule accounts’.

Question 17: Are the steps firms are taking to improve customers’ understanding, of the risks of APP scams and actions they could take to reduce the risk of falling victim to such a scam, effective in achieving the objectives of the Code? Where possible, please provide supporting evidence.

4.2 EFFECTIVE WARNINGS

In the Code, SF1(2) sets out that ‘Where The LSB’s thematic review found that the firms identify APP scam risks in a payment issuing of a warning was sometimes treated journey, they should take reasonable steps by firms as a strict liability regardless of how to provide their customers with effective effective the warning was or whether the warnings, which should include appropriate customer had a reasonable ground for not actions for those customers to take to acting on the warning. It also found that protect themselves from APP scams’. This is warnings themselves varied in the extent supported by further provisions setting out to which they engaged customer attention more detail of what is expected by firms. and in their level of specificity and were typically not available on all channels. The issue of effective warnings is important for both firms and customers as a firm While the LSB expects to make the may choose not to reimburse a customer effectiveness of warnings the subject of where the customer has ignored a warning a separate thematic review in 2020/21, given in compliance with SF1(2). it is important to understand the extent to which effective warnings are supporting the objectives of the Code.

Question 18: Are the expectations of the sending and receiving firms, so far as they relate to effective warnings, clear? If not, what further clarity should be provided?

Question 19: Are the warnings that are being issued by firms effective in protecting customers from the impact of APP scams? Where possible, please provide supporting evidence.

12 the warningisignoredbycustomer. name ofarecipientdoesnotmatchand firm issuesaneffectivewarningwherethe choose nottoreimburseacustomerif responsibility oncustomersasafirmmay details. Indoingthis,CoPalsoplacesa the recipientdoesnotmatchaccount payments toanaccountwherethenameof to customersabouttherisksofsending process andbygivingeffectivewarnings by introducingafurthercheckinthepayment CoP willaddresscertaintypesofAPPfraud given bycustomerstoroutethepayment. only onthesortcodeandaccountnumber a paymenttonewaccount.Firmsrelied on theaccountwhenacustomersetup of CoP,firmswereunabletocheckthename being misdirected.Priortotheintroduction checking service’thatcanhelpavoidpayments recipient. Itis,inessence,an‘accountname sending theirpaymentstotheintended systems greaterassurancethattheyare CoP isawayofgivingend-userspayment (CoP) willbecomeeffective,seeSF1(3). when theprovisiononConfirmationofPayee The Codeincludesaholdingpositionfor 4.3 CONFIRMATIONOFPAYEE Question 22: Question 21: Question 20: to CoP? developments thathavetakenplace,orareexpected, inrelation Are anychangestotheCodenecessarytakeaccountof become effectivewithintheCode? Do youhaveaviewonwhentheSF1(3),provisionCoP,should scams forcustomers? Do youhaveanyviewsonwhetherCoPwillimprovethepreventionof up toboththeCRMCodeand/orCoP. and thattherearefirmsmaywanttosign are notcapturedbythePSR’sdirection of thefactthattherearesomefirmswho any changesareneededtotakeaccount become effectiveintheCodeandwhether understand thedatefromwhichSF1(3)should In thisconsultation,theLSBisseekingto to expandthecoverageofCoPotherfirms. introduced CoP,furtherworkisalsoexpected groups directedbythePSRhavevoluntarily While somefirmsbeyondthesixbanking means theydonotmeettheoriginaldeadline. appropriate stepstorolloutCoPevenifit 2020 andsettingoutthatbanksmusttake delays totheintroductionofCoPuntil30June postponing anyformalactioninrespectof Covid-19 pandemic,thePSRissuedanupdate 31 March2020.However,inthelightof of banktransfers,tofullyimplementCoPby largest bankinggroups,coveringaround90% The PSRissuedadirectionfortheUK’ssix 13 Review of the Contingent Reimbursement Model Code for Authorised Push Payment Scams 2020 5. RESOLVING CLAIMS

5.1 THE PROCESS OF RESOLVING CLAIMS A key objective of the Code is to increase In addition to this, the review found that the proportion of customers protected while the presumption in the Code is that from the impact of APP scams, this victims should be reimbursed unless there includes through reimbursement. is a clear ground for attributing blame to the customer, this was sometimes reversed The Code sets out in R1 that, subject to so that the customer was held liable in certain conditions, when a customer has been many cases where the bank was not. the victim of an APP scam, a firm should reimburse the customer. The Code also sets In undertaking this review, the LSB also out the conditions that would allow a firm not found that documentation of the rationale to reimburse a customer and the expectations for the decision to decline reimbursement of firms in relation to claims from customers varied across firms and in some cases was who might be vulnerable, in relation to the non-existent. Customers themselves were claims timeline, and in relation to complaints. often not told how a decision had been taken to deny reimbursement and were The summary report of the LSB’s thematic often given no opportunity to address the review published in April 2020 found grounds on which the firm was holding that judgements about reimbursement them liable for the success of the scam. were not always made in the light of the full circumstances of the case or a In addition to setting out the process for judgement of what consumers may have resolving claims, the Code sets out that believed at the time, but were often driven there is a general expectation on firms, see by narrower process considerations. GF(3), to have processes and procedures in place to help with customer aftercare whether or not a customer is reimbursed.

Question 23: To what extent do you agree or disagree that the approach to reimbursing customers is sufficiently clear?

Question 24: Have there been challenges in meeting the timeframes for reimbursing customers?

Question 25: Are there any changes to the Code that could be made that would improve the process of reimbursing customers?

Question 26: Are the current provisions of the Code, regarding the expectations of firms in relation to customer aftercare, clear and appropriate?

14 for repaymenthasyettobeagreed. the casethatalonger-termmechanism of thisconsultationdocument,itremains fraud controls.Atthepointofpublication incentives onindividualfirmstoinvestin for someparticipantsanddampenthe subsidies whichcouldseeincreasedcost concerns thatthelevywouldleadtocross- make avoluntaryinitiativemandatory,and that usingPay.UKruleswouldeffectively lack ofconsensusamongfirms,aconcern This decisionwas,insummary,dueto;a November 2019nottoadopttheproposal. with stakeholdersandmadethedecisionin fund theno-blamefund.Pay.UKconsulted UK tointroducealevyonfasterpayments steering group.TheproposalwasforPay. UK FinancewiththesupportofAPP forward toPay.UKasa‘changerequest’by A proposalforalong-termsolutionwasput repaid fromalong-termfundingmechanism. assigned totheno-blamefundwouldbe It wasintendedthattheinitialsumofmoney continues toagreealong-termsolution. in placeuntiltheendof2020whilework scenarios. Thesearrangementsarecurrently fund reimbursementsintheseno-blame seven oftheoriginalsignatorybanksto an interimno-blamefundwassetupby When theCodelaunchedon28May2019 to theno-blamefundrecoupcost. administered thereimbursementcanapply the Code,customer’sfirmwhohas has breachedtherelevantprovisionsin firm involvedintherelevantpaymentjourney where acustomerisreimbursedandneither customers. CurrentlyALL2(3)setsoutthat the costofreimbursementsissuedto The Codesetsouthowfirmsshouldcover 5.2  FUNDING THEREIMBURSEMENTOFCUSTOMERS of customersinno-blamescenarios. mechanisms forfundingthereimbursement could accommodateotherlonger-term we recognisethatchangestotheCode deciding thefutureofno-blamefund, While theLSBhasnoformalrolein • • • blame scenarios,whichinclude: funding ofreimbursementsinno- being discussedforthefuture In summary,therearethreeoptions no-blame casesthroughself-funding. term commitmenttomeetingthecostsof These optionsincludedfirmsmakingalong- reimbursements inno-blamescenarios. options regardingthefuturefundingof During thismeeting,thePSRsetoutsome progress beingmadeonAPPscams. stakeholders inMarch2020todiscuss The PSRheldameetingwithkey considered aspartofthisreview. means thatthefutureoffundmust of customersinano-blamescenario the meansoffundingreimbursement the inclusionoffundinCodeas cases sitsoutsidetheLSB’sremit.However, The fundingmechanismforno-blame be similartotheDirectDebitguarantee. fallen victimtoanAPPscam,whichwould reimbursements ofcustomerswhohave Payments Schemethatrequires introducing anewruleintotheFaster bank, orbearthecostthemselves; reimbursement fromthereceiving coup apercentageofthecost PSP whowilltheneitherseektore- reimbursed asrequiredbytheirsending self-funding, sothateachcustomeris and potentiallyothersectors(e.g.telecoms); contributions fromsignatoriestotheCode maintaining acentralno-blamefund,with 15 Review of the Contingent Reimbursement Model Code for Authorised Push Payment Scams 2020 Question 27: Are the current principles for covering the cost of reimbursing customers appropriate, including in a scenario where both the sending and receiving firm have met their obligations under the Code?

Question 28: Should the Code continue to reference the no-blame fund as the means by which firms should recoup the cost of reimbursing a customer in a no-blame scenario?

Question 29: Should the Code be amended to accommodate other options for funding the reimbursement of customers in a no blame scenario? If so, what options should be accommodated?

16 be consideredinthereviewofCRMCode. Responses submittedafterthisdatemaynot feedback by5pmon30September2020. raised inthisconsultationandanyrelated We wouldwelcomeresponsestothequestions that fallwithinthescopeofreview. the Codeandtosupportingdocuments review maybeusedtoinformrevisions the workundertakenaspartofwider The responsestotheconsultationand Code orthesupportingdocuments. provide suggestionsforchangestothe Respondents arealsowelcometo can onlybedoneonaconfidentialbasis. response tothisconsultation,evenif any insighttheycanthatsupportstheir We wouldencouragerespondentstoshare of theCodeorsupportingdocuments. encouraged inrespectofanytheelements and representationsfromrespondentsare consultation, furthercomment,discussion have setoutarangeofquestionsinthis the Annextothisdocument.Whilewe The fulllistofquestionscanbefoundin want torespondthisconsultation. LSB’s reviewoftheCRMCodeandmay more generallywillhaveaninterestinthe consumer representativesandtheindustry Current Codesignatories,otherfirms, 6.1 HOWTORESPOND 6. NEXTSTEPS be publishedonthewebsite. non-confidential versionwhichcan If possible,pleasealsoprovidea information whensubmittingtheresponse. contains confidentialorcommerciallysensitive clearly andindicatethattheresponse this isthecase,pleasemarkinformation commercially sensitiveinformation.Where the LSBwebsitebecauseitisconfidentialor you considershouldnotbepublishedon information containedinyourresponsewhich we arehappyforrespondentstomarkany To ensurewegetthemostfromresponses sections ofourwebsite. responses submittedontherelevant The LSBintendstopublish 6.2  EC1M 4DZ 74-76 StJohnStreet Abbey House 5th Floor Lending StandardsBoard CRM Codereview respond viapostresponsescanbesentto: electronically, howevershouldyoupreferto encourage allresponsestobesubmitted In thecurrentenvironmentwewould [email protected] any supportinginformationto Please sendyourresponsesand CONSULTATION RESPONSES PUBLICATION OF 17 Review of the Contingent Reimbursement Model Code for Authorised Push Payment Scams 2020 ANNEX 1: FULL LIST OF CONSULTATION QUESTIONS IMPLEMENTATION

Question 1:  To what extent do you agree or disagree that the current version of the Code is clear about its purpose and scope?

Question 2:  If you are a firm that has signed up to the Code:

a) Are there areas of the Code which are not working effectively in ensuring the objectives of the Code are met? If so, could you please set them out and, where possible, provide examples of why this is the case. b) Are there areas of the Code which have been particularly effective in ensuring the objectives of the Code are met? If so, could you please set them out and, where possible, provide examples of why this is the case.

Question 3:  Given the objectives of the Code, to what extent do you agree or disagree that the Code has effectively encouraged both sending and receiving firms, where they are signatories to the Code:

a) To improve their ability to prevent fraud? b) To put in place better customer protection measures against APP scams? c) To provide reimbursements to customers in a timely manner? d) To introduce measures in such a way that there is minimal disruption to legitimate payment journeys? e) To repatriate funds that are found to be proceeds of an APP scam?

Question 4: Has the Practitioners Guide been useful in supporting firms to meet the requirements of the Code?

Question 5: Has the Information for Customers document been useful for firms looking to provide information or support to customers?

Question 6: To what extent do you agree or disagree that the CRM Code has been successfully implemented by signatories?

Question 7: What changes to the Code, or alternative options, should be considered to ensure that the protections offered by the Code can be applied to as broad a range of firms as possible?

Question 8: If you are a firm that has not signed up to the Code:

a) What is it that has prevented you from signing up to the Code? b) What changes would need to be made for you to consider signing up to the Code?

18 Question 19: Question 18: Question 17: PREVENTION MEASURES Question 16: Question 15: Question 14: Question 13: Question 12: Question 11: Question 10: Question 9: CUSTOMER EXPERIENCE supporting evidence. customers fromtheimpactofAPPscams?Wherepossible, pleaseprovide Are thewarningsthatarebeingissuedbyfirmseffective inprotecting to effectivewarnings,clear?Ifnot,whatfurtherclarity should beprovided? Are theexpectationsofsendingandreceivingfirms, sofarastheyrelate please providesupportingevidence. such ascam,effectiveinachievingtheobjectivesof Code? Wherepossible, of APPscamsandactionstheycouldtaketoreduce the risk offallingvictimto Are thestepsfirmsaretakingtoimprovecustomers’understanding,ofrisks protections forcustomerswhomightbevulnerabletoAPP scams? Are thereadditionalprotectionsthatshouldbebuiltintotheCodetoimprove vulnerable toAPPscamsappropriate? Is theapproachtakeninCoderegardingcustomers whomightbe experience ofAPPscams? does thishaveanimpactontheeffectivenessofCodeand thecustomer Are customerssufficientlyawareoftheprotectionsofferedbytheCode?Ifnot, APP scams? document hasbeenusefulforcustomerswhomayhave victimsof To whatextentdoyouagreeordisagreethattheInformationforCustomers has resultedinanimprovedcustomerexperienceforvictims ofAPPscams? To whatextentdoyouagreeordisagreethattheimplementationofCode making apayment?And,isthelevelofcareexpectedcustomers appropriate? Is theCodeclearaboutlevelofcareexpected fromacustomerwhen customers whoarenotatfaultreimbursed? extent doyouagreeordisagreethattheCodehasbeeneffective inensuring Where customersreporttheyhavebeenavictimofanAPPscam,towhat APP scams? effective inincreasingtheproportionofcustomersprotected fromexperiencing To whatextentdoyouagreeordisagreethattheCRMCodehasbeen 19 Review of the Contingent Reimbursement Model Code for Authorised Push Payment Scams 2020 Question 20: Do you have any views on whether CoP will improve the prevention of scams for customers?

Question 21: Do you have a view on when the SF1(3), the provision on CoP, should become effective within the Code?

Question 22: Are any changes to the Code necessary to take account of the developments that have taken place, or that are expected, in relation to CoP?

RESOLVING CLAIMS

Question 23: To what extent do you agree or disagree that the approach to reimbursing customers is sufficiently clear?

Question 24: Have there been challenges in meeting the timeframes for reimbursing customers?

Question 25: Are there any changes to the Code that could be made that would improve the process of reimbursing customers?

Question 26: Are the current provisions of the Code, regarding the expectations of firms in relation to customer aftercare, clear and appropriate?

Question 27: Are the current principles for covering the cost of reimbursing customers appropriate, including in a scenario where both the sending and receiving firm have met their obligations under the Code?

Question 28: Should the Code continue to reference the no-blame fund as the means by which firms should recoup the cost of reimbursing a customer in a no-blame scenario?

Question 29: Should the Code be amended to accommodate other options for funding the reimbursement of customers in a no blame scenario? If so, what options should be accommodated?

20 21 Review of the Contingent Reimbursement Model Code for Authorised Push Payment Scams 2020 Visit our website to a wealth of information about our work and how we support firms in driving fair outcomes for their customers.

www.lendingstandardsboard.org.uk 5th Floor, Abbey House 74-76 St John Street London EC1M 4DZ

Follow us:  @lendingstdbrd  The Lending Standards Board