The Contingent Reimbursement Model Code for APP Fraud

Providing certainty to customers and payment service providers?

On 28 May 2019, the Contingent Reimbursement Model Code (the Code) for Authorised Push Payment (APP) fraud will become effective.

When the Code goes live, alongside the Practitioners Guide (due to be published by the Lending Standards Board shortly), it will provide a new landscape for payment services providers (PSPs) in their dealing with customers who are victims of APP fraud. The Code is intended benefit those "payers" (defined under Regulation 2(1) of the Payment Services Regulations 2017) who are either consumers, micro-enterprises or (some) charities.

The biggest effect of the Code is likely to be more refunds for victims of APP fraud.

The Code sets a high expectation for refunds and a universal mechanism for all customers who are not “to blame”. The codification of a process that has been variable between PSPs will bring welcome clarity to a formerly opaque approach across different PSPs.

Further, the Code provides for:

• An expectation that PSPs should even refund in some circumstances where the customer was “to blame”;
• Innovatively, a “no blame” fund, from which PSPs can seek refunds for reimbursing customers where the PSP has not breached the Code standards. This has been (initially) funded by the Code participants and recognises that APP fraud is an industry-wide issue; and
• Inter-PSP mechanisms offering a new forum for allocating the costs of refunding customers and for tackling disputes that arise between PSPs.

Whilst the Code is voluntary, the impact across the payments industry is likely to be significant - even for those not directly committing to the Code. Therefore, it is important for all stakeholders to be aware of the terms of the Code and the consequences for their business in order to prepare accordingly.

Indeed, if PSPs do not engage in careful preparation ahead of the Code coming into force and apply sensitive management of the matters when it does go live, the Code may struggle to meet its aims and simply be an expensive procedural step before complaints, claims and, ultimately, greater regulation arise.

The opportunity for PSPs who do commit to the Code include:

• Improved customer confidence flowing from a widely backed and supported scheme;
• Reduction in public and regulatory criticism which, in turn, may lessen the likelihood of future regulation, and
• A consistent and repeatable outcome for customers who have fallen victim to an APP scam, potentially including sharing the burden of cost across the Code participants via a “no blame” fund.

For those PSPs who choose not to sign up to the Code, they will not escape its impact.

They may become conspicuous by their absence and subject to public or regulatory criticism. Also, they may find themselves bound to what might become regarded as an industry "best practice" – pursuant to the FOS regime or otherwise. Further, they may become targets if fraudsters perceive them to have lower standards of fraud prevention compared to Code participants.