.svg)
The FCA has issued two Dear CEO letters on Authorised Push Payment (APP) fraud reimbursement one for banks and building societies and the other for payment and e-money institutions. While both letters emphasise the importance of protecting consumers from APP fraud, the FCA tailors its expectations to account for the structural and operational differences between these sectors.
In this article, Vixio explores the nuances and key differences between these two letters, focusing specifically on the guidance for payment and e-money institutions. From expectations around capital and liquidity to fraud prevention and consumer protection, we’ll break down what the FCA requires from firms in this sector and what the expectations are for businesses. The payment and e-money sector is evolving rapidly, but with that growth comes increased regulatory scrutiny. Understanding how the FCA’s approach to APP fraud reimbursement differs between institutions and traditional banks is crucial to any payment and e-money institution looking to maintain compliance and protect customers.
The bigger picture
For banks and building societies, the FCA’s expectations around fraud prevention and APP reimbursement are rooted in the established infrastructure and resources of these institutions. It expects firms to have robust, well-integrated systems in place to prevent fraud and reimburse customers under the Contingent Reimbursement Model (CRM) Code.
For payment and e-money institutions, the FCA acknowledges the sector’s rapid growth and differing business models. However, the regulator’s message is clear: consumer outcomes cannot be compromised. While the CRM Code is not mandatory for this sector, the FCA strongly encourages alignment with these standards. The regulator expects proportionality in implementation, allowing firms to adapt their fraud prevention strategies based on their size and complexity, but without sacrificing consumer protection.
The FCA also emphasises the need for sufficient capital and liquidity in payment and e-money institutions to ensure that APP fraud liabilities can be met. Unlike banks, which have well-established capital buffers, firms in this sector must ensure they have adequate financial reserves to meet their obligations and protect consumers from the impact of fraud.
Why Should You Care?
For payment or e-money institutions, the FCA’s guidance is a clear call to action. The growth and innovation within this sector have drawn regulatory attention, and the FCA expects firms to step up in areas of fraud prevention, capital planning and operational resilience.
Failing to align with these expectations may put businesses at risk, particularly under the FCA’s Consumer Duty framework, which mandates that firms deliver good outcomes for customers. This includes not only offering innovative payment services but also ensuring that fraud prevention mechanisms are robust and customer protection is a central focus of operations. Under Consumer Duty, firms must prioritise consumer interests, including providing timely and fair reimbursement for APP fraud victims.
It is no longer enough to have cutting-edge payment solutions; the regulator expects payment and e-money institutions to ensure they have capital reserves to absorb APP fraud costs and operational systems that scale as the business grows. Fraud prevention and reimbursement processes must be effective and clear, with a focus on ensuring consumer trust.
What next?
To stay ahead of the FCA’s evolving expectations, payment and e-money institutions should consider the following steps:
- Enhance fraud detection and prevention systems: Regularly evaluate and improve fraud prevention frameworks to ensure they meet regulatory standards and can adapt to new types of fraud.
- Strengthen capital and liquidity planning: Review capital adequacy to ensure the business can absorb potential APP fraud liabilities without affecting overall operations. Develop a contingency plan that includes adequate liquidity buffers to meet reimbursement obligations swiftly.
- Focus on customer outcomes under Consumer Duty: Align business practices with the Consumer Duty principles by ensuring that fraud victims are reimbursed fairly and quickly. Evaluate customer communication processes and ensure that reimbursement policies are clearly explained and accessible, helping build consumer trust.
- Build operational resilience: Take a proactive approach to improving operational resilience by reviewing IT infrastructure, compliance frameworks, and staff training. Consider conducting regular stress tests on systems to ensure the business can manage periods of high fraud risk or operational disruption.
By implementing these steps, payment and e-money institutions can stay compliant with the FCA's guidance and build trust and resilience in an increasingly challenging regulatory environment.
