Fraud Round Up October 2024: Actions for Firms 

In September, regulators issued important updates on combatting Authorised Push Payment (APP) fraud. These updates are timely considering fraud related complaints to the Financial Ombudsman Service reaching their highest levels and the introduction of the APP reimbursement requirement on 7th October 2024.  

In summary, the Financial Conduct Authority (FCA) released a speech highlighting “collaboration and collective effort” across the private and public sector as key to combatting fraud. Whilst the speech was not solely intended to provide actions to financial services firms, this did highlight the expectations the FCA has regarding proactively identifying fraud risks. It also gave insight into the FCA’s use of other regulators and government bodies to identify the firms vulnerable to fraud risks in the market. In our experience, we have seen the FCA use the data as the trigger for s.166 reviews.  Finally, the PSR has released guidance to support payment firms differentiate between genuine fraud and civil disputes, which the PSR expect firms to implement within claims, reimbursement and information sharing processes.  

In light of the direction of travel, below are key actions firms should take to strengthen their fraud prevention frameworks. 

1. Quality Data for Fraud Prevention 

The FCA and PSR are becoming more data focused which is used as a trigger to visit firms and, in some cases, take action. We know the data has been used to visit firms that show a disproportionate volume and value of transactions where customers had made a complaint to the sending firm concerning APP fraud. 

Ensure data accuracy: Firms should maintain detailed records of fraud incidents, including; transaction types, volumes, values and affected customers. The PSR has previously published Faster Payments data showing the payment and electronic money institutions which receive the highest volumes and values of payments related to APP fraud – so it is important to ensure this data is accurate. 

Prepare for regulatory scrutiny: If your firm’s fraud claim data submitted to the regulator shows a disproportionate amount of transactions are resulting in fraud claims, take immediate steps to investigate and address potential control issues, as this may trigger regulatory visits or enforcement actions down the line. 

2. Embrace Innovation and Proactive Risk Identification 

The regulator is aware that fraud threats are growing, for example the use of AI for deepfake scams. It’s important to show you are proactively identifying fraud risks and are willing to use innovative measures to get ahead of fraudsters. 

Proactively assess risks: Use risk assessments not just as a retrospective tool, but to predict where fraud is likely to occur, focusing on customer groups and control vulnerabilities where susceptible to fraud typologies. 

Identify and address vulnerabilities: Monitor and analyse your fraud claims data. Consider what the data is telling you and assess it against the typologies your firm is vulnerable to. Consider whether you have the controls in place to identify likely fraudsters at onboarding and through the lifecycle of the relationship.   

Use AI and predictive analytics: Use AI to analyse data within fraud claims and risk assessments to predict emerging fraud typologies to mitigate risks early. 

Stop illicit fund flows: Consider methods to stop fraudulent funds leaving your firm, such as requiring biometric verification when sending a payment or implementing real time transaction monitoring. 

3. Differentiate APP Scams from Civil Disputes 

The PSR guidance on the APP fraud reimbursement requirement outlines several factors for assessing whether a claim should be considered an APP scam or civil dispute. If the firm determines the claim is a civil dispute, there is no requirement to reimburse customers. 

Review policies and procedures: Implement the requirement to determine APP scams from civil disputes within your policies. Document the processes that enable your fraud claims team to determine whether there has been genuine fraud or a civil dispute.    

Clarify roles and responsibilities: Assign clear roles for determining whether a claim is an APP scam or a civil dispute, with defined escalation points and whether management approval is required for larger claims. 

Staff awareness: Communicate the changes that are made to policies and procedures in light of the PSR guidance. Follow up the communications with mandatory training to your fraud claims team, equipping them with the knowledge to assess fraud claims in line the factors proposed by the PSR. 

Final Thoughts 

The FCA are clear, to fight against fraud, firms need to understand what their data is saying regarding fraud exposure and proactively enhance controls to mitigate that risk. The PSR guidance also shows the regulator is determined to ensure firms do more to protect their customers and set industry standards for fraud prevention.  Whilst the prevention of fraud is a collaborative effort across the public and private sectors, the above actions for firms show there is more that can be done to demonstrate that they are getting on the front foot against fraud.   

Get in touch with Ade@avyse.co.uk if you’d like to understand how we can support you in the enhancements of your fraud prevention framework.