Fraud Protection & Compliance
The Contingent Reimbursement Model (CRM) is a UK payments industry initiative designed to reimburse victims of authorised push payment fraud (APP fraud). Over the past decade, there has been an ever increasing stream of APP fraud where social engineering techniques are used to trick people or representatives of businesses to send money from their bank accounts to a fraudster. UK Finance in their Fraud the Facts Report 2021 found that in the first half of 2021, a total of £355.3 million was lost to APP scams an increase of 71 percent compared to the same period in 2020.
This crime has been facilitated by the advent and popularity of UK Faster Payments; we all appreciate the ability to send money instantly – that includes fraudsters. Until May 2019, the liability for losses from these scams was generally set by the victim’s bank; with no uniform rules, the bank could decide to reimburse the customer or not. Frequently the customer was the one left with a hole in their finances. As the Which Super Complaint points out, with APP fraud UK consumers and businesses have been left unprotected, compared to other payment methods. Banks have given customers the ability to make real-time, irrevocable payments but have not given them protection if something goes wrong.
The Contingent Reimbursement Model was the banking industry’s response to the criticism they faced when people lost money to fraudsters without a consistent mechanism that could reimburse them. It is a voluntary code that most major UK banks have signed up to. Given the possibility of first-party fraud, including collusion between account holders and criminals, banks can still refuse to reimburse if there is evidence of negligence or fraud. It seems like a reasonable solution; those banks that sign up to it will avoid the lurid headlines about customers they have not supported, and victims don’t lose life-changing sums to fraudsters.
Why the Model Is Being Challenged
The furore over the Contingent Reimbursement Model has arisen because it’s felt that banks are still not doing enough to compensate victims. A cross-party Treasury Select committee has called on the UK Government to “push harder and act faster on the growing fraud epidemic” and it looks like the industry’s chance to get their house in order without the regulator becoming involved is fast diminishing. It’s felt that the contingent reimbursement model still leaves consumers unfairly exposed to the losses of scams, as banks frequently decide that customer negligence entirely or partially led to the scammer's success.
In September 2021 it was reported that three quarters of bank customers’ claims for reimbursement have not been met, with some banks finding the customer fully liable in over 90% of cases. When cases are then referred to the Financial Ombudsman Service (FOS), they have not agreed with the banks’ approach, in 2020 – 2021 they ruled in favour of the consumer in 73% of referred cases.
Whether the contingent reimbursement model continues in its current form or regulation is bought in to force the issue, it’s clear this problem isn’t just going to disappear. The move to more digital interactions created by the pandemic and the rise of new variations on APP fraud such as the CryptoRom, and WhatsApp ‘Hi Mum’ scams show just how inventive fraudsters can be. In February 2022 the potential for risk increased when the UK Faster Payment system quadrupled the limit for a one-off instant and irrevocable payment from £250,000 to £1million. While banks can set their own lower limits for a Faster Payment the system can now cope with kind of values expected in transactions such as house purchases. Many businesses and individuals will welcome the ability to send high value, instant payments that don’t incur the fees associated with CHAPS. Unfortunately, as is often the case increased convenience comes at the cost of higher potential risk.