Fraud: What Is the Contingent Reimbursement Model?

The Contingent Reimbursement Model (CRM) is a UK payments industry initiative designed to reimburse victims of authorised push payment fraud (APP fraud). Over the past decade, there has been an ever increasing stream of APP fraud where social engineering techniques are used to trick people or representatives of businesses to send money from their bank accounts to a fraudster. UK Finance in their Fraud the Facts Report 2022 found that in 2022 £485.2 million was lost to APP scams.

This crime has been facilitated by the advent and popularity of UK Faster Payments; we all appreciate the ability to send money instantly – that includes fraudsters.  Until May 2019, the liability for losses from APP scams was generally set by the victim’s bank; with no uniform rules, customer reimbursement was at the banks discretion. Frequently the customer was the one left with a hole in their finances following a scam. As the Which Super Complaint pointed out. With APP fraud UK consumers and businesses have been left unprotected, compared to other payment methods. Banks have given customers the ability to make real-time, irrevocable payments but have frequently not given them protection in case of a scam.

The Contingent Reimbursement Model was the banking industry’s response to the criticism they faced when people lost money to fraudsters without a consistent mechanism for reimbursement. To date it is a voluntary code that covers most major UK banks but not the smaller financial institutions. Banks can still refuse reimbursement — this was intended to protect the banks if there was evidence of first-party fraud or if the customer had exhibited gross negligence.

Why Is the CRM Changing?

In 2022 only 66% of those cases of APP fraud that fell within the remit of CRM were reimbursed. Reimbursement has been patchy across financial institutions, with some banks refunding almost all victims while others have paid out much less frequently.

While the CRM as a voluntary code has clearly helped, a more formal and consistent approach was needed and at the direction of the Treasury the  UK’s Payments System Regulator has stepped in. While the new regulations will become mandatory in 2024 an exact date has not yet been set.

What will the main changes be?

• More financial institutions will be in scope – meaning that they will also have to repay customers that have fallen victim to a scam.
• Payment firms will have to reimburse all in-scope customers who fall victim to APP fraud in most cases. There is a provision to not reimburse in cases of gross negligence or fraud, but the definition of gross negligence is unclear.
• Both the victim’s payer bank and the fraudster or money mule’s payee bank will be jointly liable for reimbursement, paying 50% each. This differs significantly from the voluntary code, where only the payer’s bank was considered liable.

There are notable limitations to the scope of the new CRM. The new code only covers consumers and very small businesses. In 2022 approximately £77m was lost by businesses to scams such as CEO fraud and fake invoice fraud – the new regulation will not protect them. The scope of the CRM is for payments made using UK Faster Payments, payments made through payment schemes such as CHAPs are out of scope.

Will the New CRM Stop Scams and APP Fraud?

The CRM is primarily focused on ensuring good outcomes for fraud victims; it doesn’t directly prevent APP fraud. However, the increased pressure to reimburse  and the liability shift pushes financial institutions to take steps to detect and prevent scams.

The CRM is by no means the only step that is being taken to prevent APP fraud. Other measures such as the expansion of the confirmation of payee service and improved data sharing for fraud prevention are also being implemented.

How Can FICO Help?

FICO helps financial institutions to detect and prevent APP fraud in several ways:

• An award-winning scam detection score that uses AI and machine learning to detect a scam is being attempted.
• Scams Signal Detection Service - telco data about mobile phone behavior is used by FICO Platform to produce a score on the likelihood a scam is in progress.
• Customer communications – FICO Platform’s multi-channel, two-way communications capabilities enable highly tailored yet automated communication strategies. This helps customers recognize the risks particular to the transaction they are making and so breaks the spell of the fraudster.

Learn More About How FICO Helps You Stop More Fraud

• Read the FICO Global Fraud Report 2023
• Visit the FICO.Com Protect and Comply Web Pages
• Read the 2023 Scams Impact Survey Whitepaper

Note: This is an update of a post originally published in February 2022.