Firms should strengthen anti-fraud systems and must treat victims of fraud better, review finds

The Financial Conduct Authority, FCA, has published the findings from a regulatory review of payment service providers as regards their strategies in relation to fraud risk management, particularly in connection with Authorized Push Payment (APP) fraud. Specifically, the FCA examined 12 firms, including account providers, banks, and payment firms, and reviewed their fraud strategies, detection systems, customer experiences, and fairness in dealing with fraud complaints. Despite some good practices, the FCA found various weaknesses, including the following:
– Many firms lacked a clear emphasis on delivering positive outcomes for consumers. While some had effective governance frameworks, others failed to demonstrate effective oversight by senior management over fraud and fraud-related issues.
– Management Information, that is data and information collected, processed, and presented in a way that helps management make informed decisions, and actions within firms predominantly centered around commercial risk rather than focusing on the impact on customers. The absence of relevant customer-centric measures impacted decision-making and hindered efforts to address risks like money mule activities.
– Some firms had poor fraud systems and controls in place which prevented them from effectively detecting, preventing, and managing fraud. The FCA particularly found room for improvement as regards fraud prevention and detection strategies, the use of risk-based automated warning messages, and the assessment of the effectiveness of fraud systems.
– Many firms need to enhance customer support for fraud victims, making it easier for customers to report fraud promptly. The FCA found issues with website information on fraud detection and prevention, inadequate resourcing for fraud and complaints teams, and delays in unfreezing accounts when fraud-related activities could not be found.
– Complaint handling in firms was also a matter of regulatory concern. Many firms had significant delays in response times to customer complaints, poor communication, and inadequately written final response letters to customers.
– Several firms exhibited shortcomings in their approach to managing risks associated with money mules, where individuals are used, knowingly or unknowingly, to transfer illegal money to third-party accounts.
—
To help firms improve their controls and comply with the requirements of the FCA, the Authority has also outlined its key expectations in this context, which are briefly summarized below:
Firms are expected to maintain robust governance, controls, and monitoring systems to detect, manage, and minimize losses from authorized push payment fraud or any other fraud. Moreover, treating customers fairly, especially those affected by fraud, necessitates clear communication channels for reporting fraud promptly, offering support to vulnerable customers, and ensuring transparent interactions with customers. Mitigating the risks associated with money mule accounts is crucial, as outlined in the communication on detecting and preventing money mules. Additionally, firms should take proactive measures, such as establishing frameworks to adhere to the Payment Systems Regulator’s new reimbursement requirements and preparing for the forthcoming expansion of „Confirmation of Payee“ as directed by the PSR.
Also, firms are expected to live up to the new Consumer Duty which requires firms to put customers‘ interest first. This entails reducing the frequency and duration of account freezing incidents through improved internal processes, the implementation of robust Know-Your-Customer controls, and enhanced transaction monitoring. Additionally, the FCA stresses the importance of clear and sensitive communication regarding account freezing, ensuring proper support for customers facing financial distress due to such actions. This emphasis also extends to providing appropriate support to customers feeling victimized and distressed, whereby firms are urged to handle complaints with fairness and the appropriate degree of sensitivity.