On November 1st, in a report from the UK Treasury Committee it says that the Contingent Reimbursement Model, currently a voluntary code in the UK, is a welcome step by banks which should now be made compulsory and applied retrospectively. The advice offered in relation to retrospective reimbursements is that it should go as far back as 2016.
The Contingent Reimbursement Model (CRM) was devised to set an industry code for reimbursing victims of authorised push payment (APP) scams. It was established through a steering committee made up of consumer groups and many financial institutions to develop better protection for customers.
Current guidelines for PSP performance under the CRM stipulate that it will be measured by three core standards covering detection, prevention and response. And if they fail to meet these standards, they may be liable for the costs of reimbursement to customers who have been the victim of an APP scam.
It’s worth restating that currently the CRM is a voluntary industry code and not all UK financial institutions have signed up to this yet. The code came into effect on May 28th 2019, and the 8 PSP’s (Barclays, HSBC, Lloyds, Metro Bank, Nationwide, RBS, Santander, Starling) that have signed up cover 85% of APP payments.
There are 3 key takeaways UK banks should consider if CRM becomes obligatory:
Mandating the Contingent Reimbursement Model
Making the code compulsory for UK banks will not only offer better protection against APP scams, it will also bring the issue to light in the wider public domain. And at the same time provide an opportunity to educate customers on how to protect themselves. A key requirement is for both remitting and receiving banks to carry out adequate behavioural profiling on payments to stop the fraudulent payments at each end of the payment chain. Inbound payment profiling within the fraud space is certainly an area of focus for all banks, as traditionally the focus was around outbound payments.
Backdating reimbursements to 2016!
Part of the Treasury Committee’s recommendations is a call for APP cases, dating as far back as 2016, to be refunded. As all banks have independent policies around refunding scam cases this will be something each bank will have to assess. It is fair to assume there will be much more debate around the financial impact of backdating any refunds.
Delaying Faster Payments
The suggestion to delay all first-time Faster Payments by 24hrs seems to be highlighted to provide a window of opportunity that allows customers a chance at spotting they’ve been defrauded. This will significantly impact all customers, whether individuals or businesses, that utilise faster payments as part of their day-to-day banking.
With all the above in mind, how do you ensure you are fit to comply in the event that the CRM does become mandated?
Start by looking at your current processes for profiling transactional behaviour. Is this currently happening in real time? Do you still have too many false positives being flagged? How are you able to spot suspected inbound and outbound APP payments? And how can you ensure that you provide the best in class customer experiences?
To offer the appropriate protection your customers and business expects, the sensible approach is to put in place the right controls, processes and technology to ensure the appropriate measures are in place to identify scam payments, and therefore preventing them in real time.
At Featurespace we have designed the ARIC™ Risk Hub to give banks best of breed technology to minimise risks from fraudulent activity. The Adaptive Behavioural Analytics & Biometrics within ARIC are applied to detect when a customer may be at risk of being scammed. Right now, some of the world’s largest banks, payment processors, merchant acquirers, insurance companies and gaming organisations are already using ARIC as a core part of their strategies to minimise risk.
Safeguarding your customers, and the business, against these scams are vitally important to illustrate your commitment to protect everyone’s peace of mind when doing businesses with you.