Financial Services and Markets Bill – in a Public Bill Committee at 2:00 pm on 1st November 2022.
Clause 62 enables and requires the Payment Systems Regulator to take action to improve the reimbursement of victims of authorised push payment scams, or APP scams as they are commonly known. APP scams occur when someone is tricked into sending their money to a fraudster. Almost 200,000 cases of these scams were recorded in 2021, with known losses to victims totalling £583 million. Sadly, fraudsters often target the most vulnerable people in our society.
Under the European regulatory system that we have inherited, there is no statutory or regulatory requirement for payment service providers to reimburse victims of these scams. We need to do better and we can do better for victims of fraud in the UK.
Although the creation of a voluntary industry reimbursement code has improved matters, reimbursement outcomes for victims have been inconsistent and only around half the money stolen is being reimbursed. As a result, many victims are left facing significant losses; in the worst cases, victims lose their life savings.
We recognise these issues and so clause 62 does two things. First, it removes legal barriers in retained EU law that currently prevent regulatory action by the PSR. That will finally enable the PSR to mandate reimbursement in any payment system under its supervision.
The PSR has the relevant expertise, powers and objectives to tackle this crucial issue. However, regulation 90 of the Payment Service Regulations 2017, which form part of retained EU law, prevents the PSR from using its powers to require reimbursement. Therefore, clause 62(11) amends regulation 90 of the 2017 regulations to remove the existing legislative barrier to regulatory action. That will enable the PSR to use its relevant powers in relation to APP scam reimbursement across any payment system designated for regulation by the PSR.
Secondly, clause 62 places a specific duty on the PSR to take action in relation to the faster payments service. This service is the main UK instant payment system and is currently the payment system within which the highest volume of APP fraud is committed. Therefore, action is needed in this regard as a priority.
Clause 62 places a duty on the PSR to consult on a draft of the regulatory requirement in relation to the faster payments service within two months of this legislation coming into force, and the PSR must impose the requirement within six months of the clause coming into force. In 2021, 97% of APP scams occurred across the faster payments service, because it is the UK’s main payment system for instant consumer-bank transfers. Therefore, by requiring the PSR to take action in relation to the faster payments service, the legislation will improve outcomes in the vast majority of APP scam cases.
As a result of the clause and subsequent regulatory action, consumers will be more consistently and comprehensively protected when they fall victim to an APP scam. This is a vital measure to ensure that customers are protected amid the growing threat posed by APP fraud.
I therefore recommend that the clause stand part of the Bill.
Labour fully supports clause 62, which enhances protection for victims of authorised push payment schemes, but we are deeply disappointed that the Bill does nothing to strengthen fraud prevention.
When asked about fraud in February, the former Chancellor, Kwasi Kwarteng, claimed that fraud and scams are not something that
“people experience in their daily lives”,
which is tone-deaf. Essentially, he dismissed crime as inconsequential. In the real world, countless lives have been destroyed by fraud and scams, and I am sure the Minister will have examples from constituents in his inbox. There is a new Chancellor now, but the lack of ambition in this Bill on fraud shows that the Government’s approach to fraud remains the same. We will debate my new clause 6 on broader strategies for tackling fraud later, but I want to focus on the inadequacies of the provisions in clause 62.
UK Finance has estimated that the amount of money stolen directly from the bank accounts of hard-working families and businesses through fraud and scams has hit a record high of £1.3 billion. That is bad at the best of times, but it is even worse in the midst of a deepening cost of living crisis. That is because the Government have failed to get to grips with new types of fraud, such as identity theft and online scams, which have seen people’s life savings stolen and their economic security put at risk. I ask the Minister to explain why his Government continue to fail to take fraud seriously and continue to push responsibility on to just the banks. For example, the Bill ignores the fact that digitally savvy criminals are increasingly exploiting a range of financial institutions, such as payment system operators, electric money institutions and crypto asset firms, to scam the public.
In its written evidence to the Committee, Santander UK stated:
“Bringing crypto-exchanges into the scope of the Payment Systems Regulator’s powers to mandate reimbursement for APP fraud would be consistent with the principle of ‘same risk, same regulation’ and would introduce important new protections for consumers in area where risk of fraud is significant.”
I ask the Minister to explain why clause 62 completely ignores the emerging fraud and scam risk that EMIs and crypto asset firms pose to the public. What is his response to Santander’s evidence? Barclays similarly asked for clause 62 to be amended to expand the reimbursement protections beyond faster payments scheme payments to cover payments made over other relevant payment schemes or systems. Will the Minister explain why the Bill provides only for the reimbursement of fraud victims who send money using the faster payments system and why other payment systems have not been included in the scope of the Bill?
In reading the written evidence, there was an interesting cautionary tale from Mobile UK about how the banks introduced two-factor authentication through SMS without speaking to it. It found that fraudsters had worked out that they could get a one-time code by having a duplicate SIM card and intercepting the code sent from the bank, which immediately made me slightly worried about using two-factor authentication text message schemes. Mobile UK was able to find a way around that, but it highlights the need to involve as many stakeholders as possible when looking at fraud.
Mobile UK’s evidence was damning. Its conclusion stated:
“The mobile sector is committed to fighting fraud; the banking sector is clearly also committed, but, from the fraudsters point of view, this is a very low risk crime, as the chances of being pursued are very slim. This has to change.”
I recognise that some of these points are outside the scope of the Bill, as they would involve policing, investment and national crime agencies, but there are lots more things that could be done in the Bill to deal with fraud.
In its written evidence, Barclays said it welcomed that all payments made over FPS are covered by the new protection, but that it
“would note there are other relevant commonly used payment schemes and systems that should benefit from the same protection—for example, the CHAPs payment scheme, and ‘on us’ payments… The Bill should therefore be amended to give the PSR power to require participants in other payment schemes to reimburse scam victims.”
That seems to be incredibly sensible advice from Barclays.
It was echoed in the evidence given by Which?:
“to avoid gaps in protections the PSR should also be required to work with other regulators to introduce reimbursement requirements, including for payments made between accounts held with the same bank or payment provider (which are regulated by the FCA) and for the CHAPs payment system used for high-value transactions”.
That is exactly the same as what Barclays said.
There seems to be a lot of consensus among consumer representative groups such as Which? and in the banking sector about broadening out the provisions, looking at other ways in which fraudsters are working, and dealing with the issues raised by Mobile UK. At the moment, the people who are committing these frauds seem to be getting away with it.
I will be brief. We all join hands in taking any action that we can against fraudsters. It is a terrible crime, and one that is on the rise, and the Government will do everything in our power to take action.
I say to the hon. Member for Hampstead and Kilburn that I will take no lessons from the Opposition on fraud. The impediment to cracking down on this issue lies solely within EU law. It is this Government that have withdrawn from the European Union—a policy that her party now belatedly supports, but did not for many years. It is only by bringing forward this legislation and withdrawing from the European Union that we are able to put in place clause 62.
I will happily give way to my colleague, who I think, unlike the Opposition, still wants to be part of the European Union.
Definitely. Is the Minister therefore saying that the European Union was promoting fraud within the financial framework of the United Kingdom of Great Britain and Northern Ireland? Is that what he just said?
I wish the hon. Gentleman was attentive to what I was saying. That was not what I said; I did not use the word “promote” in any way. I said it was an impediment. Clause 62 addresses the fact that under retained EU law, it is not possible to take the action that we wish to take on push payment fraud. That is a fact, and that is why we came forward with the Bill. There are many other things the Government are doing outwith the Bill to tackle fraud, and I will happily sit down and talk with anybody—and meet with any party—who has practical suggestions to tackle fraud.
The Minister is reasonably new to his post, but will he look at the Treasury Committee’s report on fraud, which contains a great deal of very practical things the Government could do to crack down on what is a growing problem? Everybody recognises that the anti-fraud authorities—the people who are trying to fight this—are very fragmented, there is no co-ordination across the piece and there is very little enforcement of the laws that are already there. That is why fraud is a growing problem—the rewards are so fantastic and the risks that fraudsters take are so miniscule that no fraudster is ever put off by the thought that they might get caught.
UK Finance found that fraud has hit a new high under this Government. Is the Minister going to blame the EU, once again, for that record high? Would he like me to send him the UK Finance report?
I am sorely tempted, but I will resist the urge to rise to that.
If my officials can find the report to which the hon. Member for Wallasey refers, I will look at it, and outwith the Bill, I will ensure that our efforts are equal to the task. I accept that fraud is rising, and in particular that this level of fraud is rising. That is facilitated by both online technology—there are other measures outwith the Bill to tackle and police the unregulated online world—and, as we heard earlier, the shift from cash, which suffered from its own forms of fraud and theft, into a more digital world.
Will the Minister refer to the specific examples that Barclays and Which? raised around CHAPS payment and other payments? If he is unable to give a full response today, I hope that he will consider before Report whether we could extend some of the provisions in the clause to cover the specifics that Barclays and Which? raised.
I can confirm to the Committee that, because the measure relates to all payment systems that fall within the remit of the Payment Systems Regulator, the measure is not confined solely to fast payment. Fast payment makes up about 97% of reported fraud—those are UK Finance figures—so of course it makes sense for it to be the first in our sights, but the clause will follow fraud and payment systems as they evolve. That is its whole purpose. It is not confined simply to the faster payment system. If that is the understanding that Barclays and Which? have, we should correct it, because any of the PSR-designated platforms are in scope.
The Bill provides for the reimbursement of fraud victims who send money using the faster payment system. Is the Minister saying that other payment systems are included in the scope of the Bill?
Yes. If that is not correct, I will write to members of the Committee, but my understanding is that all the measures that we have been talking about cover the scope of the Payment Systems Regulator.