Following the 2023 Supreme Court case of Philipp v Barclays Bank UK PLC [2023] UKSC 25, the scope of the duty of care owed by a bank to its customer to protect against fraud was narrowed, thus reducing the liability a bank could face when a customer fell victim to an APP scam.
In the Philipp case, (which we discussed in more detail in a previous article) Lord Leggatt (giving the leading judgment) notably said:
"Whether victims of such frauds should be left to bear the loss themselves or whether losses should be redistributed by requiring banks which have made or received the payments on behalf of customers to reimburse victims of such crimes is a question of social policy for regulators, government and ultimately for Parliament to consider … it is not a question for the courts. It is not the role of the courts to formulate such policy"
Indeed it is a question that social policy has now considered.
As part of the government's fraud strategy, published in May 2023 and which sought to adopt a risk-based approach to payments, the government has recently published a draft statutory instrument implementing new policy surrounding APP fraud. Described in the associated policy note as "a near-final version of this statutory instrument", the draft Payment Services (Amendment) Regulations 2024 ("PSAR") allows payment service providers to delay executing a customer's payment instructions for a period of up to four business days where there are reasonable suspicions of fraud or dishonesty. The proposed changes to the existing Payment Services Regulations 2017 allow payment service providers time to contact the customer or law enforcement to make further enquiries before making the payment and do require customers to be informed of any delay and the reasons behind their decision (unless unlawful to do so, e.g. where money laundering or other unlawful activity is suspected).
The PSARs will only apply to sterling authorised push payments executed within the UK and businesses will also have the option to opt out of these provisions (should, for example, time critical outgoing payments be a key feature of a business). As payment delays under the PSARs could result in additional costs to the customer, the draft amendment regulations also make payment service providers liable for any interest or charges incurred as a result of such delay.
Current timeframes suggest that the draft Payment Services (Amendment) Regulations 2024 will go before Parliament in Summer 2024 with an indicative implementation date of 7 October 2024 (to coincide with the date on which new rules under s.72 FMSA 2023 take effect which sees the introduction of mandatory reimbursement by payment service providers in circumstances where a payment is executed over the Faster Payments Scheme and is procured by fraud).
Whilst the PSARs will be welcomed by many as a proactive step to help reduce the ever increasing number of APP frauds, it is still up for debate the extent to which banks will make use of this discretionary delay, particularly as banks will have the increased burden of record keeping / reporting and can also become liable for a customer's resulting costs. It also potentially reopens the door for claims against banks for breach of duty in circumstances where a delay could have been imposed and could have prevented a successful APP fraud, but a bank failed to do so.
There will also be a question for corporate entities around whether to opt out or not, which will require a careful consideration of risk balanced against the necessity of urgent transactions and the potential damage which could be caused by a delay.