I am overwhelmingly in favour of tech firms being held more responsible for fraudulent activity as they are often the source – particularly social media platforms. The idea is a good one, but the structure and operational steps for managing this liability are where the challenges lie.
The Labour Party policy paper outlines some options, which need to be fleshed out further. I personally think the option of recouping funds from tech firms is a simpler one operationally, as gathering reimbursement from sending/receiving institutions as well as tech firms will be very complicated to implement. Some may argue that this still leaves financial services with heavy reimbursement upfront, however, the compelling measure here is that liability, even if later in the process, for tech firms will encourage them to reduce fraud at the source. This will reduce cases that financial services firms will need to reimburse upfront.
I also agree that there is a great opportunity with the Failure to Prevent Fraud offence in the Economic Crime and Corporate Transparency Act. In its current form (i.e. using the existing Failure to Prevent Bribery offence as its measure), the financial services industry is concerned that it will have minimal impact. Expanding this to clearly include the failure to prevent fraud on tech platforms, as well as ensuring cases are actually brought forward, could have a positive impact on reducing fraud that originates on tech platforms.
If tech firms were liable, at least in part, for reimbursing victims of fraud it would encourage collaboration and data sharing across sectors to help bring fraud rates down. Multi-industry responsibility and collaboration would make authorised push payment (APP) fraud prevention much more effective – for example, if social media and telecom companies were encouraged to share suspicious behaviour related to a phone number or social media profile, they could be linked to bank accounts. This would make the identification and elimination of fraud networks far easier and faster.
We must consider the unintended consequences of any proposal or industry initiative to reduce fraud. Mandating that tech firms reimburse consumers still prioritises providing a safety net for consumers, not fraud prevention behaviours. It wouldn't encourage consumers to be more careful; instead, it says: ‘Don’t worry if this turns out to be fraud, you’ll get the money back if so.’
Customers must be vigilant; they do have responsibility when it comes to making their own payments. Financial and payment institutions have implemented several customer awareness measures, from sharing information on recent scams to adding warning pop-ups into transaction journeys. Consumers, however, are becoming increasingly desensitised to these awareness campaigns and warning messages. This means that firms must continuously look for new ways to communicate information and capture attention that align with the ways consumers now consume content, such as short videos. Another method that would have more impact on consumer behaviour would be to tailor warning alerts to the risks of specific transactions, rather than the same generic message accompanying every bank transfer.
The primary unintended consequence would be eliminating any incentive for consumers to make payments responsibly. This would have serious long-term implications for how we as an industry manage the fundamentals of banking and payments.
To ensure the best fight against fraud, there needs to be a balance of both customer awareness and responsibility, as well as better detection and prevention. Reimbursement will be appropriate in certain circumstances, but it shouldn’t be the fallback.
To create a more balanced strategy, I also think we should adjust the threshold for customer ‘gross negligence’ to a bar that better takes into account the responsibility of customers. However, the PSR has been clear that they only see ‘gross negligence’ being used in a very small number of circumstances, and I do not see this changing any time soon.
In the immediate term, we are supportive of calls from the Payments Association to reduce the maximum level of reimbursement. This currently sits at GBP 415,000, which is much higher than the average fraudulent payment. A single reimbursement at the maximum level could be devastating for smaller payment firms.
In terms of innovation, we need more behavioural analytics and more adoption of machine learning tools in transaction monitoring to spot suspicious instances quickly and more effectively. Lots of great work is already taking place in this space, but we need to move faster. We will also need to see better data sharing, which can be facilitated through new and innovative platforms.
Jess Cath is Head of Financial Crime at award-winning compliance consultancy Thistle Initiatives. She is a financial crime leader, working with a range of firms to mitigate financial crime risk effectively and efficiently. Jess has broad experience designing controls, implementing systems, overhauling processes, changing embedded cultures, conducting audits and s166 reviews, and extensive remediations both in the UK and abroad.
Thistle Initiatives is an award-winning compliance consultancy for firms operating in financial services. They provide expert compliance advice and resources for regulated businesses, or those wishing to become regulated. Their subject experts operate in: Investments, Payment Services, Fintech, Insurance, and Consumer Credit. The full suite of their services consists of Acquisition Due Diligence, Financial Crime, Applications, Compliance Support, and Audit and Advisory. Learn more: https://www.thistleinitiatives.co.uk/
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now