On 27 September, the Financial Conduct Authority (FCA) handed down a £29m fine to digital ‘challenger’ bank Starling Bank (reduced from £41m for Starling’s cooperation) for failures in its financial sanctions screening systems. This news came just before the introduction of the mandatory reimbursement scheme, which from 7 October required banks to compensate customers who have lost money due to APP fraud.
Matthew Akroyd, Senior Associate in our Commercial Litigation team, spoke to CNBC about the mandatory reimbursement scheme, and banks’ concerns that tech companies should shoulder some of the burden. In this article he summarises these two recent developments in the fraud prevention space.
Starling Bank investigation
The Starling Bank investigation has its origins in the government’s National Risk Assessment of money laundering and terrorist financing 2020, the third such assessment which in particular identified that the fast onboarding processes offered by many challenger banks was likely to be both attractive to money laundering networks, and at greater risk of improperly evaluating customer risk through inadequate information gathering.
During 2021, the FCA conducted a review of financial crime controls at a sample of six so-called challenger banks (a category of banks seeking to challenge traditional high street banks, typically with a focus on online and app-based banking) which all offered a quick and easy application process. The report was issued in April 2022 and observed a number of failings across many aspects of the selected banks’ risk assessment controls.
Starling is just one of the challenger banks affected. Notably, another large player, Monzo, confirmed in its 2024 Annual Report that it is still subject to a civil investigation by the FCA into its financial crime controls.
The FCA is in well into its 2021 three-year strategy, which identified reducing and preventing financial crime as a priority. This was reaffirmed in the Economic crime plan 2023 to 2026, setting out a strategy to cut fraud and reduce money laundering and sanctions evasion.
That the Starling fine has come just 14 months after the FCA opened its case (compared to an average of 42 months in 2023-24) is positive news for the regulator in its continued drive to be more assertive, and follows similarly prompt action this year against CB Payments Ltd (a UK subsidiary of cryptocurrency exchange platform Coinbase), which was fined £3.5 million after a 16 month investigation.
We expect the pace of action at the FCA to continue to increase as its reinvigorated approach breaks into its stride.
Reimbursement for victims of APP fraud
As of 7 October 2024, banks in the UK will be required to reimburse victims of authorised push payment (APP) fraud perpetrated through the Faster Payments online system (the third most frequently used payment method in the UK behind debit cards and cash) and the sterling same-day CHAPS system, up to £85,000.
In a typical APP fraud, the victim is tricked into paying money through their online banking system to an account controlled by fraudsters following a ‘phishing’ message and/or ‘vishing’ call. Under the new regime the sending bank is required to reimburse qualifying customers (consumers, microenterprises and charities) within five days of a claim being made (and the sending bank may share up to 50% of the reimbursement costs with the receiving bank).
Immediately prior to the 2024 General Election, reports emerged that the Labour Party had formulated a policy to hold tech firms responsible for fraud originating from their platforms. However, specific details remain unknown and nothing has been announced by the new government since the election.
CNBC’s article notes that “banks and regulators have long been pushing social media companies for more collaboration with retail banks in the UK to help combat the fast-growing and constantly evolving fraud threat”, and that on the eve of the mandatory reimbursement scheme banks are voicing concern that social media companies should share in the costs of reimbursement.
Banks successfully lobbied to water down the maximum reimbursement limit from £415,000 to £85,000, and will receive another boost if their efforts to push the government to place some regulatory liability on tech companies is also successful. However, the question of what regulatory regime could cover those companies who do not play an active role in the PSR’s payment systems, and how, is complicated and this issue is therefore not likely to be resolved any time soon.
You can find further information regarding our expertise, experience and team on our Commercial Litigation or Banking & Financial Disputes page.
If you require assistance from our team, please contact us or alternatively request a call back from one of our lawyers by submitting this form.
Subscribe – In order to receive our news straight to your inbox, subscribe here. Our newsletters are sent no more than once a month.