Published on 15 March 2019

This is the seventh blog out of eight in our series on the Contingent Reimbursement Model code (“CReM”) that purports to offer customers strong protection against certain types of Authorised Push Payment Fraud, or “APPF”.

It adds considerable work for the customer and in doing so reduces the numbers who will be able to make a successful claim.

With half the horses down at the very first hurdle already (see Part V), and the field further thinned out by the time limitation on cases pre-dating 28th May 2019 and lack of funding, what chance do the remainder have of going right round the circuit twice, clearing all the obstacles put in their way, and reaching the finish line?

It is low and for a number of reasons. The obligations placed on the customer to qualify their claim for reimbursement are much more extensive than customers’ responsibilities in the 2017 Payment Services Regulations (the “PSRs”): the CReM gold-plates the customer’s responsibilities and enhances the firms’ position to the detriment of the customers to an equal-and-opposite degree.

Instead of laying out the protections that the customer should enjoy in law now, and then adding to the protection where needed, the CReM actually permits the customer’s protection to appear to be rolled back – although of course it is not rolled back in law. If there is any doubt as to what the law is, a test case should be brought. Indeed it should arguably have fallen to the Payment Systems Regulator to bring that case.

For example the obligation to use Confirmation of Payee does not exist in the PSRs and so it is wrong to make a customer’s reimbursement dependent upon its usage.

Then, due to the existence of relevant applicable law, the reasons given in the CReM R2.1 for the customer not to be reimbursed cannot be sustained:

  • “The Customer ignored Effective Warnings”
  • “the Customer did not take appropriate actions following a clear negative Confirmation of Payee result”
  • “the Customer made the payment without a reasonable basis for believing that the payee was the person the Customer was expecting to pay, the payment was for genuine goods or services; and/or the person or business with whom they transacted was legitimate”
  • “Where the Customer is a Micro-enterprise or Charity, it did not follow its own internal procedures for approval of payments, and those procedures would have been effective in preventing the APP scam”
  • “The Customer has been grossly negligent”

None of that is supported by the PSRs in either substance or in where the burden of proof lies.

Similarly the provision R2.2.b cannot be sustained when the PSRs have established applicable law in this area: “In assessing whether a Customer should be reimbursed or not, Firms should consider whether, during the process of assessing whether the Customer should be reimbursed, the Customer has acted dishonestly or obstructively in a material respect”. Article 75 sets out what the actual tests are.

In setting responsibilities for the customer to fulfil, the CReM is consistently more generous to the firms than applicable law is.