Community

What silly conclusions to draw from these issues!

I can't work out where there has been any fall-out: this is just a PR 'made up' for a headline.  I write this as both a Fintech and Fellow of the Chartered Institute of Bankers. 

Facts:

- people are being conned by fraudsters. 
- the people that are being conned instruct (in the main) their banks to make payments to fraudsters. 
- the banks making the payments MUST follow the instruction of their customers (it's the law). And the banks have paid millions in system developments to inconvenience us to ask us whether we are sure and aware of the potential for fraud; and then to check with us the account that is being paid too. 
- the problem is then with the bank that gets the money and pays this away to a fraudster.  They help this fraud and the fraudster because they do not properly know/ identify the fraudster who then 'runs away' with the money. 
- it is odd to read which banks have the biggest fraud levels from paying-out to fraudsters. This is published annually. This is massively skewed towards a small number of fintecs that have 'broken AML law'!!!! by not identifying these fraudsters properly.  
- it is all 'well and good' for the article to demand a "stepped change", but very wrong not to propose what that change should be. 
- that change MUST be to 'hold' the banks that open these accounts for fraudsters 100% liable.  The industry has named the biggest offenders. 
- let's pursue these banks with gusto and stop the fraudsters and thereby protect innocent customers.  
- this is not a 'PR game' for fintechs or bank, nor a cheap headline in an editorial summary of irrelevance / speculation - it is a real problem that needs real solution. Now. 

@Ketharaman Swaminathan - same answer.  The argument does not change, and no precedence is set based upon the minority of cases. Imposing your values, does NOT make the reality change.  

@Ketharaman Swaminathan - This is simply not the way that banking or consumer law operates in the UK, or at the UK regulators. Maybe in India (I do not know)! "Make the victim pay" - is cold, and encourages fraud. In risk management, one has to 'follow the money' and make the perpetrators of the fraud pay - and the people (receiving banks that have aided the fraudsters) through their negligence and non-compliance with AML/CTF law - should be the people that suffer the losses when the fraudsters cannot be found and the money returned. It is their responsibity to understand the nature of the funds that they pass to fraudsters.  

Yes: the adage of addressing root causes generally works.  But I have no idea how social media allows dodgy funds to enter the system. Equally, if social media can't be 'addressed' for child abuse and human-trafficking ......

The solution rests in making those that cause the problem pay:  I.e. the fraudsters and those banks that collude with them to open bank account for them.  

This is just a side issue...... re-arranging the deck-chairs on the sinking Titanic perhaps?

Until the parties that are causing the losses become the ones that are HELD LIABLE, then the losses will continue........

The main issue is that fraudsters lie and cheat people to make payments to them rather than to intended recipients. We can try and teach people NOT to be cheated, and we are not going to stop the fraudsters. BUT, we can make it harder for the fraudsters to get bank accounts and to move the money. How?

From the statistics produced by the industry reporting: it is a small number of payments companies that allow the fraudsters to open accounts and receive the money and then pass on the payments elsewhere. So the losses need to be paid by the RECEIVING banks that (in the main) breach AML/CTF law !! - when they:

a) Open accounts for fraudsters that they have not identified properly or with fake or inadequate identification
b) Quickly receive a large sum(s) of money into these accounts that they will have inadequate processes to understand the nature of the payments; and which they then pass-on to other accounts.

The industry reporting *** (sadly) shows that there are common offenders that process these frauds 1000s of times more often commensurate with their size. These are generally the small financial institutions that have not yet learned to do what they should do. And in talking to many of these organisations: the stance is often akin to: "we are not establish/big enough to compete with the big banks and comply with all these identification requirements that the law requires of us".

If the losses that they cause are passed-on to the offending organisations: then they will quickly find ways to stop the fraudsters that they are helping today, and recover more of the funds from the fraudsters and banks that the money subsequently goes on to. This is the only way that delivers success and until we use these traditional 'follow the money' disciplines: the losses will continue.

*** PSR - Authorised push payment (APP) scams performance report - July 2024 

KS - I agree with previous anonymous sender. It appears that you have not thought this through. The paying customer (your ‘payor’) may not be involved - albeit often a little stupid / naive. It is often the fraudster that is imitating them. The fraudster cons the paying customer who has done nothing wrong. The paying bank does what is instructed. FOLLOW THE MONEY. The only faults are a) the fraudster motivations and dishonesty, b) the receiving banks that have opened up accounts for fraudsters without knowing who they are or where they are or being able to track them, and c) the receiving banks that make payments that are circumspect, not having proper ID and not knowing how or where the money is going, d) the receiving bank when it disburses the money to other receding banks with no responsibility, accountability or considerations of the suspicions involved, e) the receiving banks that then, hide behind the GDPR for not assisting in the investigations and showing their failings for fear of the legal liability for their failings, and f) the reviving banks for not correcting the position because they have no loss. (Worse: often they can make a profit from this by recovering funds and not repatriating the money but applying it to P&L!). Can you see the theme? This is a matter of law and regulatory rules that favour the “payor” (not really a word here). So your suggestions are NOT legally appropriate or fair to customer in the UK. Losing life-savings as a victim of a con, is not always a fair way to attribute liability. Your solution is unfair, unethical, and against the regulatory principles.

Hi Jackie - surely postponement means that the sending banks (and the conned customers) end up paying for the frauds, and that the receiving banks, having a reprise from suffering the losses- will continue to allow the fraudsters to open accounts and withdraw the money from the ‘system’. it is these receding banks , as the figures have shown, that are allowing this to happen. If these receiving banks had strong AML / KYC controls, and knew their customers (fraudsters), then they would have no problems contacting them, getting the money back (100% of the money!), and/or prosecuting the offenders. 100% liability on the receiving bank would very quickly address the problem, and would tighten up AML / KYC issues. Stalling, and keeping liability with the ‘sending banks’ will allow the problem to continue. The sending banks have spent £millions in repeatedly annoying us with ‘are you sure?’ messages to no avail. And legislation is required to allow better communications. When a sending bank say to a receiving bank: ‘stop the payment to the fraudster’, ‘this is fraud - send it back’ etc; the answer is usually: ‘go away, GDPR applies’ in order to hide/protect the KYC failings. What do you think should happen? ‘Hoping’ that it will be solved when the law prevents it and the culprits (receiving banks and fraudsters gain from this - so are motivated NOT to act) is not really a viable solution. This has been the brunt of the solution for five years and has not worked.

@ Ketharaman Swaminathan - who do you propose should suffer the losses?

@ Ketharaman Swaminathan - this is not regulation driven - but through a voluntary code with PSR pressure and consumer / media led persuasion.

*** Fraudsters should not be able to get accounts *** - it is AML globally that requires the banks to undertake proper customer onboarding: and if the did, then there would / should be no APP fraud. Or money available to claw back. 
Who do you think shoudl be liable? Not the conned customers, nor the paying banks that have simply complied with customer instruction. The bad boys are the fraudsters, and then the banks that have accepted the payments and then taken instructions from a fraudster to further hide the money. A FIRST PRINCIPLE is to 'follow the money' and reverse as much of the process as one can. Exchange of Bills Law and the Cheques Act details these processes as 'Conversion' in law. These are not cheques of Bill, but the principles apply that the receiving entity must operate so as not to pay the money to the wrong person (i.e. a fraudster).  

This is a rather a silly debate. It is a simple matter of WHO loses the money. If I as a customer of my bank ('Bank-Customer') instrut them to make a payment to a fraudster to thier bank ('Bank-Fraudster')  - which bank shoudl lose. Reserach by UK payments shows that Bank-Fraudster are a small number of smaller banks. Our experiences are that, driven by UKPayments, the main 'Bank-Customer' banks have included endless "are you sure this is genuine" messages, and 'Bank-Fraudster' have continued to open accounts and disperse money for fraudsters. How and why did they open these accounts for fraaudsters? Was the identitity taken sufficient.

It is about time that the losses were apportioned to the banks that were at fault: so that they can start doing their jobs properly. And the sooner the better.  And why are there limits at all? Why shoudl we 'let Bank-fraudster' off-the-hook' at all.

We'd go further:
- 100% of all losses ought to go to the bank that let the fraudsters succeed with the fraud.  

- The industry body should stop pandering to all the neo banks that want to avoid proper legal customer (fraudster) onboarding due diligence and do what is right for customers. There shodul be a price to pay for cutting corners.