PSR's Catastrophe - See no Evil, Hear no Evil - Part 2

PSR's Catastrophe - See no Evil, Hear no Evil

SRA's terrible reported treatment of Helen Coles in Axiom Ince scandal

Date of Catastrophe for UK Payment System set by PSR - 7^th October 2024

Destruction of the UK Payment system - Part 3

• It is also important to state here that we want payment firms to take responsibility for protecting their customers at the point a payment is made. In doing so, we expect the new reimbursement requirement to lead firms to innovate and develop effective, data-driven interventions to change customer behaviour. Our consultation does not shift away from this position – a high standard of customer caution will incentivise greater steps from PSPs to drive more targeted and risk-based interventions, and the industry’s work on enhanced fraud data sharing will support this
  
  
• Our policy is a world first and there are no other comparative protections that exist for victims of APP fraud.
  
  
• In our policy statement, we accepted that moral hazard is a valid risk that should be managed.
  We have introduced policies to encourage customer caution and consider that a claim excess is an appropriate mechanism to manage the risk of moral hazard alongside the many actions PSPs can take to prevent APP fraud
  
  

Destruction of the UK Payment system - Part 2
Our response to the Payment Services Regulator's consultation on their soon to be introduced rules

• Question 1: Do you agree that the PSR should specify the standard of care that PSPs can reasonably expect of consumers? Please provide reasons for your answer.
  An explicit and well stated standard of care is useful (and possibly essential) for consumers and PSPs to have clarity on what is expected and required of them to prevent APP scams.
  The current specification of the standard of care is deficient and it needs urgent reformulating.
  
• Question 2: Do you agree that the standards of care specified by the PSR should be exhaustive, and that PSPs should not be able to introduce additional standards through their contractual relations with consumers? Please provide reasons for your answer.
  If the standard of care is completely and sufficiently specified, then is should be exhaustive as otherwise firms’ Terms & Conditions will be used to super-impose unnecessary and unfair standards.
  The current version of the specification of the standard of care is however woefully inadequate and in need of urgent revision and improvement (this response to the consultation explains why).
  
• Question 3: Do you agree that the burden of proof should fall on the PSP to demonstrate that a consumer – through gross negligence – has failed to meet one or more of the standards at paragraph 3.2? Please provide reasons for your answer.
  We strongly disagree that the burden of proof should fall on the PSP to prove gross negligence.
  If a firm can prove that a customer has acted negligently, then it becomes very subjective and argumentative where the boundary between negligence and gross negligence lies.
  There is no definition for this boundary, and the boundary will be applied very differently by different people judging the same case. Even experts and judges will place the boundary in wildly different place for the same situation.
  It is almost impossible for a PSP, with no access to outside investigative powers, to prove with evidence that a consumer was grossly negligent rather than simply negligent, and any attempt by the PSP to do so will be subject to challenge, and the whims of the individual arbitrator assigned to the case if the gross level of negligence is contested (as each arbitrator will apply a different personal subjective boundary between negligence and gross negligence).
  Setting rules which are ill-defined and rely on subjective application is not a healthy way to regulate, and the PSR must rethink and change the use of the undefined term ‘gross-negligence’ in its regulations.
  
• Question 4: Do you agree that PSPs should not be able to introduce, through their contractual relations with consumers, terms or conditions that shift the burden of proof onto consumers, or seek to reduce the burden on providers? Please provide reasons for your answer
  See answer to Question 2).
  
• Question 5: Do you agree that consumers should be expected to have regard to tailored, specific warnings raised by their PSP before a proposed authorised push payment has been executed, where those warnings make clear that the intended recipient of the payment is likely to be a fraudster? Please provide reasons for your answer.
  As long as the warning required engagement by the consumer in a non-standard way (so that the consumer did not simply click a button to get rid of the warning without properly reading it), then it goes without saying that the consumer cannot expect reimbursement if the warning is ignored and the consumers then loses their money.
  Even if the criminal is instructing the consumer to ignore the warning, the consumer is still being grossly negligent by ignoring the warning and the PSP cannot and must not be made to have a liability imposed in this situation.
  Please note this does not apply where the consumer simply needs to click a button to remove the warning, as then the consumer may be suffering from warning fatigue and may click the button without reading properly the warning. By forcing the consumer to engage somehow before removing the warning, the PSP has prevented this from occurring and the consumer must lose the option for reimbursement from their PSP.
  
• Question 6: Do you have any other comments on the requirement to have regard to warnings, taking into account the draft policy document at Annex 1 and the draft guidance at Annex 2?
  Yes.
  a) Likely. Under the current drafting, the PSR’s requirement is where the payment is likely to be an APP scam – which implies a 50% chance or greater of this being so.
  This is wholly and completely inadequate as a definition.
  
  Say a payment firm earns £3 from each payment it carries.
  And say a particular tranche of payments with average value £1,000 which the firm carries has a 1 in 10 chance of being an APP scam (for illustration purposes).
  The firm cannot know which of the 9 out of 10 such payments are genuine, honest payments which need to be made (to keep the UK economy functioning) and which of the 1 out of 10 payments is an APP scam.
  
  According to the current PSR definition, since none of any 10 such payments is ‘likely’ to be an APP scam (each having only a 10% risk), then the bank can warn the user that the payment could well be an APP scam, but could not warn the user that the payment is ‘likely’ to be an APP scam.
  According to the current PSR definition, the bank will always be liable for APP fraud reimbursement, even with suitable warnings, as it did not warn that the payment was likely to be a fraud (it could only warn that the payment could be a fraud).
  The firm will lose roughly £1,000 on every 10 of these tranche of payments carried, or on average roughly £100 per payment.
  So now the firm will have to charge £110 instead of £10 for each payment just to stand still, to avoid losing money. This is nonsensical, as consumers will not pay anywhere close to this amount.
  And so the 9 out of 10 genuine users of these type of payments will find themselves unable to make payment in the UK !
  The UK payment system will be broken.
  
  Whilst the above scenario will be played out unavoidably due to the PSR’s plans, the use of the word ‘likely’ will greatly exacerbate the situation.
  Therefore, the work ‘likely’ must be replaced with another form of wording – for example ‘quite possibly’.
  
  b) A bank making payment for a customer is totally reliant on the customer to provide honest and complete information about the purpose of the payment.
  If a PSP is provided incorrect or incomplete information about the purpose of the payment from the customer, then the PSP cannot stop an APP fraud payment.
  The only alternative for the PSP would be to stop all payments altogether !
  
  So it is critical that it is part of a requirement for customer caution that the customer must have provided honest and complete information on the reason for the payment if asked by the PSP, and if the consumer does not do so then the consumer cannot claim APP fraud reimbursement.
  Making this a requirement of customers, and publicising that this is so, will prevent APP fraud and stop customers providing wrong or incomplete information to PSPs on request, when the PSP is trying to assess the risk levels for the payment.
  This is the most critical part of this consultation, and it is imperative that the PSR requires consumers to report accurate and complete information to banks on the bank’s request at the time of the payment, and an acknowledgement that it will be regarded as gross negligence if they fail to do so.
  
  c) One of the factors listed in the PSR’s draft guidance on Consumer Caution at 2.10 states:
  ‘whether the PSP can reasonably be expected to have paused or otherwise prevented an authorised push payment from being executed’.
  
  Why is this factor here – It makes no sense !
  
  The PSR has already made it clear that the PSR differs from the FCA completely on APP fraud reimbursement.
  The FCA requires reimbursement in its FCA Handbook rules only where the bank could have done more to prevent the fraud – but in a situation where the bank could not prevent the fraud then the FCA does not impose any liability on the bank.
  However, the PSR requires imposition of liability on the bank, even where the bank could not have done any more to prevent the fraud.
  
  So why are the PSR now stating here that, whether reimbursement is due to the consumer and whether liability is imposed on the PSP, is impacted and dependent on whether the PSP could or could not have prevented the fraud ?
  
  Are the PSR now rowing back (as they urgently need to do) and becoming compliant with the FCA, so that a PSP that proves that it could not have done any more to prevent the fraud is not liable for reimbursement ?
  Or is this some kind of half-way house fudge where the PSR introduces a new factor which ambiguously may or may not let the PSP off liability if the PSP could not have done any more to prevent the fraud ?
  
  Either way, clarity is needed, and this is not the way to issue regulations.
  
  
• Question 7: Do you agree that consumers should be subject to a standard to promptly notify their PSP when they suspect they have, or may have, fallen victim to an APP scam? Please provide reasons for your answer.
  This goes without saying, for the reasons given in the consultation.
  The PSPs involved need to take immediate steps on notification, and it is grossly negligent for the consumer not to reasonably immediately notify their PSP when they learn of the possibility of APP scam.
  
  
• Question 9: Do you agree that consumers should be subject to a standard to respond to reasonable and proportionate information requests from their PSP, where those requests are necessary to establish whether the consumer is the victim of an APP scam, or where they are necessary under our ‘stop the clock’ policy? Please provide reasons for your answer.
  Yes.
  The PSPs involved need to take immediate steps on notification, and it is grossly negligent for the consumer not to provide the PSPs with reasonable and full information as soon as possible on request by their PSP.
  
  
• Question 10: Do you have any other comments on the information sharing requirement, taking into account the draft policy document at Annex 1 and the draft guidance at Annex 2?
  Yes.
  a) Just as there is a need and requirement here placed by the PSR on the consumer to provide accurate and reasonable information after the fraud has been reported, so there is an equally necessary need and requirement to be placed by the PSR for the consumer to provide honest and complete information on request to the PSP at the time the payment is made. This needs to be included within the PSR’s requirements for caution on the consumer.
  
  b) Paragraph 3.15 states that ‘Additional information requests by the PSP, made after a reimbursement claim has been initiated, would be by exception.’
  This means that after the initial conversation that a PSP had with a consumer when the APP fraud was reported, the PSR expects the PSP not to bother the consumer again unnecessarily.
  
  This is totally unrealistic, as it implies that the bank call handler receiving the fraud report from the consumer will be in a position to ask all necessary questions at that time.
  Whilst this might be possible in some cases, it just is not feasible in practice in a significant number of cases, and the bank will need to sit down with an internal team to review each claim and consider the circumstances unique to that claim, and then formulate a strategy and response (which might be to pay the claim, or might be to ask further questions).
  
  In the majority of cases, at least two questioning conversations with the consumer will be necessary, and not just the initial one.
  The second will be necessary after the PSP has considered the claim, and used a skilled team of experts to raise any unasked points in relation to the claim.
  The PSR implies that such a second round of questioning is not acceptable, when it will necessarily be the norm.
  The PSR needs to change the guidance to take this into account.
  
  c) Paragraph 3.15 states that ‘Nor would they be able to embark upon speculative requests for information.’
  If a bank finds (as it inevitably will) that one in ten claims for APP fraud reimbursement are fraudulent first-party-fraud related claims seeking to falsely extort money from banks, then a PSP will need to investigate and filter out such illegal claims.
  But if 9 out of 10 such claims are genuine, and only 1 in 10 such claims are fraudulent, then under the PSR’s current ‘no speculation’ rule the PSP would be barred from doing so, and fraudulent FIRST-PARTY APP reimbursement claims will multiply and proliferate.
  
  The PSR needs to provide PSPs with the ability to reasonably and fairly filter out fraudulent first-party APP fraud reimbursement claims, and that necessarily requires some speculative requests.
  Not doing so will just encourage criminals to industrialise the manufacture of false APP fraud reimbursement claims (together with a new band of reimbursement-mules that are soon to appear across the UK) !
  
  d) Sending and Receiving PSPS may have very different needs for information exchange.
  On occasion, a sending PSP may not wish to share information with a receiving PSP, whilst the Receiving PSP might urgently need the information in relation to the APP fraud.
  Or conversely, a receiving PSP may not wish to share information with a sending PSP, whilst the Sending PSP might urgently need the information in relation to the APP fraud.
  
  The same information sharing requirements placed on consumers must be placed on PSPs themselves, to require full reasonable data sharing between sending PSP and receiving PSP and vice-versa.
  
  e) If a consumer knows that they were grossly negligent, but if they do not inform the PSP of the fact then they will have almost full reimbursement granted by their PSP, then the consumer is highly likely not disclose their gross negligence.
  They can simply keep quiet, and claim vulnerability, or wrongly claim that the PSP is overreaching in asking for information.
  
  Given the powerless position of the bank, it is highly unlikely that the bank will have any available tools to be able to require the consumer to disclose their gross negligence – because the PSR is not placing a requirement of candour on the consumer.
  This is fundamentally unfair and wrong.
  The PSR needs to place a duty of candour on the consumer as part of the consumer caution standard.
  
  
• Question 12: Do you have any additional suggestions for inclusion in the standard of care that PSPs can expect of consumers in relation to authorised push payments?
  a) Require honest and complete response to questions from PSP before payment is made
  b) Require honest and complete response to reasonable questions from PSP after fraud reported (in all cases)
  c) Require each consumer to carry out reasonable checks on the seller (payee) to the existing legal level of Caveat Emptor – Buyer Beware – or be classified as grossly negligent. Otherwise the PSR’s new regulations mean that the buyer no longer has to perform any checks on the seller, and can and will simply rely on their bank for reimbursement if things go wrong. This will severely harm the UK economy.
  It is necessary for buyers to continue to shoulder the burden of the Buyer Beware burden and be required to evaluate reasonably that the seller is genuine – and this duty must not be passed wholesale on to banks, as the PSR’s rules currently envisage !
  
  • Question 13: Do you agree that a standard to report a suspected APP scam to the police should not be included at this stage? Please provide reasons for your answer.
  We do not believe that the PSR understands the industrial scale of false APP reimbursement claims that the PSR is about to unleash on the UK (caused by criminals teaming up with new groups of reimbursement-mules to industrialise false APP fraud claims).
  Requiring a police report by the claimant will at least force the claimant to make a formal written statement to the police. This will act as a slight deterrent (though not a major deterrent) against false claims, and so is a worthwhile and necessary step.
  
  
• Question 11: Do you have any additional feedback on the draft policy document at Annex 1 or the draft guidance at Annex 2?
  a) See important points 1), 2) and 3) at the beginning of this correspondence.
  
  b) The requirement in the Policy (Annex 1) point 1.4) for a consumer to report an APP fraud promptly is sufficient.
  There is no need to state in the policy that the report must be made within 13 months of the last payment, as that implies that longer timescales for reporting are acceptable if the consumer does not report immediately.
  A consumer really should be reporting within hours or days at the most after being alerted to the fraud, never weeks nor months.
  Either remove the reference to 13 months from here (it still remains elsewhere), or re-draft the point and say i) a consumer must report an APP fraud promptly or they risk loss of right to reimbursement. ii) In any case, claims for reimbursement cannot be made more than 13 months after payment.
  
  c) The requirement in the Policy (Annex 1) point 1.4) for a request to be reasonable and proportionate is badly drafted and wrong.
  It is sufficient to state reasonable – if a request is not proportionate then it will by definition be unreasonable. The word proportionate must be removed.
  If the word proportionate remains in place, then it is unclear whether proportionate refers to the consumer or the requesting PSP, and this is not fair.
  If a consumer faces no loss on reimbursement (or only a small loss due to excess), then many requests for data will be disproportionate from the consumer’s point of view – why should the consumer bother to answer. But the request is extremely proportionate to the PSP, who faces a large loss.
  
  In summary, it is necessary to remove the words ‘and proportionate’ as they are unnecessary and will only cause ambiguity and argument.
  
  d) The requirement in the Policy (Annex 1) point 1.4) mention Section 3.7 of the Specific Requirement.
  The specific requirement only allows questions where the PSP has evidence of first-party fraud.
  This is too draconian, and will encourage fraudsters to manufacture large numbers of false claims against PSPs and banks.
  
  Say a bank knows from historical data, from the type of claim being made, that a reimbursement claim has a 20% chance of being a first-party fraud claim, but the PSP has no evidence yet for this particular claim.
  At present, the PSR’s proposal forbid the PSP from making enquiries which will clarify whether the claim is a first-party fraud claim or not, and the 20% of false claims will be allowed unhindered.
  This is not acceptable.
  
  Instead, the wording of the Policy must be rewritten to allow the PSP to make reasonable enquiry when it has reasonable cause (which is broader than ‘evidence’) to enquire. So change ‘evidence’ to ‘reasonable cause’.
  
  e) Can we again plead with the PSR to amend the 13 month rule so it applies to each payment, and not the date of last payment.
  Having a date of last payment will simply encourage victims to make further fraudulent payments if the 13 month time period has expired, so that they can claim all their payments back from the PSP (including the last one) – the time limit in relation to each payment must be 13 months from that payment. Some consumers will lose as a result, but the alternative is far, far inferior.
  
  f) Term 1.2) of the draft guidance (Annex 2) states that to be able to avoid reimbursement, a PSP must i) make a case that the consumer was grossly negligent, and ii) be able to prove that case.
  This is too severe a requirement.
  
  For the PSP to prove that the consumer acted with gross negligence will always be a subjective argument, as explained above.
  If our other points about gross negligence are not accepted, then the PSP should be able to accept on the balance of probability that the consumer acted with gross negligence, and not need to prove that there was gross negligence. Proof is too high a level, and balance of probability must be allowed.
  
  g) Term 2.8 of the draft guidance (Annex 2) states ‘Only in circumstances where the PSP can demonstrate that the customer has, as a result of gross negligence, not had regard to such warnings can a reimbursement claim be refused.’.
  The consumer will always have a defence that they were suffering from ‘warning fatigue’, and receive constant false warnings from banks for genuine payments – this is true, and will only get much worse when the PSR’s new APP fraud regulations come into force.
  Such a defence may be regarded as negligent, but not grossly negligent.
  In that case, Term 2.8 is written in a way that all consumers will always have all claims for reimbursement granted, and the PSR’s policy document is basically a 100% ‘pay to consumer’ policy direction.
  
  This is not what the PSR intends, but is what it has drafted, and this needs to be urgently corrected.
  
  h) Term 2.8 of the draft guidance (Annex 2) states ‘Only in circumstances where the PSP can demonstrate that the customer has, as a result of gross negligence, not had regard to such warnings can a reimbursement claim be refused.’.
  The consumer will always have a defence that they were instructed by the fraudster to ignore the warning and provide untrue and inaccurate responses to the bank, and that the consumer was under the spell of the fraudster at the time.
  Such a defence may be regarded as negligent, but not grossly negligent.
  In that case, Term 2.8 is written in a way that all consumers will always have all claims for reimbursement granted, and the PSR’s policy document is basically a 100% ‘pay to consumer’ policy direction.
  
  This is not what the PSR intends, but is what it has drafted, and this needs to be urgently corrected so that consumers cannot simply claim (as currently drafted) that they were under the spell of the fraudster and so lied to their bank at time of making payment (so that the bank was not able to warn the customer at that time of the risk of APP fraud).
  
  i) ) Term 2.21 of the draft guidance (Annex 2) states ‘the customer may have complicated, circumstantial reasons for not wishing to make some disclosures to their PSP. We do not consider that reluctance or unwillingness by a customer to respond to information requests would, in and of itself, necessarily constitute valid grounds for refusing a reimbursement claim. Nor would it automatically equate to gross negligence’.
  The consumer will always have a defence that they are facing a life-changing financial loss which is affecting their mental health – such a claim will be true of any person.
  Such mental health issues fall within the PSR’s definition of a vulnerable individual – all of us have been at some time in their life through harrowing personal circumstances which affect our day to day functioning, and which push us temporarily into the category of being someone who the PSR classifies as vulnerable.
  In that case, Term 2.21 is written in a way that all consumers will always have all claims for reimbursement granted, as being correctly classified as vulnerable (due to the immense stress of their impending financial loss) they will not communicate necessary information to their PSP on request, and as a result the PSR’s policy document is basically a 100% ‘pay to consumer’ policy direction as without necessary information from the consumer the bank will have to pay in every case.
  
  This is not what the PSR intends, but is what it has drafted, and this needs to be urgently corrected.

Destruction of the UK Payment system - Our response to the Payment Services Regulator's flawed proposals

• Preface Note 1: The Current Situation:
  At this time, consumers who have been a victim of APP fraud are legally entitled to enforce reimbursement either against their bank (the sending bank) or against the payee’s bank (the receiving bank).
  
  This is because under the mandatory FCA Handbook changes introduced from 31/1/19 (hereafter referred to as The FCA Handbook Changes or ‘FHC’), a consumer is entitled to protection via the Financial Ombudsman Service (FOS) whenever the payer’s bank or the payee’s bank could have done more to prevent the fraud.
  Please note, the FHC do not require the consumer to be blameless – under the FHC, if any bank in the payment chain could have done more to prevent the fraud, then that bank becomes at least partly liable to the consumer even if the consumer was also at fault.
  
  Since in virtually all cases of fraud (as will be shown below), the payee’s bank is at fault in not doing enough to prevent the fraud, then as a minimum the consumer is liable to recompense by the payee’s receiving bank (and if the payer’s sending bank was also at fault, also from the payer’s own bank).
  So the FHC already provide almost full protection to consumers today.
  
  It is a tragedy for many consumers that their rights under the FHC have not been publicised, and the payment industry has instead been allowed to hide behind the CRM (Contingent Reimbursement Model) – which was designed from scratch by the banking sector to look impressive but to contain loopholes and effectively evade payment for liability in fraud cases – which is the situation today.
  If consumers only knew of their existing mandatory rights under the FHC, the CRM would not be needed as it is nearly always inferior.
  
  Remember, the FHC make the receiving bank, and if appropriate the sending bank, liable to the consumer …:
  

  '…if the bank did not do enough to prevent or respond to an alleged authorised push payment fraud’ (quoted from the FCA Handbook which is mandatory regulation in the UK).'

  That is the sole criterion required to establish liability by the FHC (which is effective law in the UK) – and it goes much further than the CRM – and without equivocation.
  
  Due to the FHC, a bank faces significant liability for reimbursement to consumers and small businesses in cases where:
  

  'if the bank did not do enough to prevent or respond to an alleged authorised push payment fraud.

  This is strong and effective law already in place and operating today due to the FHC which correctly penalizes banks’ lack of appropriate prevention – and we are taken aback that the PSR does not acknowledge or mention this at any point, nor take this into account in this consultation.'
  Note that Authorised Push Payment Fraud is defined in the FHC in the glossary of the FCA handbook from 31st January 2019 as:
  

  'A transfer of funds by person A to person B, other than a transfer initiated by or through person B, where:
  (1) A intended to transfer the funds to a person other than B but was instead deceived into transferring the funds to B; or
  (2) A transferred funds to B for what they believed were legitimate purposes but which were in fact fraudulent'

  
  Note that under the FHC, the FCA handbook at DISP 2.7.6(2B) states that any bank in the payment chain can be the subject of the consumer-payer’s complaint, if the respondent is (or was) involved in the transfer of the funds
  
  So both the receiving bank and the sending bank are fully included within the FHC.
  
  The upshot is that the FHC already provides the consumer protection that the PSR is seeking to provide (except in no-fault cases, which as explained below in this response should not provide protection), and the PSR needs to publicise the FHC rather than take any other action (and can ditch the ineffective CRM).
  
  The FHC is already in force today (and have been since 31st January 2019), and simply applying and publicising the little known FHC is sufficient to achieve all that the PSR is attempting to do in this consultation.
  
  It is worth noting that there is one area where the CRM does provide protection to consumers that the FHC does not – where neither the consumer nor any bank was at fault in the fraud.
  But in reality, this is a vanishingly small number of cases.
  This is because the receiving bank will nearly always be at fault, as explained further below, so the consumer will nearly always have an available legal claim against the receiving bank.
  And in those no-fault-by-anyone cases, since the banks are already doing all they can to prevent APP fraud, action by the PSR will not achieve any end.
  
  
• Preface Note 2: Why are there a vanishingly small number of cases where neither bank in the payment chain is at fault (and as a result, under current rules, consumers are already entitled to mandatory reimbursement through the FHC) ?
  At this time, in virtually all cases occurring today, the receiving bank will be at least partly at fault for any APP fraud.
  This is because the payee has either opened an account at the receiving bank with false ID, or the payee is operating as a mule account.
  
  In the first case, the receiving bank accepted false ID, and is therefore partly at fault in the loss.
  Now that machine readable passports are commonplace, which allow verified identity information and photograph to be read off the passport with high certainty and confidence (as they are digitally and cryptographically signed), there is no reason why any PSP should today open an account with false ID. It is extremely difficult for a criminal or fraudster to do so – way beyond the capabilities of the ordinary crook.
  We would ask the PSR to lobby the Government so that driving licenses also become machine readable and cryptographically-signed, as at present driving licenses are easily faked. This is a Government weakness, and the PSR should be pressing the Government to immediately address this issue, so that accounts can be opened for customers who have a driving licence but no passport.
  
  In the second case, the payee is acting as an account mule.
  Account mules are always caught by the Police, as they are committing crime in the open and do not hide their crime – that is the nature of an account mule.
  The defence of account mules – which is effective at present – is they did not know they were doing wrong.
  As a result, the Courts will not prosecute, and as a result the Police will not act (it is not worth their while, with no expected penalty due).
  And as a result, account mules are free to continue unabated in a tsunami of APP fraud.
  
  This is all the result of banks’ failure to alert their clients to the illegality of account muling.
  I have never received any communication from any of the various banks I personally bank with (and I personally bank with a few, to help me understand consumer experience with UK banks) instructing me that I cannot receive a payment in to my bank account for another party.
  If I was instructed by my bank that I can only receive payment into my bank account on my own behalf, and never for another person or another party, and that such receipt was actually potentially illegal and money laundering, then I would be aware that account muling was illegal. If I was told at the same time by my bank that such receipt can well lead to fine or prison sentence, then I would take note.
  But I have never received such a message from any of the many banks I bank with.
  
  As soon as banks take action to directly inform all their clients that their client is not allowed to receive payment into their bank account for another party, and that such receipt may be money laundering and subject to fine or prison sentence, then Courts will immediately on the basis of these warnings start prosecuting account mules.
  And Police will immediately start arresting and taking to Court account mules, as the Police know they will have an easy conviction (and this will make them look very effective).
  And account muling will stop, because no account mule will continue, knowing they are committing crime in the open, and will be certainly caught and prosecuted.
  
  As payee banks have not made clear to their clients that account muling is not allowed and potentially illegal, the payee banks are all at fault if their accounts are used for account muling (the banks are also in breach of the Money Laundering Regulations 2017 – but that is a different matter and an FCA failing to uphold its mandate).
  So if an APP fraud takes places, and the payee turns out to be an account mule, then it is correct that the receiving bank should be liable, as the receiving bank did not warn and make crystal clear to the payee that acting as an account mule was not allowed and possibly could cause fine or imprisonment (which in turn allowed the account to be used to defraud the original payer).
  
  The upshot is that a receiving bank is currently almost always at fault (at least partially) in an APP fraud (whether due to false ID or account muling), and liability should always reside with a receiving bank unless i) they did not allow their account to be opened with false ID, and ii) they made clear to their customer that they could not receive payment for any other party.
  And as made clear above, these two criteria are hardly ever currently both met by a receiving bank.
  
  [As an aside, when PSPs and banks do finally start educating their clientele that accounts cannot be used to receive third-party payments, APP fraud will shrink in the UK by several levels of magnitude].
  
  So, It should be made clear to consumers that the receiving bank will always be at fault and liable in APP fraud, unless the receiving bank can show that false identity of the payee was not involved and that the receiving bank made sure that the payee could not act as an account mule without the prospect of a jail sentence.
  
  This will clear up 95% of all APP fraud cases.
  
  In the remaining 5% of cases, it should be made clear to the consumer that if their own bank (the sending bank) was partially at fault for the APP fraud, then their own bank should be liable. Otherwise, if their own bank was not at fault in any way, then the consumer should know that they were liable for their loss.
  
  
• Paragraph 1.11 of the consultation states:
  

  '‘However, the overall level of reimbursement under the Code is still below 50% – and participation in the Code is voluntary. Some PSPs are not signatories and offer lower levels of protection, leaving many consumers exposed to significant risk.'

  This is a scandalous statement by the PSR, as it is untrue, and is a complete abrogation of responsibility by the PSR.
  
  All banks and consumers are covered mandatorily by the FHC (FCA Handbook Changes), and consumers are NOT exposed to significant risk, as the FHC already provides in most cases far superior protection to the CRM code.
  
  The reason that consumers are losing out is purely due to lack of awareness by consumers and small businesses of the existence of the FHC, which already protects them.
  And the PSR has singularly failed to promote awareness of the protection of consumers existing today by the FHC.
  
  As is clearly evidenced in this paragraph, the PSR is continuing to take active steps to give the false impression that the FHC does not exist, or does not provide protection to consumers and small businesses in nearly all existing cases.
  
  
• Paragraph 1.12
  The introduction and promulgation of Confirmation of Payee (CoP) is widely welcomed.
  It is an essential tool in the fight against APP fraud, and should be mandatory for all payments (expanded across all modes, including electronic payments such as via PayPal).
  
  
• Paragraph 2.3 of the consultation states:
  

  'Payment systems should be safe to use. We want PSPs to act to prevent APP scams, and to ensure that victims are reimbursed.'

  In this statement, the PSR first makes an obvious and bland statement that payment systems should be safe to use.
  The PSR then makes a logical fallacy.
  The PSR connects payment systems being safe (obvious, critical and necessary) with the following statement that PSPs should act to prevent APP scams.
  This connection misunderstands the first statement.
  
  The first statement about the payment system being safe means only that if a consumer wishes to pay X, then the payment from the consumer should safely reach X.
  This is obvious and critical, and necessary.
  However, the first statement makes no claim of knowledge whether X receiving the payment from the consumer is a good or a bad thing, nor whether the consumer paying X could be a safe or unsafe act.
  The safety of the payment system only requires that when a consumer wishes to pay X, then the payment should safely reach X.
  
  The second statement considers a totally different issue to the first statement – should the consumer be paying X, and is it safe for the consumer to pay X (using a secure and safe payment system) ?
  This is not a payment question, but a legal and social question, unrelated to the payment industry.
  
  The first statement and the second statement cannot be conflated – to do so is a logical error.
  But that is exactly what the PSR has done.
  
  Of course, if the Payment firm acted in a way where it did not do enough to prevent or respond to APP fraud, then the payment firm must be liable to the consumer.
  Payment firms can and must take steps to help consumers minimise APP scams.
  Since payment firms act at the time payments are made by consumers, payment firms have an opportunity to interact with consumers and minimise such scams through appropriately advising consumers.
  
  And this is already the regulation in force today through the FHC (FCA Handbook changes – see above).
  And as is show above, in nearly all cases, at least one of the receiving or sending bank will currently be liable for not doing enough to prevent APP fraud.
  
  But if the payment firm did do enough to prevent or respond to APP Fraud, then it would overturn thousands of years of established law, and destroy the UK economy, to make the payment firm liable for the consumer’s action in making payment to X.
  Payment firms cannot be made responsible for judging and evaluating the reason that consumers make any payment.
  There is no precedent, and no reason to do so.
  That will destroy the UK’s payment systems – as payment firms will cease to be able to operate - exactly the opposite role that the PSR is tasked to fulfil.
  
  
• Paragraph 2.17 of the consultation states:
  

  'We want PSPs to implement the capability to send and receive the data [historical data on account attributes] – that will enable them to better identify and stop scam payments – in 2023.'

  Whilst the largest banks may have been a part of this trial mentioned by the PSR, we as a PSP have had no information and no participation and no knowledge whatsoever of this capability.
  Given it is the end of November 2023, the statement by the PSR that they want to commence the capability in 2023 is not credible – the participating banks may be ready, but we cannot be. The PSR must not be seen to be giving undue advantage to the large banks who participated in the trial.
  
  
• Paragraph 3.10:
  The CRM code is weak and insufficient for consumers.
  There is already a much higher standard in force in the UK through the FHC, which requires reimbursement to consumers and small businesses when either the sending bank or receiving bank did not do enough to prevent the APP fraud – which as we have explained above occurs in nearly all cases today.
  The FHC can be mandatorily enforced by any consumer or small business through the Financial Ombudsman Service (FOS).
  
  Therefore, the PSR’s proposals in this consultation is built on a false premise – comparing the protection currently available from the CRM today instead of comparing the protection currently available under the FHC today.
  
  
• Paragraph 3.2 & 3.3 (2nd 3.2 & 3.3 due to consultation misnumbering)
  This paragraph claims that data sharing between banks will prevent banks from making customers’ payment journeys an impossible experience, once banks are subject to the new liability under the PSR’s proposals.
  There is no evidence to back up the PSR’s assertion – and common sense clearly demonstrates that if the PSR’s proposals are put in place, then banks will start to haemorrhage large amounts in APP fraud reimbursement, and will be forced to make their customers’ payment journeys an excruciating and impossible experience, in order to minimise these losses.
  
  Data sharing cannot and will not prevent this debacle, as data sharing can only slightly reduce the chance of APP fraud losses to banks – it cannot eliminate it or reduce more than a minority of cases.
  
  The PSR will become a cursed entity by consumers for having introduced these measures, which will lead to ordinary bank customers lives’ becoming impossible whenever they wish to make a payment.
  
  
• Question 1: Do you have views on the impact of our proposals on consumers?
  As explained below and above, the PSR’s assumptions are an act of fancy, comparable to the assumptions used in the recent mini-budget of Chancellor Kwasi Kwarteng and Prime Minister Liz Truss.
  The PSR have provided no evidence whatsoever to demonstrate that their radical plans will not cause significant damage to the UK, and the PSR is simply hoping that their radical plans will not be damaging.
  Before scrapping liability laws that have been in existence for thousands of years (Caveat Emptor – Buyer Beware), the PSR needs to provide evidence that allowing consumers to be negligent and receive full reimbursement will not destroy the UK economy. And the PSR needs to provide evidence that when the significant number of vulnerable consumers are grossly negligent and required to receive full reimbursement by their bank, this will not destroy the UK economy.
  The onus is on the PSR to provide the evidence before taking these potentially grossly destructive radical steps.
  
  Taking on a vulnerable customer will mean that unlimited losses can be incurred by the bank, whenever that customer makes a payment.
  And fraudsters are likely to work with vulnerable customers to mine the UK payment system for millions (and quite probably billions) of pounds of fraudulent reimbursement where consumer gross negligence is present – all to be covered under the PSR’s proposals by banks.
  
  This is not a sustainable situation, and banks will quickly stop offering payment except under the most extreme circumstances.
  The UK payment system will quickly grind to a stop.
  
  This will not be good for consumers !
  
  
• Paragraph 3.6 of the Consultation states:
  

  'PSPs have the ability to do more to prevent scams and thus mitigate their increased reimbursement costs'

  This is erroneous, and underlies the PSR’s foundational error in this consultation.
  
  PSPs (banks) are already fully liable to reimburse customers if they did not do enough to prevent an APP scam.
  This is already fully enforced by the FHC (FCA Handbook regulations in current force, and enforced mandatorily by the FOS).
  
  If there is an area for the PSR to pursue, it is to ensure that FHC rights (enforceable by the FOS) are widely publicised to and become known by consumers and SMEs.
  
  If a bank cannot already do more to prevent an APP scam, then regulation should not and cannot be made to make the bank liable, as this will destroy the UK economy due to the destruction of the payment system.
  
  
• Paragraph 3.8 of the Consultation states:
  

  'We do not consider prudential risks would arise for larger PSPs, many of which are already CRM Code signatories'

  This statement by the PSR is patent nonsense.
  
  At present, larger banks (PSPs) do not have to reimburse customers where the customer was clearly negligent (even TSB). Such reimbursement is precluded under the CRM.
  Likewise, larger banks (PSPs) do not have to reimburse vulnerable customers even where they are grossly negligent.
  
  The new PSR proposals will mean that even larger banks will be prudentially compromised !
  
  And the expansion of the definition of APP fraud in the PSR’s proposals will also lead to huge liability shifts to all banks (large and small).
  
  
• Question 2: Do you have views on the impact of our proposals on PSPs?
  Yes, see above and below for the devastating impact the PSR’s proposals will have on PSPs and banks.
  
  
• Paragraph 4.4 of the Consultation states:
  

  'Larger business payers can be expected to have greater capability to protect themselves from APP scams, and it would not be proportionate to require PSPs to reimburse such businesses for their losses.'

  It is disgraceful that the PSR, as the UK’s payment regulator, can expose themselves to being so misinformed.
  
  Small businesses (beyond micro-enterprises) are already fully entitled to mandatory reimbursement by the FHC and enforced by the FOS, and a small business can today obtain reimbursement if either the payer or payee bank did not do enough to prevent the APP scam. As we have shown, this is so in nearly all cases.
  
  So for the PSR to claim that small businesses (included in the paragraph’s term of larger businesses, the PSR meaning anything other than a micro-enterprise) cannot require PSPs and banks to reimburse them when the bank is at fault, when such protection is today fully in regulation and force, and can be easily enforced by small businesses through the FOS, is shocking.
  
  
• Paragraph 4.8
  The PSR states that it has a clear expectation that on-us payments will be treated identically to Faster Payment transactions.
  But this is no more than a wish and a prayer, and as the PSR admits is unenforceable.
  
  The burden of the PSR’s proposals goes far, far beyond the CRM.
  
  The larger 5 banks in the UK have a significant number of on-us payments – up-to and over 20% of all the payments they make.
  If these on-us payments are not subject to the same reimbursement rules as Faster Payments, then those banks will have a significant competitive advantage to competitor banks (who will have 100% liability on nearly all their payments instead of 80%).
  
  This is unacceptable, and subject to legal challenge, as the PSR are mandated to retain a competitive and fair payment system.
  The PSR hoping that the largest 5 banks will treat on-us payments fairly is wishful thinking, especially given the huge liabilities involved.
  
  If a mandatory solution cannot be found in advance to the on-us problem, then the measures cannot be introduced until a solution is found (on competition grounds).
  
  
• Paragraph 4.11 to 4.13
  The definition of an APP scam case in the Financial Services and Markets Bill s.62(2) is:

  '(a) the case relates to a payment order executed over the Faster Payments Scheme, and
  (b) the payment order was executed subsequent to fraud or dishonesty'.

  It is critical to note that the Section 62 definition of the Bill only imposes a boundary where reimbursement may or may not be required by the PSR.
  There is no mandate in the Financial Services and Markets Bill for the PSR to impose reimbursement in every such case.
  Rather the Bill empowers the PSR to require reimbursement in such cases, if and only if the PSR deems it necessary.
  
  Thus using the Financial Services and Markets Bill expansive boundary definition for all fraud is quite simply unreasonable for day-to-day use, since all it requires is that fraud or dishonesty is determined at any time before the payment is made.
  
  What on earth counts as dishonesty in this definition ?
  
  Most sales related efforts across all fields rely on promoting the product being sold, and there is often a very thin line between fair promotion and dishonesty.
  Salesmen and saleswomen are incentivised to clinch sales, and it is not unknown for salespeople to cross the line from over-enthusiastic promotion to dishonesty.
  It is likely that the majority of accomplished salespeople routinely use dishonesty to some extent in over-promoting their legitimate products, in order to convince consumers to buy.
  
  Despite what is written in paragraph 4.13 of the consultation, if a consumer could demonstrate that a salesperson was guilty of dishonesty in over-promoting a product, then under the PSR’s definition a consumer would be entitled to reimbursement, as dishonesty could be shown prior to a payment.
  
  According to the definition adopted by the PSR, if a consumer can show that a product sold to them involved dishonesty by a salesperson in any form which led them to buy a product, then they will be entitled to reimbursement by a bank.
  The banks have no way to prevent or police this behaviour in mainstream commerce, and the loose definition by the PSR is far, far beyond the current FCA definition of fraud in the FHC – where the requirement is fair (that a bank could not do more to prevent fraud).
  
  The PSR needs to adopt the FCA definition, and not radically and unfairly increase the scope of the definition of APP fraud.
  
  
• Question 3: Do you have views on the scope we propose for our requirements on reimbursement?
  See comments above and below
  
  
• Paragraph 4.18 of the Consultation states:
  ‘We are not aware of conclusive evidence that, if consumers are more confident of being reimbursed, they will take less care in ensuring that their payee is not a fraudster.’
  
  There is significant evidence that there will be a very, very significant increase in claims under the PSR’s proposals, due to consumers knowing that they can act negligently and still be fully reimbursed.
  It is common sense and obvious that the PSR’s proposal will lead to a tsunami of increased reimbursement claims (including due to new frauds specifically targeted at the measures).
  
  The PSR instead has set the bar at an impossible level, demanding only conclusive evidence of what will occur in the future if and when the PSR introduce its flawed measures.
  It is impossible to produce conclusive evidence of a counter-factual – so the PSR are creating a situation where they will ignore the obvious disastrous consequences of their actions, and ignore strong (but not absolutely conclusive) evidence, as they will only act on evidence which will be of a standard impossible to produce.
  
  Box 1.18 introduces evidence from TSB, and its fraud guarantee.
  It is critical to note that TSB’s fraud guarantee is far, far softer than the PSR’s proposals, as TSB retain the right to refuse reimbursement where they have abused the guarantee in TSB’s opinion (such as by being negligent).
  Under the PSR’s proposals, a consumer will be entitled to full reimbursement even where a bank believes the consumer has abused the process by being negligent.
  
  On a separate but important point, under the PSR’s proposals, consumers would know that they would not need to take care when making purchases paid by bank transfer .
  This will be advertised and promoted to them by consumer champions, such as Martin Lewis, quite rightly pushing consumers to make payment by bank transfer and explaining that the consumer would be protected even if the consumer didn’t take adequate care.
  The PSR wrongly assumes this situation will not quickly come about, but it is obvious that it will.
  
  
• Question 4: Do you have comments on our proposals:
  • that there should be a consumer caution exception to mandatory reimbursement
  • to use gross negligence as the consumer caution exception
  • not to provide additional guidance on gross negligence?
  
  As an FCA authorised PSP, we have run an escrow website service for the last 13 years that allows consumer buyers and sellers to be fully protected in a transaction.
  We have many years of experience in this area, and our firm exists to protect consumers from fraud.
  
  Over the years, we have seen attacks from many fraudsters, and prevented many APP frauds.
  We have also seen a not insignificant number of dishonest consumers attempting to circumvent checks and controls.
  We have also repeatedly seen fraudsters conspiring with consumers (both advertently and inadvertently) to try and commit fraud.
  
  To date, we have successfully defeated them all.
  
  But our service requires that consumers make a reasonable effort to protect themselves – the same effort required by law – along the lines of Caveat Emptor (Buyer Beware).
  We provide the ability for consumers to fully protect themselves and ensure that they are not the subject of fraud, but our platform cannot do all the work for the consumer, and the consumer still needs to ensure that the trade they are undertaking that involves payment is worthwhile and not fraudulent for them.
  We can and do ensure safe payment, and that the payer achieves everything they set out to achieve in writing with us, but we cannot ensure that the social reasons for making the payment are underlyingly safe.
  No payment firm can do so.
  
  It is entirely reasonable to demand that a consumer is not negligent in conducting steps to ensure that they are not being scammed.
  If a consumer is scammed because they were reasonably tricked – then this is clearly not negligence by the consumer.
  I repeat for clarity, if a consumer is scammed because they were reasonably tricked – then this is clearly not negligence by the consumer.
  Negligence by the consumer means the consumer acted unreasonably and did not perform reasonable steps in the circumstances, and to demand reimbursement by a bank in such a negligent consumer case where the bank could not prevent the fraud is preposterous.
  
  The FCA’s current regulation ignores the negligence or non-negligence of the consumer, and quite rightly focuses only on whether the bank could have done more to prevent the fraud or not.
  This is the test that the PSR needs to apply.
  
  In particular, under the PSR’s proposals, I as a consumer will be allowed to purchase a dodgy investment negligently by bank transfer, knowing that if the investment turns out to be fraudulent then I will be entitled to full reimbursement by my bank, since I have only been negligent and not grossly negligent.
  This cannot be allowed to occur, as it is absolutely necessary for consumers to be required to make some efforts to prevent fraud against themselves – something the PSR’s proposals completely uproot.
  
  If the PSR’s rules take effect, no bank will be able to survive the tsunami of reimbursement liability that will result.
  
  
• Question 5: Do you have comments on our proposal to require reimbursement of vulnerable consumers even if they acted with gross negligence?
  Because the definition of who a vulnerable consumer is so nebulous, it is hard to say how many consumers fall within this category at any one time.
  It may be that 20% of all consumers are always vulnerable in some way, whilst the majority of remaining consumers will be vulnerable at some time during their life.
  Numbers could be higher than this, but they are unlikely to be lower.
  
  A payment firm makes pennies or less for making each payment.
  Almost by definition, a bank cannot in most cases prevent an APP scam where the consumer is grossly negligent.
  Banks can try to prevent such circumstances arising, but gross negligence is so broad that a bank cannot stop these frauds.
  Requiring a bank to incur possible large liability from a vulnerable customer for making a payment, when the bank earns pennies or less for making that payment, is not economically sustainable.
  
  Payments for vulnerable customers will not be allowed to occur – or banks making them will cease to economically viable.
  And because many people can become vulnerable at some point in their life, payments for everybody will cease to function smoothly.
  
  This will spell disaster for the UK economy, as payments cease to function well.
  The PSR will be destroying the payment system in the UK, for users.
  This is the very opposite of the PSR’s function.
  
  Negligence should absolutely not be a standard allowed for any consumers, and regrettably gross negligence cannot be a standard for vulnerable consumers, however caring as a society we are.
  
  One separate but critical point.
  Not all vulnerable people are honest.
  And some honest vulnerable people will be easily pressured into working with fraudsters. That may be a nature of their vulnerability.
  
  The PSR’s proposals open a wide door for fraudsters to work with vulnerable people (willingly or through coercion) to create a conveyor belt of mass fraud, and this is certain to occur – probably with organised crime quickly getting involved.
  Criminals will find a vulnerable consumer, explain to them they can act grossly negligently and have no risk, and entice or coerce them to make an APP payment to the criminal.
  The banks involved will have no way to prove what has occurred, and will be forced to fully reimburse the vulnerable consumer.
  And the tactic will repeat and repeat for millions, and probably billions of pounds every year !
  
  Creating rules which results in this occurring is beyond reckless for the PSR.
  
  
• Question 6: Do you have comments on our proposal to use the FCA’s definition of a vulnerable customer?
  See answers above and below
  
  
• Question 7: Do you have comments on our proposals that:
  • sending PSPs should be allowed to apply a modest fixed ‘excess’ to reimbursement
  • any ‘excess’ should be set at no more than £35
  • PSPs should be able to exempt vulnerable consumers from any ‘excess’ they apply?
  If a consumer is due reimbursement from a bank because the bank did not do enough to prevent the APP fraud, then we believe the consumer should receive full reimbursement, and not have £35 withheld from the reimbursement.
  It is wrong to arbitrarily deduct £35 from consumer’s reimbursements when this is due to them, whether the consumer is vulnerable or not.
  
  
• Paragraph 4.41 of the Consultation states:
  

  'limit the costs to PSPs, and ultimately to their customers, of reimbursing small claims that are in fact civil disputes rather than purchase scams'

  Because the PSR’s definition of fraud is so loose and involves the word dishonesty, there will be many, many claims where the dividing line between civil disputes and purchase scams is unrecognisable.
  This is so for payments below £100, but equally for all payments above £100.
  
  
• Question 8: Do you have comments on our proposals that:
  • sending PSPs should be allowed to set a minimum claim threshold
  • any threshold should be set at no more than £100
  • PSPs should be able to exempt vulnerable consumers from any threshold they set?
  
  Where the sending bank or the receiving bank is at fault (i.e. did not do enough to prevent the APP fraud) the bank is already liable under the binding FHC even for amounts below £100 – so the PSR’s minimum of £100 will make no difference at all to mandatory reimbursement.
  Where neither the sending bank nor the receiving bank were at fault (rare at this time), then no reimbursement should be liable for any amount !
  
  
• Question 9: Do you have comments on our proposal not to have a maximum threshold?
  Where the sending bank or the receiving bank is at fault, then there should be no maximum.
  Where neither the sending bank nor the receiving bank were at fault (rare at this time), then no reimbursement should be liable for any amount !
  
  
• Question 10: Do you have comments on our proposals that:
  • sending PSPs should be allowed to set a time-limit for claims for mandatory reimbursement
  • any time-limit should be set at no less than 13 months?
  13 months seems a sensible time limit.
  FHC protection is not limited by this restriction, so if a consumer can demonstrate that a sending bank or receiving bank was at fault then they would still be able to make a claim to FOS outside this time-limit, so the time limit is actually meaningless.
  
  
• Question 11: Do you have comments on our proposals that:
  • the sending PSP is responsible for reimbursing the consumer
  • reimbursement should be as soon possible, and no later than 48 hours after a claim is made, unless the PSP can evidence suspicions of first party fraud or gross negligence?
  
  As already highlighted above, the PSR’s proposals will make it open season for criminals to start mass-producing spurious claims for reimbursement.
  The criminals will know that it will take time for banks to obtain evidence that any one claim is spuriously and criminally produced (i.e. in first-hand fraud by the payer).
  
  To require immediate reimbursement to the claimant, when the claimant could be responsible for either first party fraud, or for collaborating with a criminal (especially in the case of a vulnerable consumers), or for gross negligence (for non-vulnerable consumers) will make it impossible for banks to not haemorrhage large sums in losses they are not responsible for.
  
  The time limit for reimbursement should allow a bank time to ascertain whether fraud or gross negligence was involved.
  
  
• Question 12: What standard of evidence for gross negligence or first party fraud would be sufficient to enable a PSP to take more time to investigate, and how long should the PSP have to investigate in those circumstances?
  If banks are forced to make reimbursement for cases where they could not have prevented the fraud, then banks offering payment in the UK will quickly cease to exist.
  
  Instead, for a claim for reimbursement to operate, the defrauded consumer should start by alleging fault of one or both of the banks involved. This claim for fault by a bank should commence the process, and not a notification by the defrauded consumer that an APP fraud has occurred.
  
  
• Question 13: Do you have comments on our proposal for a 50:50 default allocation of reimbursement costs between sending and receiving PSPs?
  
  A 50/50 split between sending and receiving banks is totally unreasonable.
  Sending banks are already doing much to prevent APP fraud, and remain unable to prevent these frauds despite their best efforts in many cases.
  But receiving banks are nearly always at fault at this time for APP frauds, as has been explained above.
  And receiving banks will always be involved with money laundering, as the proceeds of crime are distributed (so should already be being investigated and censured by their AML regulator, the FCA).
  
  The split should be 10/90 sending bank/receiving bank, prior to any individual case mitigating circumstances.
  
  
• Question 14: Do you have views on our proposal that PSPs are able to choose to depart from the 50:50 default allocation by negotiation, mediation or dispute resolution based on a designated set of more tailored allocation criteria?
  
  PSPs vary in size from very large to very small.
  Very large PSPs (banks) have very large legal departments, whose role is simply to minimise liability regardless of right or wrong.
  Medium and small PSPs have no legal departments.
  
  Medium and small PSPs will be at immense disadvantage in any negotiation with a large bank, and the PSR should not place these smaller firms in such a situation of having to negotiate in individual cases.
  
  
• Question 15: Do you have views on how scheme rules could implement our proposed 50:50 default allocation to multi-generational scams?
  I don’t understand how and if multi-generational scams are covered by the PSR’s proposals, and I do not believe the PSR understands either.
  
  The example quoted in paragraph 5.11 of a Faster Payment into a Crypto-wallet, and then a later payment from the Crypto-Wallet to a fraudster, would seemingly not be included within the regulations, as the first Faster Payment was not a fraudulent payment and any fraud only occurred later.
  Why is this even being considered in the consultation, when it is already precluded ?
  
  On the other hand, we believe that APP fraud payments over other channels should be included in the PSR’s current regulation.
  So, for example, an APP fraud payment made via PayPal should (we believe) absolutely be covered by the current PSR regulations. And if the PSR does not have the power to enforce or create such regulation, then it should be working with other bodies (such as the FCA) to ensure that parallel regulation is brought in at the same time as the PSR’s regulations.
  
  
• Question 16: Do you have comments on our proposal for a 50:50 default allocation of repatriated funds between sending and receiving PSPs?
  The PSR should be aware that in reality receiving banks that manage to achieve repatriation will not always openly declare that this has occurred, either through subterfuge or through ineptitude.
  And due to lack of information, in many cases the sending bank will not receive their fair share of repatriated funds.
  
  
• Question 17: Do you have views on the scope we propose for rules on allocating the costs of mandatory reimbursement?
  See answers above and below
  
  
• Paragraph 6.5 of the Consultation states:
  

  'The PSO is the appropriate body, in the long-term, to undertake the role of making, maintaining, refining, monitoring, and enforcing compliance with, comprehensive scheme rules that address fraud risks in the system.'

  This is simply not true, and the opposite of reality.
  
  A PSO (Payment Systems Operator) is responsible for the plumbing of payment systems, to ensure that payments flow freely and securely, and unencumbered between payers and payees.
  The PSO is absolutely NOT responsible for the reason for those payments. This is just not its role.
  
  Mixing the responsibility for the payments infrastructure operating well, with the responsibility for stopping fraudsters utilising the payment system is a total non-sequitur.
  
  It is akin to making the doctors who are responsible for safe blood flow in their patients, also responsible for what their patients do with their now healthy bodies.
  It just does not make sense.
  
  
• Paragraph 6.5 of the Consultation states:
  

  'In the long-term, we want Pay.UK to be a PSO that: • specifies the circumstances when a PSP needs to reimburse the victim of a fraud'

  It is not the role of a PSO to be making social decisions about when reimbursement is due and when it is not.
  The PSO are specialists in payment plumbing, not in fraud and social issues.
  
  
• Question 18: Do you have views on our long-term vision, and our rationale for the PSO being the rule-setter responsible for mitigating fraud?
  
  See above and below, that it is totally inappropriate for the PSO to be a rule-setter for mitigating fraud.
  
  The core of the problem is that the PSR itself should not be taking on this role today, even though it is so desperately needed.
  The actual role should be being undertaken by a combination of the FCA and the Police.
  Instead, both of these bodies have ignored the issue and looked the other way, whilst close to billions of pounds of consumer funds are defrauded each year, forcing the PSR into a role it is not best suited for.
  
  The PSR’s role should ideally be simply to organise and operate the payment system in a way that facilitates the identification of fraud.
  So for example, the PSR and Pay.UK should be intimately concerned with how the NPA will be created in a way which will make fraud identifiable – which fields need to be available in payment messages, and what payer/payee information needs to be passed down the payment journey, to make fraud apparent.
  
  But neither the PSR’s role nor Pay.UK’s role should extend beyond this.
  
  We recognise that the PSR has been forced into its current role by the inaction of other bodies, and we are grateful for the PSR taking up the challenge – as it is so desperately needed.
  But the PSR cannot further delegate its responsibilities to bodies like Pay.UK even more unsuited to be taking on this role.
  
  
• Question 19: Do you have comments on the minimum initial set of Faster Payments scheme rules needed to implement our mandatory reimbursement proposals?
  These rules will be disastrous for UK payments, and make effective UK payment cease to operate, as banks require enormous and unwieldly amounts of information from customers to make any payment.
  
  
• Question 20: Do you have views on how we should exercise our powers under FSBRA to implement our requirements?
  Pay.UK is not the appropriate body to be making rules and regulations with social impact – the PSR should be making rules.
  
  As pointed out above, no rules should be made until rules for on-us payments are made. As the PSR cannot make those rules, other bodies will have to make the rules. And since other bodies will be making those rules (such as the FCA), those other bodies should be making all the rules to prevent APP fraud (and the PSR need not duplicate them).
  This is what should be happening, and this is what is desperately needed, given the current tsunami of APP fraud.
  
  
• Question 21: Do you have views on how we propose that allocation criteria and dispute resolution arrangements are developed and implemented?
  
  Pay.UK is dependent on the largest banks for funding, and is heavily influenced by the largest banks.
  Any rules that Pay.UK implements on arbitration rulings between payment firms are highly unlikely to be equitable towards smaller payment firms.
  This is territory that the PSR needs to step into – it is just not equitable to ask Pay.UK to do so, as the larger banks will end up dominating smaller PSPs, and competition will be greatly diminished in the payment sector (against the PSR’s core principles).
  
  
• Question 22: Do you have comments on our preferred short-term implementation approach of requiring Pay.UK to implement an effective compliance monitoring regime, including a reporting requirement on PSPs?
  
  The FCA already collects detailed regular information from payment firms on fraud.
  The PSR should co-operate with the FCA so that the FCA’s data collection should include fraud reimbursement statistics, and this should be passed to the PSR. Pay.UK should under no circumstances be involved in the data collection – it is not their role, and would be a distraction from what Pay.UK is set up to achieve.
  
  
• Question 23: Do you have views on the costs and benefits of Pay.UK implementing a real-time compliance monitoring system and when it could be introduced?
  See previous answer
  
  
• Question 24: Do you have views on the best option for short-term enforcement arrangements?
  
  As already mentioned, no short-term measures can take place without on-us payments being regulated.
  And since on-use payments will require outside bodies to regulate, those outside bodies should also regulate on APP fraud reimbursement (if required beyond current FHC regulation – which is doubtful).
  
  Neither the PSR nor Pay.UK should take any short-term measures without on-us payments being fully regulated.
  
  
• Question 25: Do you have views on the best way to apply the rules on reimbursement to indirect participants?
  
  As explained above, the FCA has already made rules for indirect participants through the FHC, and these are in operation now.
  The PSR should not be making rules on indirect participants, as the existing FHC rules are more than sufficient. They simply need to be publicised.
  
  
• Paragraph 7.41 of the Consultation states:
  

  'The Government has announced its intention to legislate to place a duty on the PSR to require victim reimbursement for APP scams.'

  This is not so. The Government has announced its intention to place a duty on the PSR to require victim reimbursement for APP scams if and only if the PSR feels it necessary.
  Given the FHC already provide more than adequate cover to APP scam victims, the PSR should be concentrating on promulgating knowledge of the FHC to consumers.
  
  
• Question 27: Do you have comments on our cost benefit analysis at Annex 2 or any additional evidence relevant to the analysis?
  
  Yes, the cost benefit analysis is not-fit for purpose and the cost benefit analysis is Wednesbury unreasonable (so subject to legal challenge).
  See below and above for details.
  Our view is that the PSR needs to rerun the cost benefit analysis correctly from scratch, taking into account the points raised.
  
  
• Consultation – Additional Point
  
  The FCA’s existing rules on reimbursement rightly state that a bank or PSP is liable when the bank or PSP was at fault.
  
  A well run, caring PSP cannot face liability if it acted only correctly.
  
  But under the PSR’s proposals, a bank or PSP can face liability for handling a payment even when the bank or PSP acted correctly at every stage.
  
  Please ask yourself if smaller PSPs will continue to operate and offer a payment service to their customer, and earn a few pennies by doing so, if the smaller PSP can face liability of the full payment amount that it correctly and appropriately handles?
  Of course not.
  
  It is not economically viable for a payment firm to make a payment of £800 for a client, if the payment firm may become liable for an £800 reimbursement when the payment firm did everything correctly and nothing wrong.
  
  The bottom line is that if payment firms are made liable for no-fault reimbursement, only the very largest banks will be able to make payments in the UK.
  
  There is also a question whether making the payment firm liable in such circumstances would actually breach the Human Rights Act 1998, and the rights of the PSP and its owners.
  The power that the Financial Services and Markets Bill s.62(2) infers on the PSR is only to act where the PSR believes in its opinion is reasonably necessary. If the PSR acts in an unreasonable manner, then it is acting outside the law, and its proposals are subject to be struck down by legal challenge.
  
  
• Annex 2 – Cost Benefit Analysis - Preamble states:
  

  'Main benefit: Strengthened financial incentives for PSPs to detect and prevent APP scams are likely to lead to improved fraud prevention and result in substantial decline in the overall amount of APP scam fraud that consumers suffer. Current levels of APP scam fraud, at over £500 million in 2021, could fall by between £100 and £150 million per annum, based on our assessment.'

  This is the main benefit that the PSR is relying on.
  But the premise is demonstrable and provably erroneous.
  This fatally and clearly undermines the whole consultation, which relies wholeheartedly on this benefit.
  
  The existing liability of banks and PSPs is from existing protection already mandated and in force by the FHC.
  This already forces both sending and receiving banks to reimburse defrauded consumers whenever the bank did not do enough to prevent the fraud.
  
  By definition, there is no point or purpose in increasing protection beyond this, as it will not assist in making banks do more to prevent fraud – as they are already liable if they did not do this.
  
  The consultation (and the cost benefit analysis is therefore fatally flawed.
  
  
• Annex 2 – Cost Benefit Analysis - Preamble states:
  
  • 'PSPs that currently reimburse their customers for APP scam losses on a voluntary basis would continue to do so
    
  • current low rates of recovery and low shares of reimbursement coming from receiving PSPs would remain low'
    
  But banks and PSPs in nearly all cases today are required to reimburse defrauded consumers under the FHC. That this is not occurring, despite being legally mandated and enforced by the FOS, is purely down to ignorance by consumers. This is easily changed through education and advertising, and the baseline for the cost benefit analysis cannot and should not assume that such ignorance continues, and the low level of reimbursement under the CRM continues.
  
  
• Annex 2 – Cost Benefit Analysis – Paragraph 2.13 – Table 1
  
  This table wildly over inflates the benefits, and underestimates the costs (apart from missing out the close to billion pound cost to banks of reimbursement when the bank could not prevent the fraud), and missed out some of the biggest costs which will result.
  See below.
  
  
• Annex 2 – Cost Benefit Analysis – Paragraph 2.18
  
  There is no way that the PSR’s proposals will lower cost for any bank or PSP, despite what is written here.
  Just the cost from vulnerable consumers being grossly negligent will introduce enormous liability to all banks.
  
  
• Annex 2 – Cost Benefit Analysis – Paragraph 2.25
  
  Most of the savings listed here are likely to be due to the deficient PSPs not yet operating Confirmation of Payee (CoP).
  Because these PSPs are separately mandated by the PSR to offer CoP from next year, the savings listed here in respect of the cost benefit analysis are illusory and will occur as CoP is anyway comprehensively introduced, without any action under these proposals.
  
  
• Annex 2 – Cost Benefit Analysis – Paragraph 2.25 states:
  

  'Second, as set out below, we have considered the risk that mandatory reimbursement could lead to some customers exercising less caution when making payments. Such a potential increase in APP scam losses could offset some of the potential gains from enhanced detection and prevention by PSPs.'

  This may be one of the great understatements of all time.
  Once consumers are made aware (and they will be) that they can buy negligently and certainly receive full reimbursement from their bank, there will be a marked change in consumer behaviour, and consumers will buy negligently relying on the PSR’s protection for reimbursement if their purchase does not work out. The new resulting liability each year to banks and PSPs will be immense.
  
  Ditto for reimbursement after gross negligence by vulnerable consumers.
  
  
• Annex 2 – Cost Benefit Analysis – Paragraph 2.38 states:
  

  'Our proposed policy will also increase trust in the payment system for consumers more generally through an increase in their confidence that they will be able to recover any money lost where they have exercised sufficient caution.'

  Consumers will face significant new barriers to make any payments, and vulnerable customers will face almost insurmountable barriers to make payments.
  This will destroy confidence in the payment system, and greatly harm the payment system.
  
  
• Annex 2 – Cost Benefit Analysis – Paragraph 2.38 states:
  

  'We have not taken the approach of directly balancing the costs of increased reimbursement that PSPs will face against the benefits of increased reimbursement that victims will receive. That approach would simply find a large cost on one side cancelled out by the same scale of benefit on the other.'

  The above statement is understandable.
  What is not logical nor reasonable nor understandable is to include the cost of benefit to consumers and not to include the cost to banks. This is pure fantasy policy making.
  
  
• Annex 2 – Cost Benefit Analysis – Paragraph 2.41
  
  Even PSPs that already reimburse a material share of their customers’ losses currently will face large liability increases.
  This is because consumers who currently act negligently in an APP fraud, whilst their bank did not fail to reasonably prevent the loss, would not currently make a claim for reimbursement. The consumer would know that there would be no point in doing so.
  Under the PSR’s new rules the consumer will make a full claim for reimbursement, as they know they will achieve full reimbursement, so the number of claims to these banks will rise dramatically.
  
  
• Annex 2 – Cost Benefit Analysis – Paragraph 2.53 states:
  

  'there may also be costs to customers and business if PSPs introducing stronger controls also leads to a higher number of payments being queried, delayed or even declined, as set out in Chapter 3, above.'

  This is another understatement of earth-shaking proportions.
  The friction for a consumer to make a payment under the new regime, if the PSR brings in these proposals, will disrupt UK payments and commerce and have devastating repercussions.
  The costs from this new payment friction when compared with payment ease today will be in the hundreds of millions of pounds every year, and should be included in the cost benefit analysis.
  
  
• Annex 2 – Cost Benefit Analysis – Paragraph 2.57 states:
  

  'Moving to a system of mandatory reimbursement could lead to an increase in payments where customers have not exercised sufficient caution, in the knowledge that any losses will be fully reimbursed. As set out in Chapter 4, we are not aware of conclusive evidence that, if consumers are more confident of being reimbursed, they will take less care in ensuring that their payee is not a fraudster'

  This is again an epic understatement.
  See our comment on Paragraph 4.18 of the Consultation above, where we explain that the PSR is being disingenuous in requiring an impossible level of evidence in this instance.
  
  
• Annex 2 – Cost Benefit Analysis – Paragraph 2.62 states:
  

  'As above, we also expect PSPs to continue to treat all prospective customers equally. PSPs should treat current and prospective customers according to their obligations in the Equality Act 2010.'

  The epic understatements keep coming in the cost benefit analysis.
  
  Given that any payment made by a vulnerable consumer can lead to full liability for the bank handling it, even if the consumer is grossly negligent, it is certain that vulnerable customers will face significant barriers to making payments.
  The PSR’s consultation dismisses this possibility, and states that the Equality Act 2010 will prevent significant barriers being introduced. This is clearly fantasy.
  
  
• Annex 2 – Cost Benefit Analysis – Paragraph 2.63
  
  PayPal payments are also a likely vector to be used by criminals switching APP fraud away from Faster Payments, if this occurs.
  
  
• Annex 2 – Cost Benefit Analysis – Additional Issue
  
  It is clear that under the PSR’s proposals, criminals will manufacture false reimbursement claims.
  Either through first hand fraud by the payer – relying on the bank not having enough time or ability to quickly detect the false claim before the PSR requires reimbursement.
  Or through working with vulnerable consumers (willingly or under coercion) to make claims where the vulnerable consumer was grossly negligent – but still entitled to full reimbursement by the bank.
  
  The cost of these newly manufactured false reimbursement claims is certain to be in the hundreds of millions of pounds a year to banks, and it is a very significant cost that is missing from the cost benefit analysis.
  
  
• Annex 3 - Public Sector Equality Assessment – Paragraphs 3.15 & 3.16
  
  See comments above.
  It is crystal clear and obvious that those with protected characteristics will be prevented from easily making payments by the proposals (due to their being at higher risk of being classified as vulnerable, as the PSR points out), and great harm will accrue to these protected characteristic consumers.
  
  In response the PSR states that it will make clear to banks and PSPs not to disadvantage such customers.
  This will have no effect, and is wishful thinking and fantasy by the PSR.
  
  
• Annex 3 - Public Sector Equality Assessment – Paragraphs 3.21 states:
  

  'We also note that current industry initiatives to improve data sharing between PSPs and increased incentives to improve fraud detection and prevention should help to minimise the number of payments stopped unnecessarily.'

  Whilst these initiatives may minimise the number of payments stopped unnecessarily, it is equally likely that the initiatives will not lead to any improvement in this regard.
  The PSR presents no evidence that the initiatives will reduce payments stopped unnecessarily, and the PSR is again guilty of wishful and harmful thinking to push through its proposals.
  
  Given the much, much larger number of payments which will be stopped unnecessarily, given the new huge liabilities to banks for negligent reimbursement by consumers, and grossly negligent reimbursement in the case of vulnerable consumers, it is inevitable that the number of payments that will be stopped unnecessarily will increase very, very significantly.
  

APP Scams in the UK - Know your Rights

PayPal and Bitcoin - Too big to prevent Money Laundering

Our 10 Year Anniversary

PSR - Payment Systems Regulator - and Push Payment Scams

Escrow companies authorised by the FCA must never be unclear or misleading

Transpact.com offers Best Payment API for
Online Marketplaces
Act now before PSD2 starts in Europe on 13th January 2018

Another Glowing Testimonial

"We used Transpact.com recently to acquire valuable assets (£65,000 and £15,000).
Having tried a few of your competitors in the past, there is really no comparison - quite simply, Transpact.com offers a much better service at a far cheaper price.

I was particularly impressed to receive a phone call to double check on a potential issue - you went above and beyond.
We like to think we're pretty good at finding the best deals. These days I tell anyone who will listen to use Transpact.com - it's a no-brainer.
Thanks again."

Ben Tibbits, Deals.co.uk

Welcome to TrustMark - Government Endorsed Standards Body

We've added a fee calculator

Open Letter to BBC MoneyBox

Transpact.com on BBC Radio 4.

UPDATE 6 - Cyber Crime UK - It's so easy !

UPDATE 5 - Cyber Crime UK - It's so easy !

UPDATE 4 - Cyber Crime UK - It's so easy !

European Escrow Organisation letter to FINCEN (USA) -
A Money Launderers' and Terrorists' free-for-all if Escrow Unregulated

21st May 2014
To: FINCEN
From: European Escrow Organisation

Attn: Jamal El-Hindi, Associate Director, Policy Division, FINCEN

Open letter to FINCEN (US Dept. Treasury) and to FATF (Financial Action Task Force) concerning FINCEN’s recent decision not to regulate or control escrow services

Dear FINCEN,

We are the European Escrow organisation, a trade association representing escrow service providers in the EU and Europe.

We are writing to you following FINCEN’s publishing of FIN-2014-R004 and FIN-2014-R005 (both published 29^th April 2014) concerning 'Application of Money Services Business Regulations to a Company that Offers Escrow Services to a Buyer and Seller in a given Internet Sale of Goods or Services' and 'Whether a Company that Offers Secured Transaction Services to a Buyer and Seller in a Given Sale of Goods or Services is a Money Transmitter'.

As escrow providers, we appreciate the constant attempts that money launderers and terrorist financers make to move money illicitly through our escrow services, and we were somewhat shocked to read that FINCEN will allow these US businesses to transmit money with no oversight and with no registration.

In our opinion, the USA is now an ‘open shop’ for money launderers and terrorist financers to money launder and terrorist finance with impunity.

We would like to take this opportunity of explaining our position:

It is universally acknowledged that the transmission of client funds is an open door for both money laundering and terrorist financing.

See for example:
FATF REPORT - Money Laundering and Terrorist Financing Vulnerabilities of Legal Professionals
www.fatf-gafi.org/media/fatf/documents/reports/ML and TF vulnerabilities legal professionals.pdf
or
Lawyers and Money Laundering
www.anti-moneylaundering.org/Lawyers_and_Money_Laundering.aspx
 or
FATF REPORT - Trade Based Money Laundering
www.fatf-gafi.org/media/fatf/documents/reports/Trade%20Based%20Money%20Laundering.pdf

A money launderer is not concerned whether their funds are passed through a solicitor, a money service business, an escrow business or a business running an escrow scheme – the opportunity and the results are the same.

In this paper, we find it convenient to identify five different possible parties involved in the movement of escrow related payments, and these are listed in order of decreasing risk with respect to money laundering and terrorist financing:

               HIGHEST RISK
1) Money Remitters (MR)
These are standard money transmitters, ranging from Western Union to small local money remitters.

2) Escrow Services (ES)
Businesses that only operate financial escrow service to buyers and sellers, payers and payees, and those financial escrow services make up the main part of the firm’s business

3) Businesses operating Disguised Escrow Services (DES)
These are businesses that offer escrow services to buyers and sellers, payers and payees, as a part of their business, but the escrow service is not the sole business. The main business may involve connecting a buyer and a seller, or providing other value added services related to the underlying transaction.

4) Lawyers, Solicitors and Legal Firms (LF)
These are regulated legal firms offering legal services to their customers.

5) Trade related Businesses (TRB)
These are standard businesses involved in trade on their own account
               LOWEST RISK

It is instrumental to understand why the categories have decreasing risk as set out above.
This is explained below

1) Money Remitters (MR)
As the FATF 2010 report on Money Laundering through Money Remittance and Currency Exchange Providers states: ‘Given the range of products and services offered, the variety of distribution channels, the high transfer speed and the fact that they are often cash-intensive businesses, the MR/CE sector may provide significant opportunities for criminals desirous of laundering funds unless appropriate safeguards are in place’.

It is universally recognised that money remittance is a very high risk sector for money laundering and terrorist financing.

This is so even when a money remitter never handles cash, and solely operates money transfers through other financial institutions such as a bank (say, making bank account to bank account bank transfers only).
Even in these cases, money remitters are very heavily regulated and regarded as high risk for money laundering and terrorist financing. This is necessary because even if all money movements to and from the money remitter take place through a bank, the banks have very limited visibility of the money movements and do not have direct contact or knowledge of the ultimate clients. Only the money remitters have close contact with the ultimate clients and knowledge of the underlying parties and reason for the transaction.

Further, if later it proves necessary to examine in retrospect a transaction through a money remitter, a non-regulated remitter will not have kept the necessary records to make retrospective inspection possible. Only by regulating money remitters can the money remitters be forced to keep a clear and readily available record for Government and Police authorities, should retroactive inspection of transactions prove necessary.

The need to regulate money remitters for anti-money laundering and counter-terrorist financing activities is universally accepted in all circumstances.

2) Escrow Services (ES)
Escrow services are conditional money remitters – e.g. money remitters who remit money on a conditional basis.
In an escrow transaction, X pays money to Y by means of an escrow service, and the escrow service remits the money on to Y if some event W occurs.
If event W does not occur (W can be any specified event), then the escrow service pays the money back to X, and there is then no remittance.
We have found that escrow transactions amongst our members take from a few minutes to five years to complete.
One of the largest sectors for escrow payment are domain name and website transfers, and typically in these transactions (which range from many millions of dollars down to just a few dollars) payment is only held in escrow for a matter of minutes – since the transfer of the domain or website only takes minutes to complete and verify. These domain transactions are to all intents and purposes very similar to pure money remittances.
Escrow transactions for payment for cars, artwork, tickets, etc. often take just a few days to complete in escrow, a similar timescale to normal money remittance.
Whereas escrow for construction work can take months or years to complete.

It is important to remember that escrow services do not get involved in any way with the underlying transaction.
Escrow services purely hold and remit payment for a transaction, in the same way a money remitter (Western Union for example) remits money for an underlying transaction without the money remitter becoming involved in the transaction. The escrow service is not liable in any way for what occurs in the underlying transaction, it is only liable to ensure that it remits the payment on to the payee or back to the payer as appropriate. The underlying transaction is purely an indicator as to whether the escrow service should transmit funds to the payee, and is not otherwise linked to the escrow payment.

It is clear that escrow services are pure money remitters, but money remittance only takes place for a certain percentage of transactions. Statistics seem to indicate that more than 80% of escrow transactions in Europe end up with remittance to the receiving party, with substantially less than 20% (maybe significantly less than 5%) of transactions involving a cancelled remittance with payment made back to the original payer.

If escrow services are allowed to operate without AML and CTF regulation, then any money launderer or terrorist financer would simply need to use an Escrow Service rather than a money remitter to remit their funds, utilising some spurious pre-specified condition. As escrow services in the USA are now unregulated, the escrow service will be under no obligation to check that the transaction underlying the payment is real, and the money launderer or terrorist financer can simply invent a contingent condition for the escrow which will always lead to the payment being made.
Money laundering and terrorist financing will switch to using escrow services for remittance, to avoid government regulation and oversight.
Based on our experience in Europe, we cannot stress how strongly we feel that this is an unacceptable situation, and that money laundering and terrorist financing in the USA will as a result proliferate.

3) Businesses operating Disguised Escrow Services (DES)
Some businesses operate escrow schemes for their customers.
For example, an employment website may bring together employers and freelancers looking for work. The website has two main operating functions – i) introduce employers to freelancers and freelancers to employers, and  ii) receive payment from the employer and remit that payment to the freelancer, without ever taking ownership of that payment.

Another example of a business operating a disguised escrow service may, for example, be a holiday home rental website. The website may bring together landlords of holiday properties and holidaymakers seeking a short-term property rental. The website has two main  operating functions – i) introduce the landlords to the holidaymakers, and  ii) receive payment from the holidaymakers and remit that payment on to the landlord, without ever taking ownership of the payment.

Sometimes disguised escrow services are clear that they are operating an escrow scheme – it is likely the freelance employment website above would refer to the service it is operating as an escrow service, although it probably would not consider itself a money service business.

Often, however, disguised escrow services do not refer to the term escrow in any way, even though that is exactly what they are operating.
For example, in the second example above, the holiday website is likely just to refer to receiving payment and passing on payment, without ever using the term escrow. The fact that the term escrow is not used does not in any way detract from the fact that a pure escrow service is being offered, with money received from the holidaymaker, and then remitted by the service to the landlord without ever taking ownership of the payment.

Because disguised escrow services are now completely unregulated, there is no check that the underlying transaction actually exists (there may not really be an employment or there may not really be a holiday home), and money laundering and terrorist financing are trivial through these services.

In fact, it is widely reported that just such USA disguised escrow services were used to fund the terrorist assassination of Mahmoud Al-Mabhouh in Dubai on 19^th January 2010 (see for example www.haaretz.com/news/diplomacy-defense/report-u-s-companies-transferred-funds-to-suspects-in-dubai-hit-1.305096).
Given the above internationally reported example, it is all the more shocking that the USA has now decided to completely unregulate such services, with the publishing of FINCEN’s FIN-2014-R005- ‘A Company that Offers Secured Transaction Services to a Buyer and Seller in a Given Sale of Goods or Services is not a Money Transmitter’ !!!

In reality, disguised escrow services are no different from pure escrow services, and no different from money remitters from a money laundering and terrorist funding perspective.

Disguised escrow services allow the remittance of monies, and require AML and CTF regulation and registration.

4) Lawyers, Solicitors and Legal Firms
Lawyers and legal firms are a significant risk for money laundering and terrorist financing, but they are a lower risk than money remittance businesses, since lawyers are heavily regulated in all countries in which they operate. Since they must meet professional standards, lawyers have a lower risk than both escrow services and disguised escrow services with respect to money laundering and terrorist financing.

Nevertheless, as shown in www.fatf-gafi.org/media/fatf/documents/reports/ML and TF vulnerabilities legal professionals.pdf, wide scope is available to misuse lawyers and legal firms to launder money and finance terrorism.

Therefore, all territories heavily regulate the movement of client funds by lawyers and legal firms.
It is interesting to note that client funds held by businesses and client funds held by lawyers and legal firms are identical with respect to money laundering and terrorist financing.
The scope to launder and terrorist finance by remitting client funds is no less severe for an escrow service or a business, than for a lawyer.
And yet, quite correctly, legal firms are very heavily regulated to prevent money laundering and terrorist financing. All the more so should escrow services and disguised escrow services be regulated and registered.

5) Trade related Businesses (TRB)
Businesses make and receive payment for their day to day trades.
The FATF report www.fatf-gafi.org/media/fatf/documents/reports/Trade Based Money Laundering.pdf demonstrates the manner in which such trade payments can be abused for money laundering and terrorist financing purposes.

However, at all times the money that a trade related businesses use to buy and sell belongs to that business itself.
If a customer were to ask for a payment back from the business (say due to overpayment), then the customer of the business is no more than a general creditor, and cannot be certain of payment.
Likewise, if a supplier asks for payment of monies owed from the business, then the supplier cannot be sure that they will ever be paid, as the supplier is no more than a general creditor.

In this respect, general trade related businesses are different to all of money remitters, escrow services, disguised escrow services and lawyers and legal firms.
In the case of a general trade related business, it owns the money it holds.
In the case of money remitters, escrow services, disguised escrow services and lawyers and legal firms, they do not at any time own the money they hold, and held money is ‘client funds’ and not a debt or a loan or similar.
This is the crucial difference between these categories, and for this reason general trade related businesses fall outside the scope of this paper, and are not relevant to this discussion.

If a money remitter makes payment for a client to a supplier for a piece of machinery, the money remitter still needs to be regulated for AML and CTF reasons, even though the underlying payment relates to a piece of machinery.
This is uncontested, and universally in operation.

If a lawyer receives funds from a client, and then makes payment through its client accounts for a piece of machinery for the client, the lawyer still needs to be regulated for AML and CTF purposes, even though the underlying payment relates to a piece of machinery.
This is uncontested, and universally in operation.

If an escrow service receives funds from a client, and then makes payment for the client to a supplier of the client for a piece of machinery, the escrow service still needs to be regulated for AML and CTF purposes, even though the underlying payment relates to a piece of machinery.

If an disguised escrow service receives funds from a client, and then makes payment (remits the funds) for the client to a supplier of the client for a piece of machinery, the disguised escrow service still needs to be regulated for AML and CTF purposes, even though the underlying payment relates to a piece of machinery.

But if a business makes payment directly to a supplier, then that business does not require special regulation or registration, as it is transacting its own money, and not remitting funds.


Conclusion


Escrow services offered by business, whether by a pure escrow firm or whether by a business as a disguised escrow service, are a significant and dangerous vector for money laundering and terrorist financing, and urgently requires regulation and registration.

In the EU, this vector has been recognised, and escrow services are mandatorily forced to register with AML and CTF regulators, and fall under their harsh regulation.

On the one hand escrow services and disguised escrow services are pure money remitters, albeit on a conditional basis, and at the European Escrow Organisation our members see this every day.

On the other hand, escrow services and disguised escrow services perform exactly the same function as lawyers and legal firms in handling client money. Lawyers and legal firms by their nature are lower risk than escrow services and disguised escrow services.
And yet all lawyers and legal firms are heavily regulated for anti-money laundering and counter-terrorist financing by relevant authorities.

The USA’s decision in FINCEN’s ruling FIN-2014-R004 'Application of Money Services Business Regulations to a Company that Offers Escrow Services to a Buyer and Seller in a given Internet Sale of Goods or Services' ensures that whilst money remitters and lawyers remain regulated, escrow services will not, and any money launderer or terrorist financer wishing to move money illicitly can now use an escrow service to easily achieve what they wish in a fully unregulated and completely unobserved and unrecorded manner.

Further, the USA’s decision in FINCEN’s ruling FIN-2014-R005 Whether a Company that Offers Secured Transaction Services to a Buyer and Seller in a Given Sale of Goods or Services is a Money Transmitter' ensures that whilst money remitters and lawyers remain regulated, disguised escrow services will not, and any money launderer or terrorist financer wishing to move money illicitly can use disguised escrow service to easily achieve what they wish in a fully unregulated and completely unobserved and unrecorded manner.
As commented above, it seems that this is already normal behaviour for terrorist financers in the USA.

As a body that represents escrow firms in Europe, we have no direct link to the USA or to FINCEN.
But for the sake of FATF, and the sake of eliminating money laundering and terrorist financing on a global level, we request that FINCEN looks again at its rulings FIN-2014-R004 and FIN-2014-R005 and if possible immediately reverses them.

Otherwise, we fear that any good progress made in reducing and eliminating money laundering and terrorist financing elsewhere in the world will be more than undone by the free-for-all money laundering and terrorist financing that is now set to take place within the USA.

Please contact us if you require any clarification or extra information.

The European Escrow Organisation

UPDATE 3 - Cyber Crime UK - It's so easy !

UPDATE 2 - Cyber Crime UK - It's so easy !

UPDATE - Cyber Crime UK - It's so easy !

Cyber Crime UK - It's so easy !
Anatomy of a high-return cyber crime

No Chargebacks !
Low Value Pricing (2.9%) Revolutionises Retailing

UKTI (UK Trade & Investment - a UK Government Agency) now endorses use of FCA authorised escrow services:
Article: How to clinch overseas sales (and also get paid)

• an absolute guarantee to your clients that they will receive everything they were promised or their money back – this guarantee offers a hugely valuable marketing advantage to new exporters, allowing them to gain new overseas clients who would not otherwise trial the exporter. Expect your salesman to be demanding use of this tool.
• At the same time, you instantly eliminate bad debt and debt chasing entirely, as by using escrow your are guaranteed to be paid 100% in full by the overseas client automatically every time. So eliminating your risk when selling overseas.

Mike Freer MP, our Local Member of Parliament, Assists

Transpact.com service model copied by Escrow.com.
Imitation is the sincerest form of flattery.

Transpact.com, world's leading domain escrow service ?

Another BBC Apology ?

The world leader in art markets partners with Transpact.com

Payment without delay across the EU

Welcome AutoTrader - Transpact.com's latest website partner

The Metropolitan Police recommend use of FSA Authorised escrow providers

Why we raised our Prices for large payments

MRI machines to Stethoscopes - MedWow.com

FSA Registration offers little or no comfort

More Websites use Transpact.com's API to integrate Escrow services into their websites

1. Boost your website's marketability by ensuring your clients receive all they were promised or their money back ?
2. Ensure your clients are paid for their services and goods they provide, guaranteed ?
3. Integrate with an escrow service using an industry standard web-service API, to enable easy and immediate automation of setting up transactions ?
4. Capture your fees and commissions for every transaction, without having to pay expensive credit card transactional fees ?
5. Not have to worry about credit and debit card chargebacks ?

Fraudster's access to Debit Card Details -
BBC gets it terribly wrong again !

HM Treasury replies Again

HM Treasury replies

Welcome BondPay.co.uk

Government-linked Organisations getting it wrong ?
Bank / Credit Card Details Disclosure

Response from HM Treasury ?

An open letter to the Financial Secretary to the Treasury

Welcome MyArtBroker.com

When should you use Transpact - Section 75 of the CCA

Partner Websites

The Guardian

Exceptional Protection

Tenancy Deposits - Is yours an Assured Shorthold Tenancy ?

Redsky Design - Web Designers Extraordinaire

First Transpact blog