The Contingent Reimbursement Model Code for APP scams, effective 28 May 2019

United Kingdom

Readers will recall that The Authorised Push Payment (“APP”) Scams Steering Group has agreed a Contingent Reimbursement Model Code for APP scams (“Code”) which aims to protect customers and reduce the occurrence of APP fraud. For background on the Code please refer to our previous Law Nows on this topic, here and here.

The Code is voluntary and it is now a matter of a few short weeks until it will become effective. The members of the Steering Group - which includes Barclays, Lloyds Banking Group, and the Royal Bank of Scotland, amongst others – will abide by the Code and encourage other financial service providers to sign up to it. Customers will be protected from 28 May 2019.

APP fraud

APP fraud occurs when:

  • a customer authorises a payment from their account held with their bank or building society (also known as a Payment Service Provider (“PSP”)) to another account for what they believe is a legitimate purpose, but it is actually a scam; or
  • a customer believes they are paying a legitimate payee, but they are redirected to a fraudulent third party.

For these purposes (and broadly speaking) a customer is an individual (acting for purposes other than trade, business or profession), a micro-enterprise or a small charity.

Level of care

Prior to the implementation of the Code, it was thought that PSPs would only provide compensation if it could be proved that they had failed to protect their customer. However, as part of the Code, PSPs have agreed that in cases where both they and the customer in a transaction have met their expected level of care (so neither party is to blame), the customer will be refunded.

PSPs will not be required to reimburse customers who have been grossly negligent or reckless. However, the Financial Ombudsman Service has indicated that ‘gross negligence’ is a very high bar for a business to meet, and have said that they interpret “‘gross negligence’ to be a higher standard than the standard of negligence under common law. The customer needs to have shown a very significant degree of carelessness.”

The Code requires special consideration to be given to customers who are considered ‘vulnerable’ at the time of the APP scam, but despite this there is concern that ‘vulnerable’ victims will not be adequately protected under the Code because the term is not clearly defined.

It is worth noting that last month TSB made a pledge to cover anyone who becomes a victim of fraud up to a maximum of £1m. TSB’s head of fraud has also provided assurance that this will even apply to customers who have been grossly negligent. There is now pressure on other PSPs to follow TSB’s lead.

Funding of the Code

The PSPs who have signed up to the Code are working together to introduce a long-term funding mechanism for January 2020. In the meantime, a number of PSPs have committed to fund an initial contribution from the time the Code becomes effective, at the end of May, until 31 December 2019, so that customers in the ‘no blame’ scenario can be reimbursed before the introduction of the long-term funding mechanism.

A number of PSPs have commented over the last couple of months about the potential repercussions that the Code may have. HSBC warned that a “reimbursement environment” may result in customers being less vigilant, and Barclays were concerned that customers may see very little benefit in protecting themselves online now that PSPs will be held responsible for the actions of customers and criminals.

Potential steps that PSPs may take to manage their exposure under the Code are as follows:

  • Extra Levy fee

To fund the compensation scheme, Lloyds Bank has said it may need to charge an extra levy fee to customers making large transfers.

  • Effects on Genuine Transactions

Barclays Bank has said that to ensure the legitimacy of transactions, and not be held liable for misdirected payments, it may need to slow down and/or block transactions. Extra security measures may also be needed to ensure guaranteed compensation will not lead to increased events of fraud.

  • Impacts on Vulnerable customers.

Nationwide Building Society may not allow customers it identifies as ‘vulnerable to fraud’ from accessing certain banking services, as they present too great a risk of loss.


Please contact the authors if you would like to discuss any aspect of this matter.