Lord Vaux of Harrowden
Main Page: Lord Vaux of Harrowden (Crossbench - Excepted Hereditary)Department Debates - View all Lord Vaux of Harrowden's debates with the HM Treasury
(1 year, 6 months ago)
Lords ChamberMy Lords, I introduced a number of amendments on the subject of authorised push payments fraud in Committee. At the time I said I was broadly happy with the Minister’s responses but would look to return to the reporting question again, which is what Amendment 94 does. I should say at the outset that I support what the Bill is trying to do in respect of APP fraud to make it easier, and in particular fairer, for victims of APP fraud to get their money back. Before I go any further, I remind the House of my interest as a shareholder of Fidelity National Information Services, Inc., which owns Worldpay.
My new Amendment 94 has two elements to it. First, it would introduce requirements on the PSR to report annually on the impact that the reimbursement requirement had had on consumer protection and on the behaviour of payment service providers. Secondly, it would effectively create a league table to enable consumers to see how each bank is actually performing both in preventing fraud and in reimbursing victims.
On the first point, the annual impact report is necessary because the mandatory reimbursement requirement could have unintended consequences that might damage consumer protection. I shall give a couple of possible examples of that. First, there is the possibility of moral hazard. If the mandatory requirement means that consumers start to take less care about protecting themselves because they will be repaid anyway, that could have the undesirable consequence of actually making it easier for the fraudsters to commit fraud and so actually increase levels of fraud. While, as we discussed in Committee, we must not put the blame on the victims, there is a balance to find in this area to avoid making it easier for the fraudsters while improving consumer protection and outcomes. We will know whether we have found the right balance only when we start to see the results.
A second example might be that the banks change their behaviour in an undesirable way. Rather than improving their fraud detection and prevention processes, they might simply decide that the easiest thing to do would be to stop providing services to people whom they see as being at the highest risks of fraud in order to reduce their potential reimbursement liability. I think many Members of this House have seen similar behaviour in respect of PEPs—politically exposed persons—where, rather than undertaking sensible risk-based steps, banks have on occasion just decided that it is too difficult or expensive to deal with PEPs and have refused to open accounts or have even closed accounts. We will come to that later today, but it is a good example of a well- intentioned risk measure having undesirable consequences. In the case of APP fraud, if the banks see it as too great a financial risk to provide banking services to those deemed to be at a higher risk of fraud, then we might see a whole swathe of more vulnerable people unable to obtain banking services.
These are just two examples, but I hope that they demonstrate the importance of the PSR keeping the impact of the requirement for mandatory reimbursement under regular review and amending it if it turns out to have unintended negative consequences. Reporting on this regularly and publicly will ensure that the impact assessment is robust.
Turning now to the second element of the amendment, the requirement to report annually on the performance of the banks, a major criticism of the current voluntary reimbursement code is that it is completely non-transparent. While numbers are published, they are anonymous. Consumers cannot see which banks are behaving best, and which are behaving worst, unless, as TSB does, they tell us voluntarily. The TSB example is encouraging—it is using its 100% reimbursement policy as a selling point. Introducing competitive good behaviour is highly desirable, and this amendment would help achieve that.
The amendment would effectively create an annual league table that would enable consumers to see which banks have the lowest levels of fraud—which will give an indication of how good they are at detecting and preventing fraud—which banks are better and quicker at reimbursing victims when fraud occurs, and, by including the appeal information, which banks make it more difficult for victims. That would allow consumers to take this information into consideration when deciding whether to stay with their existing bank or when considering opening a new account—something that would otherwise not be possible. That would, I hope, provide a real competitive incentive for banks to change their behaviour both in detecting and preventing fraud and in treating victims promptly and fairly.
This would not introduce a significant additional burden; the PSR will have all this information anyway, so reporting it is not a significant job. However, the benefits to consumers of making this information public are potentially significant.
When we discussed this in Committee on 13 March, the Minister stated in relation to the impact assessment that the PSR
“has committed … to a post-implementation review”
and that the Government would also
“monitor the impacts of the PSR’s action and consider the case for further action where necessary”.
That does not go far enough. Fraudsters keep changing their business models in reaction to actions by industry and the authorities, so it is essential that this is kept under continual review rather than only a one-off, post-implementation review. It is also important that the impact assessments are published. Can the noble Baroness provide any greater comfort in those respects?
On the league table, the noble Baroness said on 13 March that the PSR
“is currently consulting on a measure to require payment service providers to report and publish fraud and reimbursement data”.—[Official Report, 13/3/23; col. GC 166.]
It is now nearly three months later, so can the noble Baroness provide an update on whether this consultation has progressed and whether the data will in fact be published? It would be better if such data was published by a single source such as the PSR rather than piecemeal by payment service providers. I beg to move.
My Lords, I support this amendment and I can be relatively brief. It is important not only to collect the statistics but also at times to dig underneath to see how they might be being gamed. From personal experience, I know of instances where banks are treating microbusinesses more strictly than they are treating consumers, saying that a business should know and therefore rejecting them out of hand at the first time of asking, if I can put it that way. I have heard, in a similar case, stories of someone making contact by telephone repeatedly, their inquiry getting lost and the person having to go through the whole story with a case handler multiple times, the strategy obviously being, “Let’s try and make them give up”. That was with a very large bank; I will not name it because I do not have absolutely all the detail. Therefore it is quite important that different criteria are not being used between sole traders and individuals when it has already been determined via the ombudsman that both have a route.
My Lords, the Government and the Payment Systems Regulator recognise the importance of regular, robust data collection. This is crucial for monitoring the effectiveness of the reimbursement requirement and ensuring that firms are held accountable. I am grateful to the noble Lord, Lord Vaux of Harrowden, for his considered engagement on this issue. I reassure noble Lords that the PSR has committed to half-yearly publication of data on authorised push payment scam rates and on the proportion of victims who are not fully reimbursed.
I can tell my noble friend Lord Naseby that a voluntary system is already in place and the PSR has already begun collecting data from the 14 largest banking and payment groups. The first round of transparency data is due for publication in October this year. The data that the PSR will publish includes the proportion of scam victims who are left out of pocket, fraud rates where the bank has sent customers’ money to a scammer, and fraud rates where the bank has hosted a scammer’s account. That means that, from October this year, the PSR will publish data for total fraud rates, both for sending money and receiving fraudulent funds, and reimbursement rates, on a twice-yearly basis for the 14 largest banking groups. This so-called league table will provide customers with the information they need to consider the relative performance of different banking groups on these metrics, and to factor that into their banking decisions.
Further to this data, once the reimbursement requirement is in place the PSR will use a range of metrics to monitor its effectiveness on an ongoing basis. These include the length of reimbursement investigations, the speed of reimbursements, the value of repatriated funds, the treatment of and reimbursement levels among vulnerable customers, and the number and value of APP scams. Data on appeals will be captured and reported by the Financial Ombudsman Service separately.
More broadly, the PSR will publish a full post-implementation review of the reimbursement requirement introduced by this Bill within two years of implementation. The review will assess the overall impact of the PSR’s measures for improving consumer outcomes. That does not mean it will not also consider the effectiveness of this measure on an ongoing basis. Indeed, more widely, the PSR will consider risks across different payment systems and, where necessary, address them with future action. This includes a commitment to work with the Bank of England to introduce similar reimbursement protections for CHAPS payments, and with the FCA in relation to on-us payments.
The PSR has been working closely with industry to develop effective data collection and reporting processes for its work on fraud. While the Government recognise the intention behind the noble Lord’s amendment, they do not consider it necessary or appropriate to prescribe specific metrics to be collected in primary legislation. I hope that, given the reassurance I have been able to provide today, he would agree with that point.
The noble Lord, Lord Livermore, spoke about the wider impacts of fraud and the duties that go beyond financial services companies or payment system providers in addressing those risks of fraud. That is being looked at through both the Government’s counter-fraud strategy and other Bills. He mentioned the Online Safety Bill. I disagree with his assessment of the measures in there. The measures that we have to tackle fraud in that Bill are a significant step-change in what we expect of companies in this space, and I think they will make a real difference. We are committed to working across all sectors to look at what more we could do in this space once we have implemented those measures and see how effective they are. I hope noble Lords are reassured by our commitments more broadly on this issue, and specifically by the fact that the PSR will be publishing data in this space once we have implemented the measures in the Bill.
My Lords, I thank all those who have taken part in this debate, particularly the Minister for her constructive engagement on this and the reassurance she has just given. In fact, in one area, she has actually gone further than my amendment suggested, as the noble Lord, Lord Naseby, pointed out: the annual report is now to be six-monthly, which is hugely welcome. It is only for the top 14 payment service providers, which will cover the bulk of the market, but that is something that the Government and the PSR might want to keep under review, particularly as different players come in and out of the market. I thank her very much for her reassurances.
I will make one comment more generally, echoing some of the comments made by the noble Lord, Lord Livermore. It is not only the banks that are players within the fraud chain, it is all those other parties that enable or facilitate fraud, from the tech companies to social media companies, the web-hosting companies, the telecom companies, et cetera. This measure puts all of the liability on to the banks. While it is a simple solution for victims—and that is to be commended—we need to find some way of incentivising all those other players in the fraud chain to behave properly and to stamp down on their services being used by fraudsters. I am hoping that we will see progress on that in the Online Safety Bill, and also in the failure to prevent fraud clauses in the economic crime Bill that is coming forward. With that, I beg leave to withdraw my amendment.