Lord Vaux of Harrowden
Main Page: Lord Vaux of Harrowden (Crossbench - Excepted Hereditary)Department Debates - View all Lord Vaux of Harrowden's debates with the Home Office
Crime and Policing Bill
Lord Vaux of Harrowden ExcerptsWednesday 7th January 2026
(2 days, 18 hours ago)
Lords ChamberRead Full debate Crime and Policing Bill 2024-26 View all Crime and Policing Bill 2024-26 Debates Read Hansard Text Watch Debate Read Debate Ministerial Extracts Amendment Paper: HL Bill 111(Corrected)-VIII(a) Amendment for Committee (Supplementary to the Eighth Marshalled List) - (6 Jan 2026)
Lord Vaux of Harrowden
“Technology and telecommunications companies’ liability for APP fraud reimbursementWithin six months of the day on which this Act is passed, the Secretary of State must prepare and publish a report, and lay it before Parliament, setting out proposals for ensuring that technology and telecommunications companies—(a) owe a duty of care to their customers to prevent fraud being originated on platforms or services that they provide, and(b) contribute to the costs of reimbursing victims of Authorised Push Payment fraud, where such fraud has originated on services or platforms provided by the relevant company.”Member’s explanatory statement
This amendment would require the Secretary of State to bring forward proposals to ensure that technology and telecommunications companies have a duty of care to prevent fraud and meet a share of the costs of reimbursing APP fraud victims.
Lord Vaux of Harrowden (CB)
My Lords, we come back to fraud. As the Minister will be well aware, this is not the first time I have raised the issue of ensuring that the technology and telecoms companies take their share of responsibility for the use of their services or platforms by fraudsters and are made to contribute to the costs of reimbursing victims. I thank the noble Baroness, Lady Morgan of Cotes, and the noble Lords, Lord Young of Cookham and Lord Holmes of Richmond, for their support on this amendment.
On a previous group I mentioned the Fraud Act 2006 and Digital Fraud Committee, on which I was privileged to sit. Our report, Fighting Fraud: Breaking the Chain, which was published in November 2022, made the very clear conclusion:
“Until all fraud-enabling industries fear significant financial, legal and reputational risk for their failure to prevent fraud, they will not act”.
That has been borne out over the three years since. There has been no significant improvement, despite the voluntary charters that have been agreed. Only the banks are on the hook for the costs of fraud under the mandatory APP reimbursement rules that were brought in by the Financial Services and Markets Act 2023. The banks must now pick up 100% of the reimbursement liability, and there is evidence to suggest that this is having a positive impact on the efforts that the banks are making to identify and prevent fraud.
Similarly, the Payment Systems Regulator’s six-monthly reports on the performance of the banks has provided welcome transparency as to which banks and payment services are doing most, and least, to combat fraud. As an aside, it would be good to have confirmation from the Minister that the subsuming of the PSR into the FCA will not reduce the important reporting and oversight of APP fraud that the PSR has been providing.
The banks are picking up the liability, but they are not where the fraud originates. According to UK Finance statistics, around 70% by volume and 30% by value arises from online platforms, and 16% by volume and 36% by value arises from telecoms—calls and texts. Let us name names. According to the PSR, over half of APP scams originate on Meta platforms—Facebook and so on.
Nothing has changed that would change the conclusion of the committee that these industries will not take the issue seriously until they face liability for what they allow to happen on their platforms or services. The banks have sharpened up their acts, in part because of the mandatory reimbursement requirement that we have imposed on them. The banks face real liabilities for the fraud that goes through their accounts.
The Online Safety Act includes some important measures to prevent fraudulent content and scam advertising, but it does not make the companies liable for the losses. We have mandated that the banks should reimburse victims of APP scams after we decided that the voluntary code was not working, and it is now time that those who enable the frauds should pick up their share on a compulsory, not voluntary, basis. There are many possible ways to achieve this, so I have not been prescriptive in the amendment. It could be as simple as bringing the telcos and tech companies into the reimbursement requirements, or we could look at extending the new failure to prevent fraud offence so that it covers the use by third parties of services provided by a company. The failure to prevent offence currently covers only actions by employees or associates, so it would not cover scams in this situation.
Amendment 67 would simply require the Government to bring forward proposals for how to do this within six months of this Bill passing. It is not enough to keep publishing more fraud strategies. The one that is due to be published shortly, which I am sure the Minister will refer to, will be the third fraud strategy since I have been a Member of this House. The Minister said earlier that the fraud strategy would be published soon—I think he said, “in very short order”. I know that he cannot give a date, but it would be helpful to know whether that will be before Report. The content of the strategy might make this amendment unnecessary, so it would be very helpful if we could see it before Report.
Fraud and scam figures are not falling; they still make up around 40% of all crime in the UK. It really is time that we make those who allow their services to be used by the fraudsters, and those who enable the fraud, liable for their actions—or, rather, lack of action. It is the only way to make them take the issue seriously. I beg to move.
Baroness Doocey (LD)
We are very happy on these Benches to support this amendment. We all know the grim scale of fraud, now our most common crime. Authorised push payment scams are driven by online platforms, adverts on social media fuelling shopping and investment frauds, and hacked accounts enabling ticket scams. Yet, as has been said by the noble Lord, Lord Vaux, platforms such as Meta, which owns Facebook and Instagram, can still take six weeks to remove illegal content, allowing scammers to resurface again and again—so-called “life-boating”.
This amendment is designed to cut through that inertia. It would provide a clear statutory duty of care on tech and telecom firms to prevent scams at source, using their own AI and tools. It would also require them to share the financial burden with payment providers, which must already imburse many victims of authorised push payment fraud. That seems a fair step, given that the platforms host most of the scams and profit from the engagement that keeps users scrolling. Weak voluntary charters, non-binding Ofcom guidance and even the Online Safety Act’s proportionate measures have let these firms do the bare minimum—reacting to reports rather than proactively detecting fraud through verification, AI-driven scans and systematic audits. Big tech has unparalleled know-how—the AI, software and manpower to spot fraudster patterns and take them down. Banks cannot fight this alone and nor can the police. This amendment would compel these companies to protect their users, stopping scams upstream.
We hope that the Government’s fraud strategy follows the example of this amendment and goes even further with a failure to prevent fraud offence, backed by strong fines and tougher binding Ofcom standards. Meanwhile, Amendment 367 would provide some timely backbone, giving tech and telecom firms a real incentive to act swiftly before yet more victims lose potentially everything.
Lord in Waiting/Government Whip (Lord Katz) (Lab)
My Lords, this Government are deeply concerned by the devastating impact online fraud can have on individual victims, both financially and emotionally. I am grateful to the noble Lord, Lord Vaux of Harrowden, for tabling this amendment, to the noble Lord, Lord Young, and to the noble Baroness, Lady Doocey, for helping us to understand and acknowledge the importance of this issue. The Government recognise the importance of preserving trust in digital communications and online spaces in order that all our hard-working businesses operating in the UK can grow and prosper. We recognise that incentives are important for accountability for all stakeholders.
The Government have seen a significant contribution from the banking sector in preventing fraud and supporting victims in response to the Payment Systems Regulator’s new authorised push payment scams reimbursement requirement. In the first nine months of the APP reimbursement scheme, 88% of eligible losses were reimbursed, with £112 million returned to victims. These figures reflect a strong and sustained commitment to protecting consumers—a positive trajectory that deserves recognition. While we are on the PSR scheme, the noble Lord, Lord Vaux, asked about the transition of PSR into the FCA. It is worth noting that we consulted on that planned merger of PSR into the FCA in September and October last year. We are currently considering the responses to that consultation and will bring forward further proposals in due course. He would expect me to say that we want to manage this process in a way that very much does not undermine the work that the Payment Systems Regulator is already doing to ensure that this system works well.
However, every part of an ecosystem must play a meaningful role in fraud prevention, including the telecommunications and tech sector. The Government have already taken steps to ensure that the tech and telecommunications sectors are rightly incentivised to proactively tackle fraud on their networks. The Online Safety Act requires in-scope companies to take proactive steps to stop fraudulent content appearing on the platform and to remove fraudulent material quickly when they become aware of it. If they do not, they risk facing the full regulatory costs of failing to comply, which can extend to 10% of their global revenue.
Ofcom’s duties on user-generated content are now in force in relation to several online harms, including fraud, and the regulator is already assessing platforms’ compliance. Further duties concerning action against fraudulent advertising will be consulted on this year and are likely to come into effect in 2027.
The telecoms sector is subject to regulation that requires providers to block calls that appear to be from scammers and to prevent scammers from using telephone numbers. It is fair to point out that there has been a fair amount of success already in that effort. Voluntary action has proved effective, and under the first telecoms charter operators have introduced firewalls that have stopped more than 1 billion scam text messages since January 2022, so that indicates the scale of both the problem and the progress that has been made.
We are also working with the sector and Ofcom on a number of innovative further actions to tackle the criminal abuse of telecoms networks. The Government launched the second Telecoms Fraud Charter in November 2025. This is an ambitious charter that covers 50 actions the telecoms industry will implement to tackle fraud within the sector. It includes developing new AI systems to detect and prevent fraud, building a new call-tracing system to track down fraudulent communications and upgrading the UK’s networks to enable new features to protect customers from spoof calls. This is a voluntary commitment from the telecoms sector that aims to strengthen efforts to further identify, block and disrupt telecoms fraud through enhanced industry collaboration and robust duty of care towards UK consumers and smaller telecoms businesses that have themselves been victims of fraud. The previous Telecoms Fraud Charter helped UK mobile network operators to block over 1 billion scam messages through the implementation of firewalls. We want to go further than that, which is what the new telecoms charter seeks to achieve.
In addition, Ofcom launched a consultation in October, outlining new rules on how mobile providers must stop scammers sending mobile messages. These proposals draw on existing best practice in the mobile sector and are intended to both prevent scammers accessing mobile messaging services and stop their activities where they have gained access. Last July, Ofcom also published a consultation on new rules to stop scammers outside the UK reaching people and businesses with calls that imitate UK mobile numbers, and these are likely to be introduced this year. We expect these measures to address gaps in the industry’s existing counterscam measures, and to significantly reduce the risk of individuals and businesses receiving scam messages.
Furthermore, in the upcoming fraud strategy, which we discussed earlier in Committee, and which was mentioned by the noble Lord, Lord Vaux, the Government will explore options to make it harder for criminals to exploit UK telecoms networks to commit fraud. The noble Lord tempted me to stray off the primrose path of prudence when it comes to timing; I am afraid I cannot do any better than repeat what my noble friend the Minister said: it will be coming in due course. Obviously, we have some time left even in Committee, let alone further stages of this Bill, so I am afraid I can make no commitments there.
The Government will continue monitoring developments in this area to ensure the telecommunications and tech industries remain accountable for delivering on their commitments to tackle fraud and the criminal abuse of their services, in line with the plan we will set out in our soon-to-be-published fraud strategy. However, where insufficient progress is being made in reducing abuse of telecoms networks or tech platforms for the purposes of fraud, the Government, and regulators, will not hesitate to take necessary measures to compel further action. I am on common ground with the noble Lord, Lord Davies, who critiqued the amendment, describing the concern it shows for the intermediary nature of the liability some telecoms platforms would be under. It is a fact that a tech sector reimbursement scheme would undermine the UK’s long-standing intermediary liability regime, which means that platforms are not liable for illegal content posted by users provided they are unaware of the unlawful activity, and which underpins the interactive internet and is a cornerstone of digital innovation. I share his concern that a departure from intermediary liability would leave the UK out of sync with our international partners and potentially threaten growth of the UK’s digital economy.
Therefore, in view of the clear plan we are putting in place to tackle fraud, it is the Government’s assessment that the measures set out in this amendment are not necessary at this time, and I invite the noble Lord to withdraw his amendment.
Lord Vaux of Harrowden (CB)
My Lords, I thank every noble Lord who has taken part in this short debate, in particular the noble Baroness, Lady Doocey, and the noble Lord, Lord Young, who both pointed out the question of incentivisation, which is core to this. We need to incentivise the people who are facilitating or enabling fraud, or enabling the fraudsters to make contact with the victims, to do the right thing.