Fixing APP Fraud Redress in the UK: A Blueprint for Policymakers

Every day, thousands of people in the UK are tricked into transferring money to fraudsters posing as banks, lawyers, tradespeople, or even loved ones. These scams, known as Authorised Push Payment (APP) fraud, are now among the most common and damaging financial crimes.

APP fraud redress policies, remain patchy, inconsistent, and fundamentally unfit for purpose, and it is telling that while banks and regulators often claim progress, many victims still find themselves facing not just the loss of their life savings but the additional trauma of being blamed for their own misfortune.

The Status Quo: A Failing System

In theory, APP fraud should be treated with urgency as victims are deceived into making payments under false pretences which is exactly the kind of consumer harm that financial regulation exists to prevent. However, in practice, the protections fall woefully short.

The Contingent Reimbursement Model (CRM) Code, introduced in 2019 as a voluntary framework, was intended to ensure fair and consistent outcomes for victims of APP fraud. But, it has largely failed to deliver on that promise.

This failure appears to stem in part from the inconsistent adoption and application of the Code which some banks apply relatively strictly, while others interpret its provisions loosely and many institutions have opted out entirely.

Even among participating banks, victims are frequently denied reimbursement on the grounds that they failed to exercise “reasonable care” a standard that remains vague and is applied inconsistently, including by the Financial Ombudsman Service (FOS).

Although the FOS offers a mechanism for consumers to challenge banks’ decisions, its determinations are often seen as opaque, irrational and inconsistent, and, by many complainants, biased in favour of financial institutions.

Notably, these decisions do not carry binding legal authority in a way that could shape consistent industry-wide practices. Moreover, the FOS has come under criticism for failing to amend or annotate its published decisions even when subsequent settlements are reached or court rulings contradict the original outcome undermining its credibility as an effective regulator.

New Laws, Same Gaps?

The Financial Services and Markets Act 2023 promises a new reimbursement obligation for APP fraud under the Faster Payments system. But this is not yet in force and applies only to one payment channel. As sophisticated frauds regularly exploit other systems, including CHAPS and SWIFT, this means that many victims will still be left out in the cold.

Furthermore, key challenges remain unanswered. Who decides if a customer was negligent? What duties do receive banks have when fraudsters open mule accounts? And how can victims enforce rights when banks disagree with the FOS or reject a claim outright?

Seven Reforms Policymakers Should Prioritise

If Parliament and regulators are serious about tackling APP fraud and restoring public confidence, piecemeal reforms won't cut it. A comprehensive, legally grounded response is urgently needed and as such, the following measures would go a long way:

1. Put the CRM Code on a Statutory Footing

The CRM Code, or its successor, should become legally binding on all payment service providers. This would eliminate the current patchwork of voluntary compliance and ensure all consumers are covered equally.

2. Reverse the Burden of Proof

The law should presume that victims are entitled to a refund unless the bank can prove gross negligence or deliberate wrongdoing. This shifts the risk back to where it belongs, on institutions better equipped to manage it.

3. Codify a Positive Duty of Care

Courts have been hesitant to impose robust duties on banks in APP fraud cases. A statutory duty of care, requiring banks to act on red flags and intervene where fraud is suspected, would make prevention more than just a best practice.

4. Enhance Oversight of the Financial Ombudsman

The FOS plays a critical role but must be more transparent and effective. Decisions should be subject to formal appeals process where legal errors or inconsistencies arise as victims deserve clarity and accountability. Importantly, its published decisions should be amended when a court finds otherwise or the parties settle.

5. Require Industry-Wide Scam Intelligence Sharing

Banks often have information that, if shared in real time, could prevent fraud across the sector and accordingly, mandatory data sharing, including flagged accounts, typologies, and fraud indicators, must become standard.

6. Cover All Payment Channels

Limiting redress to Faster Payments is a major flaw as APP fraud occurs across multiple platforms, and the law should reflect that. Redress mechanisms must apply to CHAPS, BACS, SWIFT, and other high-value transfer systems.

7. Allow Claims Against Receiving Banks

Victims should have a right of recourse not only against their own bank but also against the bank that received the fraudulent funds, especially if they failed to carry out proper due diligence. This measure should incentivise stronger monitoring of new accounts.

Toward a Culture of Protection

APP fraud is not going away. It is evolving, and the current regulatory framework is not keeping up. For consumers to trust digital payments, they must know that the system will protect them when things go wrong, not retraumatise them by questioning their judgment or denying justice.

As such, the debate is no longer about whether banks should pay. It is about creating clear, fair, and enforceable rules that ensure they do, unless a truly compelling reason exists not to. That is the hallmark of a mature and responsible financial system.

Policymakers now have an opportunity to lead. But half-measures will only prolong the crisis and the time for meaningful reform is now.
________________
This article is for informational purposes only and does not constitute legal advice.

ABOUT THE AUTHOR: Dr Andre Alexander, Barrister, Solicitor
Dr. A Alexander practises internationally in the financial regulations field. He has experience in international litigation and consumer protection policy. He is managing partner of ABS&P International Law Firm.

Copyright ABS&P International Law Firm

Disclaimer: Every effort has been made to ensure the accuracy of this publication at the time it was written. It is not intended to provide legal advice or suggest a guaranteed outcome as individual situations will differ and the law may have changed since publication. Readers considering legal action should consult with an experienced lawyer to understand current laws and.how they may affect a case. For specific technical or legal advice on the information provided and related topics, please contact the author.