Written evidence submitted by the Financial Conduct Authority

                                                                     

RE: Consumers and Economic Crime

The Financial Conduct Authority (FCA) welcomes the opportunity to give evidence to the Committee’s 2020 Economic Crime inquiry.

Our contribution to written evidence regarding the UK’s anti-money laundering and sanctions regime supplements HM Treasury’s submission. We describe below our remit and work in relation to economic crime. The attached appendix provides progress reports on relevant recommendations made in the Committee’s 2019 Economic Crime inquiry report.

The FCA’s approach to fraud

1.1             As the financial services and markets conduct regulator, as well as the money laundering supervisor for the financial sector, we have a keen interest in reducing frauds, especially those that may be facilitated by firms we regulate, use the appearance of FCA authorisation to deceive victims into believing they are authorised or where the fraud is closely linked to, or affects, a regulated activity, such as carrying out regulated activity without our permission or, in the most serious cases, undermines confidence in the UK financial system. This is a broad jurisdiction that encompasses many financial frauds but it does not cover all economic crime.
 

1.2             Our approach recognises that not all frauds can be stopped before they happen, we are not able to restore all victims to the position they were in beforehand and most frauds and scams operate outside the FCA’s formal regulatory jurisdiction. This is why our approach recognises that reducing the incidence of fraud means not only the pursuit of fraudsters and the imposition of penalties and sanctions, but also considerable efforts on prevention: by requiring regulated firms to maintain high standards of conduct and diligence to ensure they do not facilitate fraud (either by permitting their systems to be used by fraudsters, by laundering proceeds of crime or otherwise) and by providing consumers with information about how to identify fraudsters through our successful Scamsmart campaigns i.e. fostering knowledgeable, sceptical consumers who are less likely to fall victim to frauds (as to which, see below).
 

1.3             As important as prevention is, we devote significant resources into the pursuit of fraudsters, especially those who operate on the perimeter of our jurisdiction, either conducting regulated activities without our permission (which often involves fraud) or those who make unrealistic ‘too good to be true’ promises to consumers. We also maintain a robust approach to market abuse which the courts view as a species of fraud.
 

1.4             We pursue regulated or passported firms who commit misconduct, including fraud, and regulated firms who may facilitate financial crime, such as those with poor anti-money laundering systems and controls; those who pretend to be regulated by the FCA (inducing victims on that basis); those who carry on regulated activities without our permission and those who use false or misleading statements to induce investors to invest in regulated investments. We have a broad range of powers which we use including financial penalties, the suspension and prohibition of firms and individuals, injunctions and civil and criminal powers. We have conducted many major criminal prosecutions in which significant jail terms have been imposed and where we have also secured compensation for victims. We have a healthy pipeline of cases under preparation now.
 

1.5             Given the incidence of fraud in the community goes far beyond the formal reach of our jurisdiction, we also work closely with other agencies. The FCA is a member of the National Economic Crime Centre (NECC), which has a broad coordinating role across UK agencies. We have provided resources to the NECC through a secondment programme and work closely with fellow members, the National Crime Agency (NCA), Serious Fraud Office (SFO), City of London Police and HM Revenue and Customs (HMRC). The problem of fraud, especially volume fraud, is a complex one, spanning responsibilities across UK law enforcement, which is why the FCA is a keen supporter of the NECC.

 

Preventing fraud

2.1             We protect consumers through a broad range of consumer education initiatives designed to prevent consumers from being susceptible to scams. We do this by actively warning them about both specific scams and the general risks of falling victim to scams and frauds.
 

2.2             In the UK, a firm must be authorised and regulated by the FCA to do most financial services activities. Consumers who use an unauthorised firm cannot access the Financial Ombudsman Service or Financial Services Compensation Scheme so they are unlikely to get their money back if things go wrong.
 

2.3             We use our Warning List to publish details of unregulated entities which appear to us to be carrying on an FCA-regulated activity without the requisite FCA authorisation or permission. We do this to warn consumers and third parties, such as banks, financial advisers, and tech companies which may be facilitating these entities’ online activities, not to deal with them. Publishing warnings on our Warning List also allows us to prevent consumer harm swiftly, in circumstances where our prospects for taking successful enforcement action may be limited. For example, where the entity is based overseas and has no assets in the UK, and we are unable to identify the people behind it. This year, we have posted 79% more warnings than last year.
 

2.4             We also run ScamSmart. ScamSmart is a broad, multi-year campaign to educate consumers about how to avoid becoming a victim of investment and pension scams. It provides basic information and tips and is supported by professional research that identifies particularly vulnerable groups or behaviours that fraudsters tend to exploit. Our campaign uses television, radio and press to market our messages and Scamsmart has its own pages on our website with access to all our data as well as our Warning List of firms which we advise consumers to avoid. We regularly update our ScamSmart website and have launched 9 multi-media campaigns over the last 5 years in relation to investment scams focussing on retirees, pension transfers and other sources of harm for vulnerable groups. During 2019, over 200,000 people visited the ScamSmart website, a 28% increase on 2018.


 

Technology Service Providers and Online Harm

3.1             Online platforms, such as search engines and social media platforms, are playing an increasingly significant role in putting consumers at risk of harm, by exposing them to adverts for financial products, ranging from scams and promotions of high-risk investments to false or misleading adverts (which can fall within or outside our jurisdiction). 
 

3.2             We liaise with social media platforms and channels where many of the firms on our Warning List market their activities. We do not have the power to compel social media platforms to disable relevant accounts. Nor does any other agency. We need to negotiate and persuade them to cooperate with us. We pay Google to flag warnings to consumers searching for investment opportunities through Google’s search engine.
 

3.3             To effectively reduce the harm, we think that it is important that online platform operators, such as Google, bear clear legal liability for the financial promotions they pass on – at least to the same extent as traditional publishers of financial promotions.
 

3.4             It is evident to us that investment fraud through online advertising and marketing via social media has increased. There are few barriers for online scams given social media is largely unregulated or excluded from regulation. This means fraudsters have unprecedentedly cheap access to an online population of consumers who find it difficult to differentiate the genuine offer from the fraudulent.

 

Authorised push payment fraud

 

4.1             We have been involved in a number of recent reforms to tackle Authorised Push Payment (APP) frauds. This is where customers are tricked into making a payment to an account that they believe belongs to a legitimate payee but is in fact controlled by a fraudster. This work includes:
 

 

 

 

 

4.2             More generally, our rules require the firms we regulate to treat their customers fairly and to exercise particular care towards vulnerable consumers. In July 2019, we issued a first consultation on draft guidance on the fair treatment of vulnerable customers, including consumers whose circumstances mean they are especially vulnerable to scams. While we have had to delay publication of the detailed final Guidance Consultation due to the pandemic, we continue to emphasise to firms how important it is that they protect their most vulnerable customers in this challenging time.

 

The pandemic

5.1             We have been responding to the risks of fraud emerging out of the pandemic in collaboration with the NECC. We have also been working with other law enforcement partners, sharing information on Covid-19 related financial crime, and on emerging risks. The NECC has coordinated and published centralised advice on behalf of its members, warning the public of potential Covid-19 linked scams. The NECC is running Project OTELLO, a campaign targeting fraudsters responsible for duping members of the public and businesses out of billions of pounds. The campaign is being led by the City of London Police and the FCA is supporting it.
 

5.2             We have been encouraging firms to give clear information to vulnerable customers, who rely heavily on in-person payments and may be self-isolating, about how they can make payments through trusted people.
 

5.3             Losses from unauthorised card transactions appear to have fallen during the pandemic compared to the same period last year. But this maybe because the opportunities for this kind of scam have reduced during lockdown.
 

5.4             We suspect that criminals have been stockpiling cash during the pandemic, and that some will attempt to invest it in legitimate distressed businesses, when opportunities arise. This includes organised attempts to gain control of otherwise legitimate businesses for the purposes of making fraudulent applications for loans under the UK Coronavirus Business Interruption Loan Scheme and the new Bounce Back Loan Scheme. We expect firms making loans under these schemes to manage these risks, including by carrying out appropriate customer due diligence and reacting to relevant flags and alerts, such as applications by new business accounts.
 

5.5             By 16 November, we had received 51 scam reports since 1 February directly referencing the coronavirus. 29 of these appear to relate to regulated financial services. This is a low number relative to the total number of scams reports we receive. We suspect that this is because fraudsters are exploiting the public’s fears arising out of the pandemic, such as economic downturn, low interest rates and low rates of return, in their communications without referencing the pandemic directly.
 

5.6             More broadly, we have observed the following trends over the past 12 to 18 months:

Unauthorised lead generation and comparison websites, promoting a variety of products, typically with promises of high, guaranteed or fixed, returns. These websites are designed to entice consumers into leaving their contact details, so that scammers can then contact them directly. Often, consumers have their guard down when the scammer contacts them, making them more vulnerable to the pressure selling tactics scammers commonly use. 
 

Forex: an increasing number of scams on social media, targeting younger consumers, usually promising quick wins through trading based activity. They often use celebrity endorsements with videos and recommendations on Twitter.

 

Clone firms, where fraudsters claim to be legitimate firms authorised by the FCA.  This form of scam presents an increased risk of consumer harm and potentially also harms the reputation of the legitimate authorised firms who are cloned.  


I hope this is helpful. I would of course be happy to discuss the above further with you.

November 2020






 

Appendix

Recommendations from the Committee’s 2019 Economic Crime report

The Committee’s 2019 Economic Crime inquiry report made recommendations in relation to the FCA concerning:

Below are progress reports for these recommendations.

Data on economic crime

In order to ensure a clear picture of the scale and types of economic crime facing consumers, the FCA should publish data on economic crime within six months. It should evolve its data collection practices to ensure they allow for emerging trends, while still enabling year-on-year comparisons (Paragraph 15)

In our 2020 Sector Views publication[2], we published our annual analysis of the way the financial environment is changing and the impact of these changes on consumers and market effectiveness.

It included aggregated data for authorised push payment fraud and unauthorised payment fraud, with year-on-year comparisons. It also provided commentary on changing trends, the causes and scale of fraud, and the way in which fraud is being combatted through technology such as strong customer authentication and data analytics for payment transactions.

Freezing accounts

The FCA should work with financial institutions to ensure consistency across the sector. We recommend that the FCA uses its powers to set a timeframe in which an account must be frozen when evidence has been received by a bank that it is receiving money fraudulently (Paragraph 28)

We recommend that the FCA should set a challenging timeframe in which an account must be frozen when evidence has been received by a bank that it is receiving money fraudulently. We understand the argument made by the FCA that a timeframe may encourage financial firms to work towards the prescribed timeframe, rather than as quickly as possible, but without a deadline, some accounts are remaining open for weeks allowing further fraud to occur unnecessarily. (Paragraph 58)

We agree that there needs to be consistency across the sector. To resolve inconsistencies as to when firms submit suspicious activity reports to the National Crime Agency, the Law Commission consulted last year on whether guidance ought to be issued on Part 7 of the Proceeds of Crime Act 2002 (POCA), including on what constitutes suspicion.

Among other things, in the response to that consultation, the Law Commission recommended a single, definitive statutory source of guidance on the money laundering regime in Part 7 of the POCA, and an amendment to POCA to impose an obligation on the “Secretary of State” (Home Office) to issue guidance covering the operation of Part 7 of POCA and the threshold for suspicion. We await the Government’s interim response to the Law Commission’s report.

If we identify firms acting differently from the rest of the sector, we will seek to understand more about their approach through supervisory activity.

24-hour delay on first-time payments

We recommend a mandatory 24-hour delay on all initial or first-time payments, during which time a consumer about to be defrauded could remove themselves from the high-pressure environment in which they are being manipulated. All future payments to that same account could flow at normal speed to minimise inconvenience to customers. If a situation arose whereby an initial payment was needed instantly, a customer could ring their bank and additional checks could be carried out for the funds to be released (Paragraph 50)

The Payment Systems Regulator (PSR) has directed 6 of the UK’s largest banking groups to implement Confirmation of Payee (CoP) by the end of H1 2020.

We expect APP fraud data for H2 2020 to be available in Q1 2021. Once we have received these data, we will be able to use them to make comparisons against H2 2019 and H1 2020, to judge how effective CoP has been in reducing fraud, and the extent to which it has reduced the potential benefit of a mandatory delay on first-time payments to new payees.

Derisking

The FCA and Financial Ombudsman Service should ensure that all instances of de-risking where a customer cannot come to resolution with their bank are fully investigated and banking services returned as quickly as possible wherever possible and appropriate. We would expect to see timely and appropriate action taken where instances of blanket de-risking are apparent (Paragraph 77)

To enable firms to manage risks around certain customer types, the Joint Money Laundering Steering group published revised guidance in July 2020.[3]

The guidance sets out risk factors for banks to consider, such as whether a payment service provider (PSP) transacts in jurisdictions posing heightened risk for money-laundering or terrorism financing. We expect banks to consider these risk factors when deciding whether to take on a customer.

In July 2020, we published our Feedback Statement relating to firms’ safeguarding of customer funds.[4] In our Feedback Statement, we reminded banks that they must comply with regulation 105 of the Payment Services Regulations 2017, by providing PSPs with access to payment accounts services on a proportionate, objective, and non-discriminatory basis (‘POND’).





We also reminded them of our guidance on regulation 105 in our payment services Approach Document, and that banks should determine PSPs applications for banking services by taking account of the individual circumstances of the specific applicant.[5] This aligns with the expectations we set out for an effective risk-based approach to managing money-laundering risk by banks.

The FCA and the PSR review all notifications of refusal or withdrawal of access to payment accounts under regulation 105 on a case-by-case basis, requesting further justification from firms when submissions are not seen to be made in a sufficiently POND manner. However, refusal or withdrawal of services by credit institutions tends to be due to the PSP not meeting risk appetite or commercial unviability, which are legitimate reasons for not taking on a customer so long as these decisions are made in a POND manner. 

We have a route for PSPs to complain in the case that they feel they were not considered in a POND manner when banking services have been refused/withdrawn. However, we have received a low number complaints to date (approximately 1-2 per quarter).

Contingent Reimbursement Model Code

We remain unpersuaded that the Code should be voluntary and strongly urge any relevant parties who have not yet signed up to the Code to do so. As the first-year review of the Code approaches, the Code should now be made compulsory through legislation (Paragraph 114)

Our response to this recommendation noted that ‘‘To ensure we have a sustainable and long-term solution that offers protections to consumers, we agree that the code should be made compulsory or an equally suitable solution is found, depending on the findings of the Lending Standards Board’s review’’.

The Lending Standards Board completed its review of the Contingent Reimbursement Model Code on 30 September 2020
[6]. We expect the results of the review to be published in Q1 2021. 

The PSR is exploring potential interventions to improve outcomes for victims of authorised push payment (APP) fraud, including regulatory action that may become available after the completion of the EU-UK exit implementation period.

Gross negligence

We recommend that an accepted definition for gross negligence should be agreed by the regulators. The regulators should require financial firms to produce an easy to read lists of ‘dos and don’ts’ for customers, to show how the individual financial firms would define proper account usage in the majority of circumstances. Such lists would allow for variations between firms (Paragraph 139)

We have been working with the PSR on their potential regulatory action to improve outcomes for APP fraud victims. This action may include measures to stop firms avoiding reimbursement of APP fraud victims on the grounds of ‘‘gross negligence’’. We want to avoid cutting across the PSR’s work. Therefore, we will consider consulting on revised guidance on the meaning of ‘‘gross negligence’’ depending on the outcome of the PSR’s work.
 

In October 2020, the Financial Ombudsman Service published guidance on their approach to complaints about payment fraud, including how they interpret ‘‘gross negligence’’.[7] They included various case studies, outlining circumstances where they would expect a victim of APP fraud to be reimbursed by their bank.

The FCA should ensure that the outputs from their recent consultation on the Guidance for Firms on the Fair Treatment of Vulnerable Customers covers any finding of gross negligence (Paragraph 140)

We published our second consultation on the draft guidance on 29 July 2020. The guidance makes clear that, in order to pay due regard to the interests of customers and treat them fairly, firms should understand what makes customers vulnerable and their needs and ensure the products and services they provide support the fair treatment of vulnerable customers.

Firms should note that the provisions of the Contingent Reimbursement Model code state how firms should take into account vulnerability in cases of push payment fraud.

The consultation closed 20 September 2020 and finalised guidance is scheduled to be published winter 2020/21.

 

 


[1] https://www.fca.org.uk/firms/financial-crime/financial-crime-systems-controls-during-coronavirus-situation

[2] https://www.fca.org.uk/publication/corporate/sector-views-2020.pdf

[3] https://secureservercdn.net/160.153.138.163/a3a.8f7.myftpupload.com/wp-content/uploads/2020/07/JMLSG-Guidance_Part-II_-July-2020.pdf

[4] https://www.fca.org.uk/publication/feedback/fs20-10.pdf

[5] https://www.fca.org.uk/publication/finalised-guidance/fca-approach-payment-services-electronic-money-2017.pdf

[6] https://www.lendingstandardsboard.org.uk/wp-content/uploads/2020/07/LSB-CRM-Code-Consultation-document.pdf

[7] https://www.financial-ombudsman.org.uk/businesses/complaints-deal/fraud-scams