Written evidence submitted by Quilter (OSB 0024)
Quilter is a leading wealth management business in the UK, helping to create prosperity for the generations of today and tomorrow. Quilter oversees £126.6 billion in customer investments (as at 30 June 2021), for more than 900,000 customers. Quilter’s offering includes: financial advice; investment platforms; multi-asset investment solutions and discretionary fund management. Clients can choose to use one or more of these services.
Quilter welcomes the government’s ongoing commitment to protecting internet users from illegal content online, and supports the aims of the Online Safety Bill in making the regulation of the internet fit for the 21st century.
However, while DCMS has recently announced that certain scam typologies – namely ‘user-generated’ scams – will fall within the scope of the Online Safety Bill, we believe that further scam typologies should also be included.
We believe that the Bill should consider brand impersonation frauds, which have increased significantly in recent years and now cost UK consumers over £70m a year. These scams are generally facilitated through paid-for adverts on search engines and/or cloned websites.
Question 1: Will the proposed legislation effectively deliver the policy aim of making the UK the safest place to be online?
As detailed in our response to Question 2, we do not believe that the legislation will effectively deliver the policy aim of making the UK the safest place to be online if it fails to include wider scam typologies beyond just “user-generated” scams.
Question 2: Are there any types of content omitted from the scope of the Bill that you consider significant? How should they be covered if so?
The safety and confidence of consumers is being undermined by the growing prevalence of financial scams, and in particular the online investment scams which feature an impersonation of a regulated financial services firm to sell fictitious investment products using paid-for adverts and/or cloned websites on search engines.
Impersonation scams have increased considerably in the past decade. Our analysis of the FCA’s warning list shows that impersonation scams have increased by 25% on average year-on-year since 2010. But between 2019 and 2020, impersonation scams increased by 47%. These scams now account for 37% of all FCA warnings issued in the last decade.
Action Fraud reported that £78m was lost to UK consumers as a result of impersonation investment fraud in 2020, with the average loss in each individual case standing at £45,242. We have provided details of a typical impersonation fraud attempt at the end of this response.
As is clear from the cases we have seen, there is a much wider cost to these impersonation scams than just the financial cost. For starters, scam victims generally suffer severe emotional distress as a result of these crimes. Then there’s the secondary cost to firms on monitoring and responding to these scam attempts, increased regulatory costs, damage to trust in the financial services sector, and damage to the economy as a whole if scammers operate with impunity.
There is currently no legally enforceable system for compelling search engines and social media platforms to remove fake websites and fake adverts which use the ‘clone’ of a financial services firm. Furthermore, search engines and social media platforms do not have any legal responsibilities to ensure that their users are not exposed to content that could result in financial harm.
The current regulatory regime is inadequate. The FCA has limited jurisdiction over online advertising so the regulator is instead limited to spending hundreds of thousands of pounds each year on its own adverts warning consumers of the dangers of online investment propositions. It has been reported that the FCA spends on average £54,389 a month on such adverts, which provides even more revenue for the search engines on top of the revenue they receive from the scammers.
The Online Safety Bill has been in the policy pipeline for many years now, and for the majority of this time DCMS and the Home Office have maintained the position that harms resulting from fraud should be excluded from the scope of the legislation.
As detailed in the government’s response to the Online Harms Bill white paper in December 2020, the government previously believed that fraud would be more effectively tackled by other legislative and non-legislative measures.
The government has since, however, partially reversed its position following pressure from the FCA, numerous trade associations and other interested parties. When introducing the draft legislation, the Secretary of State for Culture, Oliver Dowden MP, said:
“Since the publication of the full government response in December 2020, there has been significant concern about the exclusion of online fraud from the legislation. This government understands the devastating effect that online fraud can have on its victims, so today we are announcing that the Online Safety Bill brings user-generated fraud into the scope of the regulatory framework.”
This is a welcome step forward, but the government has regrettably maintained the position that other fraud typologies, most notably those frauds facilitated through paid-for online adverts or cloned websites, will remain outside the scope of the Online Safety Bill.
DCMS has instead suggested that the forthcoming Online Advertising Programme – of which the initial consultation is expected this year – will be the most appropriate vehicle by which to tackle online advert fraud. But we are still many years away from concrete changes as a result of this Programme.
We believe the government has an opportunity to take decisive action now, rather than waiting years for the Online Advertising Programme, and that this can be achieved through a few simple changes to the Online Safety Bill. This view is supported by the Work and Pensions Committee, the Treasury Committee, the FCA, the Investment Association, the ABI, PIMFA, UK Finance, Which? and a number of other organisations.
From our reading of the draft Online Safety Bill, the government could include paid-for advertising in scope of the legislation by removing clause 39 subsection (2) paragraph (f) and clause 39 subsection (7). This would ensure that paid-for advertising is considered “regulated content”, and therefore covered in the new duties on search providers and user-to-user services.
The status of cloned websites is less clear. The government’s intention is for cloned websites to be excluded. However, the Bill specifically considers websites that appear in search results as “regulated content” (under clause 134). That said, there is a carve out from the definition of “regulated content” for content that is illegal if the illegality concerns an infringement of intellectual property rights (clause 41), implying that websites that use stolen logos and branding will not be considered within scope of the Bill.
We believe that the government must recognise the harm that is caused to individuals as a result of cloned websites and clarify within the legislation the position of such websites. We believe the government should amend the legislation such that cloned websites are unambiguously considered “regulated content”.
The typical case
Typically, if someone searches for an investment opportunity online by searching key-word phrases such as ‘high return investments’ or ‘best rate ISA’ into a search engine, there are two scenarios that can occur, with both potentially leading to harm.
First, if an individual clicks on one of the adverts that appears, they will often be taken to an ‘investment’ comparison website. The site will often contain a disclaimer at the bottom of the webpage, which states that the content of the financial promotion is not authorised under the Financial Services and Markets Act 2000, but that if the individual wishes to participate in the promotion, they must declare themselves as ‘high-net worth’ or ‘sophisticated’ under Section 48 of the Financial Services and Markets Act 2000 (Financial Promotion) Order 2005.
After inputting their contact details, someone will get in touch offering an investment opportunity, which is generally high-risk and often has extremely high fees and charges attached. While there are many legitimate reasons for ‘high-net worth’ and ‘sophisticated’ individuals to be exempt from certain requirements around financial promotions, and while this is not against the law, we are concerned that consumers are not being made fully aware of the significance of certifying themselves as ‘high-net worth’ or ‘sophisticated’, or indeed are not being made aware at all that they are certifying themselves as ‘high-net worth’ or ‘sophisticated’ and this is causing harm to occur.
Second, should an individual click on one of the adverts that appears, they may be taken directly to a fake website advertising a non-existent investment product, or a range of investment products, using the ‘clone’ of a legitimate financial services firm. This is a clear scam, and the scammer will use the same logo as a reputable financial services firm, and may use genuine marketing materials from said firm.
Potential investments include non-existent bonds for household brand names, often with generous rates of return above 5%, but they can also be genuine commercial or government debt instruments, with genuine ISIN numbers, but which in reality are not available to retail investors.
After the individual has input their contact details into the website, they will be contacted by someone pertaining to be calling from the regulated firm featured on the fake website. We have even seen examples of individual financial advisers and investment managers from legitimate firms being impersonated by scammers, often through details obtained from the FCA register, including senior management functions entries.
The scammers will often emphasise that the investment opportunity is fully covered by the FCA and/or the FSCS and will often require a minimum investment of around £50,000, with a ‘bonus’ if they invest over a certain amount. Once the money is deposited into the fraudster’s account, it is quickly moved again into a number of other accounts to make it much harder to trace. The victim often does not even realise they have been scammed for many months, and it is only when they do not receive their first interest payment or return on their money that they become suspicious.
Once the scam is detected, the scammers will close the site down, but may then set up a new website using the name of a different provider, advertising a slightly different investment opportunity.
 Over £78 million stolen in 'clone firm' investment scams - National Crime Agency
 Quilter launches scam reporting tool as impersonation scams increase 600% since 2010 | Quilter Media Centre
 Over £78 million stolen in 'clone firm' investment scams - National Crime Agency
 FT Adviser, FCA spends £300k to fight online fraud, September 2020
 Landmark laws to keep children safe, stop racial hate and protect democracy online published - GOV.UK (www.gov.uk)