In 2017, the British Standards Institution (“BSI”) launched a code of practice for financial institutions (including banks) that sought to give recommendations to organisations for protecting vulnerable customers from financial harm. Whilst a breach of the protocol may not mean immediate reimbursement by an organisation it is certainly a helpful indicator of what standards they are expected to meet and a weapon in your arsenal if you can show breaches.
Unfortunately, more and more people are finding themselves a victim of fraud, especially in the current climate when reliance on the cyber world is ever more prevalent. There are many sophisticated scams that can catch out even the most savvy of us and those who are vulnerable may find themselves at an even higher risk.
Many people find themselves having to complain to their own bank after having been a victim of fraud and due to the plethora of protocols and obligations this can be a minefield.
There are two key regulators in the UK. The Prudential Regulation Authority (“PRA”) is responsible for the financial safety and soundness of banks. The Financial Conduct Authority (“FCA”) is responsible for how banks treat their clients and behave in financial markets.
Under FCA principles, banks have a duty to exercise reasonable skill and care, pay due regard to the interest of its customers, follow good industry practice and take steps to keep their customers’ accounts safe, as well as other obligations.
Fraud is a criminal act involving deception intended to result in financial gain. Financial abuse is slightly different in that it is defined as the criminal act of controlling a person’s property (e.g. money) intended to result in the financial or personal gain of the abuser. It is typically carried out by people in a position of trust.
It is an initiative between the police, banking institutions and Trading Standards. Its aim is to encourage bank staff to be proactive in spotting scams before money is handed over. The Code also enables branch staff in certain situations to alert local police to suspected fraud.
The Code gives recommendations to organisations on how to identify customers who might be at risk of financial harm that might occur as a result of fraud or financial abuse, how to assess the potential risks to the individual and how to take the necessary actions to prevent or minimise financial harm.
The underlying premise of the measures is how an organisation treats its customers can contribute to levels of financial harm. For instance, if there are inadequate systems in place that fail to identify, inform, protect and support customers it can make it more likely that vulnerable customers are more susceptible to harm. The objective therefore is to help organisations protect customers from financial harm by identifying good practice in systems and procedures to prevent and detect fraud and financial abuse, recognising customers that might be susceptible to risk and advising on the best way to respond to certain situations.
It can sometimes be hard to identify vulnerable customers as vulnerability is dynamic in nature. It can be temporary or permanent and can be caused by a variety of factors. Banks should consider whether the customer is able to communicate effectively, make decisions or take actions that are in their best interests. However, the Code provides recommendations, guidance and a checklist for organisations to help them navigate this potentially tricky area.
It establishes that, as a general principle, the organisation should deliver a service that:
“3.1(b) takes a proactive approach to minimising risks, impact and incidences of financial harm”
It sets out systems and tools for the prevention and detection of fraud and financial abuse. As a general point, it says organisations should ensure that all systems are developed using technologies and methodologies that are effective in the prevention of fraud and financial abuse, through authorised and non-authorised payments, thereby minimising the risk of financial harm to customers.
As regards to the detection of fraud and financial abuse, it says the organisation:
“5.3.1 should have measures in place across all payment channels and products to detect suspicious transactions or activities that might indicate fraud or financial abuse”. It then lists the following examples of suspicious activity on customer accounts:
And it goes on to say any suspicious transactions should be flagged on the system and the appropriate member of staff notified.
The Financial Ombudsman relies on a combination of the relevant law, rules, regulations, guidance and good practice when considering a complaint from a customer. It has been known to rely on the Code when considering whether to request a bank repays a customer’s money. Once such example can be found through this link https://www.financial-ombudsman.org.uk/decisions-case-studies/case-studies/customer-told-needed-pay-tax-bill-face-arrest. In brief the customer was persuaded to part with £15,000 through numerous different transactions. It was found by the Financial Ombudsman that the type of activity on the account was the type of activity that the Code warned against and that the bank should have done more to intervene. If they had then the fraud could have been averted.
If you have been a victim of fraud or financial abuse, then reliance on this Code could help you apply pressure to the bank to reimburse the payment(s) made. By no means is this a magic bullet but it is certainly helpful.
If you are a bank, these obligations should not be overlooked.
We advise on the obligations on banks relating to monitoring fraud risk to customers. If you need assistance on navigating these areas, we can help. If you need guidance, then do not hesitate to get in touch at firstname.lastname@example.org.