Skip to main content

The FOS and interpretation of Gross Negligence

What’s occurring?

With increasing numbers of people finding themselves a victim of Authorised Push Payment fraud (“APP”), the impact is increasingly being felt by both consumers and Payment Service Providers (“PSPs”). APP is the largest type of fraud in the UK both by victim and value of losses. It is also exponentially growing and showing no signs of stopping.

APP Fraud

At it’s core an APP fraud is where someone is persuaded to transfer funds electronically believing that they are making payments for legitimate purposes.  This can happen any number of ways such through fake websites, social engineering, cold calls, impersonation of the likes of HMRC or banks and interception of emails.

What is being done

The Government tasked the Payment Systems Regulator (“PSR”) with consideration of APP fraud and to identify what  can be done to protect customers further.  The PSR was chosen as they are the body who oversees UK payment systems including Faster Payments and CHAPS.  In 2021 97% of APP fraud payments were made using Faster Payments [1] and whilst only 0.1% of all Faster Payments made relate to APP fraud it is clear that this is the payment method of choice for scammers due to the immediate nature of the transaction.

The PSR has since published a number of consultation papers that have resulted in stringent new reimbursement rules and parameters being imposed on to all PSPs in relation  the Faster Payments system.

The pace of change is increasing as the PSR has more recently issued a consultation about the rules on CHAPS and is exploring whether the victims of APP through CHAPS ought to be reimbursed.

The new reimbursement rules (the “Rules”)

The key changes that are being implemented from 7 October 2024 are:

  1. Mandatory Reimbursement

From October 2024 the Rules dictate that all PSPs (except for credit unions, municipal banks and national savings banks) sending money via Faster Payments must reimburse all APP frauds save for some very narrow exceptions.

In addition rather than the sending bank being liable alone for repayment this will now be split 50/50 between the sending and receiving PSP.  It is imagined that

  1. Limits on Reimbursement

There will be an upper limit of £415,000 for reimbursement and have to report the APP fraud within 13 months of the final payment being made to the fraudster.

  1. Excess

Sending PSPs will be able to apply up to a £100 excess on any claim made for reimbursement.  The theory is that this will encourage customer diligence.  This excess will not apply to vulnerable customers.

On 12 March 2024, HM Treasury published a near-final version of the Payment Services (Amendment) Regulations 2024, which aim to delay payments processing by amending Regulation 86 of the Payment Services Regulations 2017 when there are reasonable grounds to suspect fraud or dishonesty. The publication is part of the government’s work to tackle APP fraud.

The amendment will give sending PSPs the opportunity to delay a customer’s instruction within a specified period (4 working days) where the PSP suspects the payment instruction has arisen as a result of fraud by a third party.

What are the exceptions?

The Rules provide two circumstances where PSPs are exempted from the mandatory requirement to reimburse and these are:

  1. The customer has acted fraudulently; or
  2. The customer has acted with gross negligence (unless the customer is vulnerable). This exception is called the “Consumer Standard of Caution”.

Consumer Standard of Caution

Customers are expected to reach the Consumer Standard of Caution by:

  • Having regard to specific, direct warnings from the PSP that the payment might be an APP fraud; and
  • Reporting the APP fraud promptly to the sending PSP (and certainly within 13 months); and
  • Responding promptly to any proportionate requests for information made by the PSP: and
  • Consenting to a police report on their behalf by the PSP or action a request from the PSP that a police report is made.

If any of thee above four points are breached as a result of gross negligence then the PSP may refuse the reimbursement request.  The burden of proof is on the sending PSP to prove this, but what is gross negligence?  The PSR have stated that the customer would be required to show a significant degree of carelessness and has published a consultation paper [2] relating solely to the Consumer Standard of Caution.

Within this it is stated that

Each reimbursement claim will need to be assessed on its merits to determine whether the consumer is eligible for reimbursement or has breached the consumer standard of caution. We interpret ‘gross negligence’ to be a higher standard than the standard of negligence under common law. The consumer needs to have shown a very significant degree of carelessness”.

Gross Negligence

There is no hard and fast rule of what constitutes gross negligence.  Given the lack of express definition within the Rules there are numerous places on which you can draw for guidance such as Government literature, common law and previous Financial Ombudsman Service (“FOS”) decisions.

Historically there is guidance already in place such as the comments within a report published on 1 November 2019 [3] by the Commons Select, Treasury Committee.  Within this report Stephen Jones the then Chief Executive of UK finance told the Committee that, “…when Financial Ombudsman Service (“FOS”) look at the concept of gross negligence, they apply a judgment every time as to what they think is fair and reasonable”.  In practice, this means that PSPs will have to look at the conduct of each customer and decide if their actions seemed “fair and reasonable” in all of the circumstances.

In addition 2018 Caroline Wayman former Chief Ombudsman and Chief Executive of the FOS stated that “gross negligence is more than just being careless or negligent. And as our case studies show, the evolution of criminals’ methods – in particular, their sophisticated use of technology and manipulative ‘social engineering’ – means it’s an increasingly difficult case to make[4]

Even in common law there is no legal definition of gross negligence, however, a useful reminder of what the test is in civil court from the case of Federal Repulic of Nigeria v JP Morgan Chase EWHC 1447 (Comm) [5] in which Mrs Justice Cockerill stated “That target, of gross negligence, is one which is necessarily fact sensitive. It is a notoriously slippery concept: it requires something more than negligence but it does not require dishonesty or bad faith and indeed does not have any subjective mental element of appreciation of the risk

Perhaps, realistically the best place to get an idea of what would be considered gross negligence is from the Financial Ombudsman Service decisions.  We have reviewed some of the recent decisions and created the below table which gives an indication as to what is (and more likely isn’t) gross negligence. It is, at its core, a high bar to reach.

Click here to view case studies of what is defined as “gross negligence” from FOS decisions

Conclusion

There are no hard and fast rules that are going to assist PSPs in deciding whether to reimburse or refuse reimbursement and it is expected that this will be a fast-evolving area.

Tenet have spoken with experts at FINTRAIL about their views on the impending changes and gross negligence and they have stated that following conversations with UK-based PSPs, that most are working on the assumption there will be very few cases of APP fraud where it is possible to establish gross negligence.   While making it clear that the bar will be set very high, the PSR’s guidance to date has not provided any clear definitions or examples to enable firms to identify applicable behaviour.  Most firms are therefore not designing processes or making calculations which assume a certain volume of gross negligence cases. The more common approach is to assume no cases can be dismissed as gross negligence, and then take a case-by-case view of any clear-cut cases which do arise.

FINTRAIL also highlights a further complication in that two parties are responsible for reimbursing APP fraud claims (sending and receiving PSPs), yet only the sending PSP will make the initial decision on whether to argue gross negligence.   There is therefore a strong possibility of disputes between sending and receiving PSPs.  The logistics of how these disputes will play out will not become fully apparent until the scheme is up and running.

FINTRAIL recommends that rather than draw up rigid policies or guide rails for determining cases of gross negligence, firms maintain a more flexible principles-based approach that considers each case on an individual basis, possibly involving specialist external advice.  To this end, operational teams should be well-versed on the Consumer Standard of Caution but should not be expected to make decisions themselves, instead, having clear escalation routes.  The ‘Stop the Clock’ provisions introduced as part of the new legal instrument do not explicitly mention gross negligence, but could arguably apply if information is being sought from a customer.  However, they will not apply to time spent deliberating or seeking external counsel, so firms must act quickly and have a clear process for assessing and determining cases within five business days.

Tenet brings extensive expertise in dealing with APP cases including dealing with the FOS.  crafting customer responses and alerts tailored to combatting APP Fraud. Our team of experienced litigation lawyers specialise in handling Authorised Push Payment Fraud cases. We collaborate closely with the banking industry, particularly concerning the Contingent Reimbursement Model (CRM) and the issues facing our fintech clients in particular. With our deep understanding of Financial Ombudsman Service (FOS) protocols and thorough knowledge of fraud disputes, and financial crime compliance, we swiftly navigate and resolve issues ranging from customer complaints to High Court proceedings concerning claims arising from APP transactions.

Published on August 22, 2024