The Supreme Court has handed down its judgment in Philipp v Barclays Bank UK plc [2023] UKSC 25, an important case in relation to the ongoing fight against authorised push payment (APP) fraud.
The decision provides welcome clarity for banks and other firms in relation to the relationship of the "Quincecare duty" with the payment obligations of banks and other payments firms. You can read our full note of the decision here.
Whilst the Court refused to bend the common law to deal with the mischief of APP fraud, firms remain obliged to comply with other relevant statutory and regulatory obligations that cover this area.
Including the FCA’s new Consumer Duty, which comes into force at the end of this month.
Cross-currents
One of its core obligations is the cross-cutting rule that "a firm must avoid causing foreseeable harm to retail customers".
At first glance there is an apparent tension between the conclusions reached in Philipp and this requirement.
The FCA's finalised guidance (FG 22/5) on the cross-cutting rule explains that one example of foreseeable harm is "consumers becoming victims to scams relating to their financial products for example, due to a firm’s inadequate systems to detect/prevent scams or inadequate processes to design, test, tailor and monitor the effectiveness of scam warning messages presented to customers". Thus, in an APP context there is an expectation that banks warn customers about the threat of APP scams in a clear and effective manner.
However, the finalised guidance is also clear that neither the cross-cutting rule nor the Consumer Duty overall require a firm to "prevent an insistent customer from making decisions or acting in a way that the firm considers to be against their interests. Even where firms act reasonably to meet the Duty, consumers may sometimes make poor decisions. Firms should aim to help customers understand the consequences of their decisions but, if a customer insists on a course of action that the firm regards as harmful, they are not obliged to prevent it."
Fully informed
The current position is that where a firm expects that a customer is the victim of APP fraud the firm should raise its concerns with the customer, but there is no obligation to prevent the customer from making a payment.
But the Consumer Duty will set a higher standard for firms when they seek to raise concerns. Firms will need to make every effort to ensure that their customers have all the information they need, at the time they need it, to make informed decisions. Including where a customer might be making a payment to a fraudster. When considering APP fraud in the context of the Duty, therefore, the first question to ask is whether firms’ communications in this context are sufficient to meet this new standard.
We are all likely familiar with the measures instituted by banks to make us stop and think before making online payments: matching names to account numbers (and warning customers of the risks of making payments where these do not match); 'stop and think' warnings; and reminding customers not to make payments to people they don't know or where they feel pressured. Effective warnings before an instruction is made are crucial if, as Philipp suggests, once a clear and unequivocal instruction to pay has been given, banks are obliged to fulfil it.
The problem, of course, is that such warnings are not always heeded. They quickly become familiar and customers impatient to make a payment will skim over them. There is also the question of whether these warnings are actually understood, something firms will need to test once the Duty comes into force.
Slow down – you move too fast
Assuming warnings are 'understood', are there any additional actions that the Duty might require firms to take to minimise the risk that their customers are defrauded?
The Non-Handbook Guidance for the Duty talks disparagingly about sludge practices, that is, negative friction added into the customer journey to prevent customers taking an action the firm does not want them to, like entering a complaint or cancelling a contract. What gets less attention is the concept of 'positive' friction. Most suited to riskier transactions, this involves making the customer journey slightly less seamless, with the aim of making customers stop and think before acting. This goes against prevailing commercial wisdom that to remain attractive, firms must make their online customer journeys as frictionless as possible. It's a delicate process: inject too much friction and customers may become frustrated, or even take their business elsewhere. Used intelligently, however, positive friction can be a vital weapon in the fight against fraud.
So what might intelligent use of positive friction look like? Again, there are clues in the Duty. In order to meet the cross-cutting rules, the Consumer Duty requires firms to "understand and take account of cognitive and behavioural biases". These are unconscious beliefs and mental 'shortcuts' that influence our decisions. They are employed by everyone, regardless of age, level of education and professional status. Numerous biases play into APP fraud, including over-confidence and optimism bias. Working with behavioural economists to understand how people behave and the motivations that cause people to fall victim to APP (or any) fraud can give valuable insight into why people fall victim to scams and how to design nudges, positive friction and warnings in a way that maximises their effectiveness.
People's behaviours are not predictable or logical. The Duty's appeal to firms to focus on customer behaviour as well as understanding has real potential to move the dial in terms of the efficacy of firms' efforts to discourage or prevent individuals falling victim to fraud. This would undoubtedly be a good outcome for everyone.
For further Consumer Duty resources please see our Consumer Duty webpage.