The self-regulatory body published its review into the voluntary code following an industry wide consultation earlier this week.
The code, launched in May 2019, sets out consumer protection standards for banks regarding APP scams. These scams occur when a customer is tricked into authorising a payment to an account they believe is to a genuine payee. Firms who sign up to the code commit to reimbursing customers who lose money where they are not to blame for the success of a scam.
In the first half of 2020, £207.8m was lost due to APP scams, according to UK Finance.
The LSB acknowledged in the report there were “inconsistencies in application”. They said, “more needs to be done to ensure [the code] is applicable to [a] wider range of firms”.
The report found there were barriers of entry for certain types of firms operating within the payments system which “would prohibit full participation” of the code. Some of these barriers were particular to the business models of building societies, payment initiation service providers (PISPs) and electronic money issuers.
An LSB spokesperson said “we make no bones that the code is robust in its approach - we need this to ensure we can protect customers. We have taken on feedback that some smaller firms and other business models may not be able to comply with all aspects of the code currently.
“One recommendation we will take forward is to understand these challenges, make relevant and appropriate updates to the code to allow for wider participation but ensuring that it remains robust in its approach and ensures consumer protection.”
The CRM code currently places responsibility for the assessment of any claim with the sending firm. However, feedback from the consultation said there should be “greater emphasis on the role of receiving firms”. This is to drive “greater prevention activity” and for the receiving firms to work towards “better identification of mule accounts”.
According to the LSB, the value of CRM cases recorded by the code’s nine signatories since it was launched totals £257m, of which 41 percent (£106.5m) was reimbursed. This is compared to 19 percent of reimbursement in the first half of 2019, pre-CRM code.
The report acknowledged there is an “increasing range of participants and diversity of business models within the payment journey, such as PISPs”. Certain payment journeys, such as those using open banking, do not fall within the Code signatories’ control. Feedback from the consultation reported a small number of those payments were APP scams. The LSB will review this further, as part of its follow up, to understand the scope of the issue.
“The responses we received from this consultation evidence that the purpose of the code is supported by the industry, and we know that when applied correctly, it is enhancing protections for customers, but there is more to do," said Emma Lovell, chief executive of the LSB.
“Preventing customer loss and harm from scams is critical, which is why we intend to introduce new metrics across the code objectives. Part of this work will include bringing consistency across signatories for collation of data and their definitions.
“The code’s objectives focus on prevention, detection and responding to scams. While reimbursement levels are a key metric to the success of the code, we must not lose sight of the importance of prevention and detection measures.”
The LSB will publish a timeline of work at the end of February, following the recommendations of the report, and a call for input at the end of the first quarter.