Following the publication of the Financial Conduct Authority's regulation on APP payments (30 October 2024), the Treasury requested further clarity on the nature and implementation of these rules. This additional guidance was published on 22 November. It intended to ensure the new regulations would be practical, fair and easily implemented, while balancing the needs of consumer protection with the broader stability and sustainability of the financial services sector.
The 4-day rule itself is part of a set of measures designed to protect consumers from APP fraud and relates to the period during which banks can delay a payment to investigate potential fraud. The FCA’s feedback request from the industry and wider stakeholders has now helped shape the scope of the rule. It also refines the guidance to ensure that it addresses the complexities of the implementation, protecting consumers but considering the operational realities of the sector.
The general guidance covers refunds, enhanced prevention measures and increased transparency. It builds on existing measures, designed to encourage more collaboration between financial institutions and ensure consumers are given the right tools and support to avoid falling victim to fraud. Here we look more closely at the detail on the 4-day rule and how firms should handle payments where there are reasonable grounds to suspect fraud and where this suspicion is established within the next day of being instructed of the payment.
Purpose for the 4-day delay
The 4-day rule allows a payment service provider (PSP) to pause payments for up to four business days if there are reasonable grounds to suspect the payment is fraudulent. The time should be used to thoroughly investigate the transaction where fraud is suspected.
The clarity provided in November’s guidance confirms that it should only be applied when there is reasonable suspicion of fraud and banks are expected to consider:
- unusual transaction patterns (eg, large or out-of-character payments)
- vulnerabilities of the customer in question and whether they'd be more susceptible to scams
- suspicious recipient accounts, particularly if the account is linked to accounts with previous fraud patterns.
The guidance highlights that the delay should only be used if there are legitimate reasons to suspect the payment is fraudulent; it shouldn't be used arbitrarily. The FCA assumes the PSP will consider its obligations under the Consumer Duty when deciding to delay processing a payment order. These include the Consumer Duty’s consumer support outcome rules.
Impact on refunds and customer protection
The clarification emphasised that during the 4-day delay, consumers should be protected from the immediate transfer of funds if fraud is suspected. If fraud is confirmed during the 4-day period then the PSP is expected to refund the customer as per the FCA's related rules on reimbursements.
Customer communication
During the 4-day delay the PSP is expected to inform the customer that the payment has been delayed for investigation purposes. They should be informed of the reason for the delay and kept updated on progress. The guidance reminds firms that they should also be transparent to customers about their rights.
Data collection and reporting
PSPs should record information about the overall volumes and values of delayed payments, and information about each delayed transaction. For example, this includes:
- the grounds for suspicion
- the length of the delay
- whether the transaction was ultimately completed or refused
- the value of the transaction
- whether the PSP identified the payer as having characteristics of vulnerability.
A payment order which appears unusual is not necessarily suspicious. Even customers with a stable and predictable transaction profile will have periodic transactions that are unusual for them. Thresholds for considering whether the payment is suspicious include the following:
- PSPs should take into account the specific circumstances of the individual transaction
- PSPs should take account of their own intelligence, and any assessments made using technology solutions which they have used to mitigate fraud risk
- ‘Reasonable grounds’ to suspect fraud or dishonesty is more than mere speculation, it's based on an objective factual foundation
- A PSP’s assessment of whether the threshold has been met should be designed to support delivery of good outcomes for its customer under Consumer Duty
A PSP must execute a payment order as soon as it has contacted the payer or other relevant third parties and established that it should execute the payment order, rather than pursuing a policy of waiting until the end of the fourth business day to do so.
Inbound payments
The FCA expects a PSP that has delayed making funds available to a payee will communicate with the payee to help deliver good customer outcomes, unless it is unlawful to do so (such as restrictions on tipping-off).
The full detail can be found here in the FCA's finalised Guidance for firms that enables a risk-based approach to payments.
For more insight and guidance, please get in touch with Paul Olukoya.
