The Contingent Reimbursement Model Code for Authorised Push Payment Scams, was published on the 28 February 2019 and comes into force on the 28 May 2019. Along with the  Practitioner Guide*, the CRM Code will assist PSPsin preventing and addressing APP fraud scams; by educating customers to increase awareness and reimbursing victims of APP fraud, where the expected level of care was met.

ASPSPs implementing CRM should act in a way which advances the following overarching objectives of the CRM Code:

  • reduce occurrence of APP scams
  • to increase the proportion of customers protected from the impact of APP scams
  • to minimise disruption to legitimate payments journeys.

In the context of Open Banking customer journeys, the expectation is that ASPSPs ensure that their TPP journeys do not have obstacles, such as, unnecessary or superfluous steps or the use of unclear or discouraging language, that would directly or indirectly dissuade customer from using PISP services.

 In the context of the CRM Code, the detection of APP fraud during the payment journey is a key consideration for the protecting customers against APP scams. Where a potential APP scam payment is identified based on a risk based approach and, where possible, based on APP scam risk indicators, the ASPSPs should provide an ‘effective warning’ which enable the PSU to understand what actions they need to take to address the risk and the consequences of not doing so. ASPSPs should adopt a balanced approach to ensure that they provide appropriately meet the requirements of the CRM Code,but also consider how to minimise disruption to legitimate payments journeys by not creating unnecessary obstacles for TPPs.


* Expected publication date by LSBis 28 May 2019