91: After Clause 65, insert the following new Clause—
“Forest risk commodities
(1) FSMA 2000 is amended in accordance with subsection (2).(2) After section 410 insert—“Forest risk commodities410ZA Forest risk commodities(1) A person must not carry on a regulated activity in the United Kingdom that may directly or indirectly support a commercial activity in relation to a forest risk commodity or a product derived from a forest risk commodity unless relevant local laws were complied with in relation to that commodity.(2) A person that intends to carry on a regulated activity that may directly or indirectly support a commercial activity in relation to a forest risk commodity or a product derived from a forest risk commodity must establish and implement a due diligence system in relation to that regulated activity to ensure compliance with relevant local laws.(3) The due diligence system referred to in subsection (2) must be in place within 24 months of the day on which the Financial Services and Markets Act 2023 is passed.(4) Within the period of one year beginning with the day on which the Financial Services and Markets Act 2023 is passed, the Secretary of State must by regulations made by statutory instrument make provision about the details of the due diligence system referred to in subsection (2).(5) A statutory instrument containing regulations under subsection (4) may not be made unless a draft of the instrument has been laid before and approved by a resolution of each House of Parliament.(6) In this section, “due diligence system” means a system for—(a) identifying and obtaining information about the commercial activities of any beneficiary of the regulated activity and of their group regarding the use of a forest risk commodity,(b) assessing the risk that relevant local laws were not complied with, or that free, prior and informed consent was not obtained from local communities, or from indigenous people in accordance with their rights under international law, in relation to that commodity, and(c) mitigating that risk.(7) A person that carries on a regulated activity in the United Kingdom that directly or indirectly supports a commercial activity in relation to a forest risk commodity or a product derived from a forest risk commodity is subject to—(a) the reporting requirements under paragraph 4 of Schedule 17 to the Environment Act 2021 (“the Environment Act”) in relation to the due diligence system required under subsection (2), and(b) Part 2 of Schedule 17 to the Environment Act as though they are a person to whom Part 1 of that Schedule applies.(8) Terms used in this section that are defined in Schedule 17 to the Environment Act have the meanings given in that Schedule.”(3) In paragraph 17(1) of Schedule 17 to the Environment Act 2021 (use of forest risk commodities in commercial activity), for “and any Part 2 regulations (“relevant provisions”)” substitute “, any Part 2 regulations (“relevant provisions”) and section 410ZA of the Financial Services and Markets Act 2000”.”
We debated this amendment last Tuesday but it has taken until today to get to the vote. Needless to say, its importance has not diminished. The Amazon is the lungs of the world, and this is a straightforward amendment that aims to clamp down on illegal deforestation. While I thank the noble Baroness for her response last week and much appreciate all the points that she made, we need to move faster in this direction, and so I would like to test the opinion of the House.
1|15:26|212|203|Division on Amendment 91|Amendment 91 agreed.||0|0
3:37 pm
Amendments 92 and 93 not moved.
Clause 68: Liability of payment service providers for fraudulent transactions
94: Clause 68, page 85, line 9, at end insert—
“(8A) At least annually after the Payment Systems Regulator has imposed the requirement set out in subsection (5), it must publish a report on the impact of the requirement, including its assessment of the impact on the protection of consumers and the behaviour of payment service providers in relation to consumer protection.(8B) Reports published under subsection (8A) must provide at least the following information for each payment service provider subject to the requirement—(a) the number and value of authorised push payment (APP) scams notified to them;(b) the percentage by number and value of APP scams that have been reimbursed;(c) the percentage by number and value of APP scams initially rejected and subsequently appealed and the results of such appeals;(d) the percentage by number and value of APP scams that have been finally rejected;(e) the shortest, longest and average time from notification to decision about reimbursement.”Member’s explanatory statement
This amendment aims to ensure that the impact of the APP reimbursement requirement is assessed and reported on regularly and to ensure that consumers can see whether the rules are being applied consistently and which institutions are better and worse at reimbursing victims fairly and promptly.
My Lords, I introduced a number of amendments on the subject of authorised push payments fraud in Committee. At the time I said I was broadly happy with the Minister’s responses but would look to return to the reporting question again, which is what Amendment 94 does. I should say at the outset that I support what the Bill is trying to do in respect of APP fraud to make it easier, and in particular fairer, for victims of APP fraud to get their money back. Before I go any further, I remind the House of my interest as a shareholder of Fidelity National Information Services, Inc., which owns Worldpay.
My new Amendment 94 has two elements to it. First, it would introduce requirements on the PSR to report annually on the impact that the reimbursement requirement had had on consumer protection and on the behaviour of payment service providers. Secondly, it would effectively create a league table to enable consumers to see how each bank is actually performing both in preventing fraud and in reimbursing victims.
On the first point, the annual impact report is necessary because the mandatory reimbursement requirement could have unintended consequences that might damage consumer protection. I shall give a couple of possible examples of that. First, there is the possibility of moral hazard. If the mandatory requirement means that consumers start to take less care about protecting themselves because they will be repaid anyway, that could have the undesirable consequence of actually making it easier for the fraudsters to commit fraud and so actually increase levels of fraud. While, as we discussed in Committee, we must not put the blame on the victims, there is a balance to find in this area to avoid making it easier for the fraudsters while improving consumer protection and outcomes. We will know whether we have found the right balance only when we start to see the results.
20 of 194 shown
A second example might be that the banks change their behaviour in an undesirable way. Rather than improving their fraud detection and prevention processes, they might simply decide that the easiest thing to do would be to stop providing services to people whom they see as being at the highest risks of fraud in order to reduce their potential reimbursement liability. I think many Members of this House have seen similar behaviour in respect of PEPs—politically exposed persons—where, rather than undertaking sensible risk-based steps, banks have on occasion just decided that it is too difficult or expensive to deal with PEPs and have refused to open accounts or have even closed accounts. We will come to that later today, but it is a good example of a well- intentioned risk measure having undesirable consequences. In the case of APP fraud, if the banks see it as too great a financial risk to provide banking services to those deemed to be at a higher risk of fraud, then we might see a whole swathe of more vulnerable people unable to obtain banking services.
These are just two examples, but I hope that they demonstrate the importance of the PSR keeping the impact of the requirement for mandatory reimbursement under regular review and amending it if it turns out to have unintended negative consequences. Reporting on this regularly and publicly will ensure that the impact assessment is robust.
Turning now to the second element of the amendment, the requirement to report annually on the performance of the banks, a major criticism of the current voluntary reimbursement code is that it is completely non-transparent. While numbers are published, they are anonymous. Consumers cannot see which banks are behaving best, and which are behaving worst, unless, as TSB does, they tell us voluntarily. The TSB example is encouraging—it is using its 100% reimbursement policy as a selling point. Introducing competitive good behaviour is highly desirable, and this amendment would help achieve that.
The amendment would effectively create an annual league table that would enable consumers to see which banks have the lowest levels of fraud—which will give an indication of how good they are at detecting and preventing fraud—which banks are better and quicker at reimbursing victims when fraud occurs, and, by including the appeal information, which banks make it more difficult for victims. That would allow consumers to take this information into consideration when deciding whether to stay with their existing bank or when considering opening a new account—something that would otherwise not be possible. That would, I hope, provide a real competitive incentive for banks to change their behaviour both in detecting and preventing fraud and in treating victims promptly and fairly.
This would not introduce a significant additional burden; the PSR will have all this information anyway, so reporting it is not a significant job. However, the benefits to consumers of making this information public are potentially significant.
When we discussed this in Committee on 13 March, the Minister stated in relation to the impact assessment that the PSR
“has committed … to a post-implementation review”
and that the Government would also
“monitor the impacts of the PSR’s action and consider the case for further action where necessary”.
That does not go far enough. Fraudsters keep changing their business models in reaction to actions by industry and the authorities, so it is essential that this is kept under continual review rather than only a one-off, post-implementation review. It is also important that the impact assessments are published. Can the noble Baroness provide any greater comfort in those respects?
On the league table, the noble Baroness said on 13 March that the PSR
“is currently consulting on a measure to require payment service providers to report and publish fraud and reimbursement data”.—[Official Report, 13/3/23; col. GC 166.]
It is now nearly three months later, so can the noble Baroness provide an update on whether this consultation has progressed and whether the data will in fact be published? It would be better if such data was published by a single source such as the PSR rather than piecemeal by payment service providers. I beg to move.