The UK continues to see staggering levels of fraud, with Ofcom research indicating that almost nine out of 10 online adults (nearly 43 million people) have encountered suspected scams. With fraud accounting for over 40% of crime, and having a significant impact not only on those individuals or businesses who fall victim, but also on the UK's financial reputation and our national and economic security, it is a critical issue for the new government to address. This article explores the Labour government's proposed strategy to combat fraud and the potential implications for various sectors.
An integrated approach to fraud
Labour has set out a plan to tackle fraud through an integrated approach that involves government, law enforcement, regulators, financial services firms, and technology companies. However, the focus of their integrated approach seems to be aimed at online technology companies, representing a shift from the historical focus on the financial sector. This shift is a natural progression given an estimated 80% of authorised push payment (APP) fraud originates online.
This strategy is not entirely new; it builds upon initiatives started by the previous Conservative government and outlined in its Fraud Strategy published in May last year, in which it set out how government, law enforcement, regulators, industry, and charities would work together to cut fraud. Online tech companies were already within the previous government's sights, with the Online Safety Act setting out requirements to tackle fraudulent advertising online. In addition, the voluntary Online Charter was introduced in November last year, with major technology companies such as Amazon, eBay, Facebook and Google amongst the initial signatories. As explained in our previous article, the Charter calls on signatories to implement measures to better protect users, including deploying verification measures for new advertisers and increasing levels of verification on peer-to-peer marketplaces.
The Labour government's proposals however, appear to go further than this, giving a clear indication that they intend to introduce a wider regulatory framework for tech companies and telcos to participate in the fight against fraud, including through sharing data with financial services firms to enhance detection and prevention measures.
Voluntary schemes vs regulation
The move from voluntary schemes to regulation is a journey that we have already seen in the financial services sector. The call to action came as long ago as 2016, when the consumer organisation Which? made a super-complaint to the Payment Systems Regulator (PSR) and the FCA, arguing that banks could do more to protect consumers from APP fraud. This led to the development of the voluntary Contingent Reimbursement Model (CRM) Code which took effect in May 2019. Although this saw reimbursement rates increase, there was significant variation in reimbursement rates and of course not all banks were signatories. As such, it led very quickly to calls for the scheme to become mandatory.
The introduction of the mandatory scheme is currently expected in October 2024 and will require reimbursement up to a maximum of £415,000 unless there has been gross negligence by the customer. This liability will be split 50/50 between the sending and receiving bank, in the hope that this shared liability will incentivise banks to work together in sharing information, acting promptly at the time of the fraud and addressing any vulnerabilities in their fraud prevention systems. This is another example of the integrated approach to fraud which is already on the agenda.
As far as the online technology sector is concerned, in addition to the voluntary Online Charter, we have seen other voluntary commitments made by some companies. Such voluntary schemes and commitments have a valuable place and have been seen to reduce levels of fraud, and key players in the sector seem willing to co-operate, perhaps in an effort to avoid more stringent regulation. However, as we have seen in the financial sector, unless commitments are made across the entire sector, inconsistencies are likely to arise, and it is perhaps inevitable that regulation will always follow. The new government has certainly made clear that is its intention.
The extent of the regulatory framework
The details of the Labour government's proposed regulatory framework for online tech companies have yet to be revealed, and were disappointingly absent from the King's Speech. However, one issue that remains an open question is whether online tech companies will be called upon to reimburse victims. The Conservative government dropped proposals to that effect last year, in light of concerns about the impact on the sector.
Significantly, none of the manifestos of the main political parties went so far as to expressly set out proposals for reimbursement. However, with bodies such as UK Finance calling prior to the election for the new government to look at how online platforms, internet service providers and telecommunications companies can be made to contribute to the cost of fraud reimbursement, it is a question that is likely to remain on the political agenda.
Ongoing challenges
Rapid developments in technology continue to represent the biggest challenge in tackling fraud. The recent spate of targeted attacks on large businesses using AI, deepfakes, voice and video cloning demonstrate the extent of the problem.
At present, the best defence to such attacks is increased awareness, established systems and approval processes, and a healthy level of scepticism around unexpected communications. But government policy must include support for the development of advanced fraud detection technologies that can counter sophisticated scams, as well as leadership and participation in international efforts to combat cross-border fraud.
Conclusion
The King's Speech delivered on 17 July 2024 set out the Labour government's plans for the country, including over 35 bills. With little mention of fraud, we must wait to see how the government will implement the regulatory framework that they have proposed. We can, however, expect to see ongoing change, particularly in the way that online technology companies are expected to operate. As the new government's plans unfold, and the legal landscape develops, we can only hope that consumers and businesses are better protected, and that fraud protection strategies are able to keep up with the technological advances that will undoubtedly be exploited by the fraudsters.