Fraud Technique shifts the burden upstream – and banks are within the firing line

The UK’s new Fraud Technique is not only a more durable stance on criminals, it’s a blueprint for pushing fraud prevention onto the infrastructure suppliers that will allow frauds to scale. For banks, the message is evident: reimbursement is not the top of the story, prevention is turning into a core market obligation.
Fraud has turn out to be too massive for the UK’s regulation enforcement to deal with alone. The Authorities’s Fraud Technique 2026-2029 (the “Technique”) describes fraud because the UK’s largest crime kind, with an financial price of a minimum of £14.4bn in 2023-24. The Technique commits over £250m from 2026-2029 and entails three pillars: Disrupt, Safeguard and Reply. For banks, a very powerful message sits beneath that construction: fraud prevention is shifting upstream.

It’s yet one more compliance shift for a sector already anticipated to hold out diligence on clients, monitor and detect suspicious transactions, and supply reimbursements. The Technique factors to one thing even broader; the growing expectation that banks have fraud controls embedded into product design, onboarding journeys, fee flows, authentication, account safety, buyer communications and mule detection. Reacting nicely after a fraud occasion is not going to be sufficient.

From reimbursement to prevention

On the monetary providers sector, the Technique is well mannered concerning the progress banks have made. It recognises the Retail Banking Fraud Constitution of 2021, Affirmation of Payee, the Banking Protocol, and the necessary reimbursement regime for eligible authorised push fee frauds (“APP Fraud”), which returned £173m to victims in its first 12 months. However the identical part makes clear that the present strategy has not solved the issue. At the very least £629.3m was stolen within the first half of 2025 alone, together with £371.8m of unauthorised fraud.

The Authorities is now asking why, regardless of these efforts, fraud continues to get via. A House Workplace Name for Proof on APP Fraud is due in 2026. The Monetary Conduct Authority (“FCA”) is predicted to contemplate good and poor follow in stopping APP Fraud and cash mules. HM Treasury intends to repeal the prevailing Robust Buyer Authentication technical requirements, permitting the FCA to include new requirements geared in direction of a extra agile, outcomes-focused strategy.

That is the route of journey for banking. The query is not going to solely be whether or not a financial institution met a prescriptive, static, management, it will likely be whether or not its controls tailored because the fraud risk modified.

The rise of the “enabler” lens

Some of the commercially necessary themes within the Technique is the stress on companies as potential fraud enablers, not simply victims.

Banks sit in the course of that image; not merely victims of fraud losses or processors of disputed transactions. They’re the infrastructure criminals must monetise frauds – and conversely are additionally described within the Technique because the final line of defence. That doesn’t imply banks are answerable for each fraud. What it does imply is they are going to face rising stress to show that their methods are usually not straightforward to use.

The brand new company offence of failure to forestall fraud reinforces this wider route.

For financial institution boards, the takeaway is straightforward. They may more and more be judged on designing agile and adaptable anti-fraud controls for an ever-changing fraud panorama. That may be a greater bar than having a reliable fraud response workforce.

What banks ought to do subsequent

The temptation is to learn the Technique as an inventory of future consultations and regulatory developments to be thought of at a later stage. Nonetheless, banks ought to actually deal with it as a sign of the place regulatory and political expectations are heading and think about what actions could must be taken to satisfy such expectations.

Because the Technique calls out, defensive measures hardly ever cease criminals for lengthy. New controls sparks innovation, and criminals proceed to search for methods to undermine future countermeasures. The sector will want stronger authentication, higher KYC and buyer due diligence, more practical mule detection, extra clever fee warnings, higher use of behavioural alerts and a clearer view of how fraud strikes throughout channels – all of which must be adaptable, with requirements nonetheless to be confirmed. That is no imply feat.

At this juncture, with out additional steerage or regulatory improvement, banks ought to think about, a minimum of, the next sensible steps:

First, map the fraud journey from first contact to cash-out. Meaning understanding the place clients are being defrauded earlier than they enter the financial institution’s surroundings, the place fee controls are weak, the place warnings are ignored, the place mule accounts enter the system, and the place restoration fails. The purpose shouldn’t be including friction in every single place, it’s to put friction the place it has one of the best likelihood of stopping hurt, and shifting that friction when the risk evolves.
Secondly, strengthen authentication and id controls with out stifling reputable banking. The Technique focuses on passkeys, digital verification providers and outcomes-based authentication, and the proposal of latest requirements (TBC). Banks ought to think about shifting away from present requirements of static and bodily biometrics (like one-time password or facial recognition – for the ‘one thing they’ve and are’ exams), and as a substitute embrace dynamic and behavioural biometrics as a compliant authentication issue.
Thirdly, make sure the controls are correctly documented, examined and legally assured. As expectations turn out to be extra outcomes-focused, banks might want to present how controls function, are examined, and adapt to new applied sciences, plus how board-level oversight operates. That is the place authorized assurance turns into important: banks might want to present not solely that fraud controls exist, however that they are often defined, challenged, evidenced and defended.

In the end, the route of journey is evident the UK Authorities’s Fraud Technique 2026-2029 is in search of to maneuver fraud prevention upstream, throughout an array of sectors and it’s not only a regulation enforcement subject. For banks, there’s a reputable query as as to if this allocation of accountability is truthful, significantly given the already vital regulatory, operational and monetary burden borne by banks on this house. Nonetheless, no matter that debate, the sensible burden, is actual: banks are being requested to maneuver from reactive to proactive compliance throughout the complete buyer lifecycle. Assembly that expectation would require main funding. In the end, banks that deal with the Technique as an early sign and act now, fairly than ready for formal regulatory improvement, shall be higher positioned to satisfy the requirements which might be coming and to guard each their clients and their very own place.

Josie Welland, Senior Managing Affiliate, Sidley

“Fraud Technique shifts the burden upstream – and banks are within the firing line” was initially created and revealed by Retail Banker Internationala GlobalData owned model.

The data on this website has been included in good religion for basic informational functions solely. It isn’t meant to quantity to recommendation on which you need to rely, and we give no illustration, guarantee or assure, whether or not specific or implied as to its accuracy or completeness. You should acquire skilled or specialist recommendation earlier than taking, or refraining from, any motion on the premise of the content material on our website.

Source link

Login

Register

From reimbursement to prevention

The rise of the “enabler” lens

What banks ought to do subsequent

Related posts