Financial Ombudsman Service decision

Barclays Bank UK PLC · DRN-6079930

Investment PlatformComplaint not upheld
Get your free legal insight →Email to a colleague
Get your free legal insight on this case →

The verbatim text of this Financial Ombudsman Service decision. Sourced directly from the FOS published decisions register. Consumer names are reduced to initials by FOS at point of publication. Not an AI summary, not a paraphrase — every word below is the original decision.

Full decision

The complaint Mrs C complains that Barclays Bank UK PLC won’t refund the money she lost to a scam. What happened The details of this complaint are well-known to both parties. So rather than repeat them all here, I’ve summarised the events key to my determination. In early 2025, Mrs C received a message from an unknown person claiming to offer a remote job opportunity. She was added to a group message thread with others supposedly doing the role and instructed to set up an account on a platform for the alleged employer. Unfortunately, this was a scam. Mrs C was told she would receive commission in exchange for completing the tasks – but that she had to make payments to the platform to clear/unlock those tasks first. She started making payments via a cryptocurrency wallet. After a few payments had been sent (totalling around £1,120), Barclays spoke to Mrs C on the phone about what she was doing. She claimed she was investing directly via her own, established cryptocurrency wallet and wasn’t getting any guidance or support with this. Barclays then allowed her to send further, larger payments. Shortly after, Mrs C discussed what she was doing with her son – and they called Barclays to report that she had been scammed. After considering her scam claim, Barclays ultimately decided not to refund the payments she had made. Mrs C then contacted an individual who was active in the group chat she had been added to and discussed her concerns that the job was a scam. They told her they had managed to withdraw after clearing their negative balance. She then started sending further payments to the scam. The next four payments were sent as transfers to four different third parties, rather than being sent on via her cryptocurrency wallet. When entering the payment details, Mrs C variously selected that these were for buying a physical item or paying friends and family. The remaining payments were sent on via other accounts Mrs C held (largely cryptocurrency wallets). Across January and February 2025, Mrs C sent around £35,000 on to the scam via her Barclays account, yet received no pay or commission. In March 2025, she reported the later payments as part of the scam and asked Barclays to refund her. When it didn’t agree, she referred the matter on to our service. Our investigator didn’t uphold Mrs C’s complaint. He found that the transfers to third parties were covered by the FPS Reimbursement Rules (“the Reimbursement Rules”) – but thought Barclays could fairly rely on the Consumer Standard of Caution Exception (“the Exception”) not to reimburse them as he concluded Mrs C had failed with gross negligence to have regard to Barclays’ interventions.

-- 1 of 9 --

The remaining payments (sent on via Mrs C’s own accounts) weren’t covered. But similarly, given how Barclays had intervened, the investigator wasn’t persuaded that it ought to have been able to uncover and prevent the scam at the time. Mrs C has appealed the investigator’s outcome. In summary, she says: • she was in difficult circumstances at the time and her vulnerability was exploited by the scammers; • she wasn’t clear from the initial reporting that the scheme was definitely a scam; and • she was convinced by the individual she spoke to who told her to continue paying. What I’ve decided – and why I’ve considered all the available evidence and arguments to decide what’s fair and reasonable in the circumstances of this complaint. Having done so, I’ve decided not to uphold it. I appreciate this will be disappointing for Mrs C, who has clearly fallen victim to a cruel scam. However, having carefully considered all the circumstances, I’m not persuaded it would be fair to direct Barclays to refund her loss. I’ve explained how I’ve reached my decision below. I want to highlight that, while I have carefully considered everything that has been submitted, my decision is focussed on the points I consider key to my determination – meaning not all information provided may be cited or commented on. This isn’t intended as a discourtesy; it’s just a reflection of the informal nature of our service. Under the Payment Services Regulations 2017, Payment Service Providers (PSPs) such as Barclays have a duty to act on authorised payment instructions without undue delay. As Mrs C authorised the payments she is disputing, the starting position is that she is liable for them. But as she made them due to falling victim to an Authorised Push Payment (APP) scam, there are some further considerations which affect whether Barclays might be expected to refund her. In 2022, against a backdrop of increasing APP fraud and the devastating consequences it can have, the Treasury announced its intention to introduce legislation for the Payment Systems Regulator (“PSR”) to require PSPs to reimburse victims of APP scams. This led to the implementation of The Reimbursement Rules, which came into force on 7 October 2024 and apply to all UK-based PSPs. Broadly, they put a requirement on firms to reimburse APP scam payments made via the Faster Payments Scheme (a similar set of rules covers CHAPS payments), unless an exception to reimbursement applies. In this case I’ve first considered whether the Reimbursement Rules (and associated guidance) are relevant to the payments in dispute. Where they are relevant, I must have regard to the rules and guidance, as well as considering what is fair and reasonable in all the circumstances of the complaint.

-- 2 of 9 --

The Reimbursement Rules set out the requirements for a payment to be covered. I’ve summarised those below: • The payment must have taken place after 7 October 2024 and have been reported within 13 months after the date of the final covered payment of the scam claim; and • It must have been made as part of an APP scam (whether to a recipient or for a purpose otherwise than the payer intended); and • It must have been authorised by the account holder; and • It must have been made to another UK account that was not under the control of the consumer. There’s no dispute that the above criteria apply to the four transfers sent to third parties. It also appears to be accepted that the remaining payments aren’t covered – due to being sent on to accounts controlled by Mrs C. So, I’ve started by considering Barclays’ liability under the Reimbursement Rules. Should the third party transfers be refunded under the Reimbursement Rules? In order for a payment to be ‘reimbursable’ under the Reimbursement Rules it must meet the following criteria (again summarised): • The consumer is not party to the fraud, and is not claiming dishonestly or fraudulently. • The payments were made in relation to a fraud, rather than in circumstances only giving rise to a private civil dispute. • The purpose of the payment was not unlawful. • The consumer was a Vulnerable Consumer or the Exception does not apply. I can’t see there is any dispute that the first three criteria apply. So, whether Mrs C should be reimbursed comes down to whether Mrs C was a Vulnerable Consumer – or, if not, whether the Exception applies. Vulnerability The Reimbursement Rules set out that a consumer should be reimbursed regardless of whether the Exception would otherwise apply, if: • They were a ‘Vulnerable Consumer’ at the time they made at least one of the scam payments; and • This had a ‘material impact’ on their ability to protect themselves from the scam. Under the rules, vulnerability “Has the same meaning as when the term is used by the FCA in its Guidance for firms on the fair treatment of vulnerable customers, namely that a vulnerable consumer is someone who, due to their personal circumstances, is especially susceptible to harm – particularly when a firm is not acting with appropriate levels of care”. Mrs C (with support from her husband) has let us know about some difficult circumstances she was facing around the time of the scam. I’m sorry to hear about this, and can see how this would have impacted her. However, it’s important to set out that the test I’m considering here goes beyond whether some characteristics of vulnerability were met – but also whether they had a material impact on Mrs C’s ability to protect herself from the scam.

-- 3 of 9 --

I’ve carefully considered what has been submitted about how Mrs C’s thinking was affected at the time. However, I’m also conscious Mrs C recognised the risk after speaking to her son about what she was doing, and was able to take action at that point to protect herself – by reporting the scam to Barclays and, for a time, not making further payments. I have taken on board that Mrs C proceeded after Barclays declined to refund her. But from what I’ve seen and been told, it seems her main reason for this was due to being “desperate” to recover her loss – and due to being persuaded by the person she spoke to from the group chat. However, these factors don’t suggest to me that Mrs C’s circumstances meant she couldn’t identify or weigh up the risk in proceeding. Furthermore, the influence of the individual she spoke to is a feature of the scam for me to consider when assessing her reaction to Barclays’ interventions – rather than being a personal circumstance relevant to her ability to protect herself. Overall. I don’t think Mrs C’s personal circumstances meant she couldn’t have taken steps to protect herself. For example, given that she had spoken to her son about what she was doing previously, I can’t see why she couldn’t have spoken to him again before deciding whether to proceed. I’m not persuaded Barclays ought to refund Mrs C due to her meeting the Vulnerable Consumer criteria. I’ve therefore gone on to consider whether the Exception applies. The Consumer Standard of Caution (CSOC) Exception In order to rely on the Exception, a sending PSP must show that, as a result of gross negligence, a consumer has not complied with one or more of the following standards: • The consumer should have regard to any intervention made by their PSP and/or by a competent national authority (which includes, but is not limited to, any police force or service in the UK). • The consumer should, upon learning or suspecting that they have fallen victim to an APP scam, report the scam claim promptly to their PSP. • The consumer should respond to any reasonable and proportionate requests for information made by their PSP for a limited number of purposes (principally to validate the scam claim and whether it is reimbursable). • The consumer should, after making a scam claim, consent to the PSP reporting to the police on the consumer’s behalf or request they directly report the details of a scam to a competent national authority. Barclays has sought to rely on the first standard set out above - (“the Intervention Standard”). I can’t see that any other standard would apply here. The Intervention Standard The Payment Systems Regulator’s Consumer Standard of Caution Exception Guidance (“the Guidance”) provides guidance to supplement the Reimbursement Rules. It gives a more detailed and specific description of the Intervention Standard: “Consumers should have regard to specific, directed interventions made either by their sending PSP, or by a competent national authority. That intervention must offer a clear assessment of the probability that an intended payment is an APP scam payment.” That description is expanded on in paragraphs 1.8 – 1.10 of the Guidance:

-- 4 of 9 --

“PSPs can expect their consumers to have regard to specific, directed interventions raised either by their sending PSP, or by a competent national authority. Those interventions must clearly convey the PSP’s, or competent national authority’s, assessment of the probability that an intended payment is an APP scam payment. Only in circumstances where the PSP can demonstrate that a consumer who has not been classed as vulnerable has, as a result of gross negligence, not had regard to such interventions can a reimbursement claim be refused. It will be up to payment firms to consider the approach they might take in creating tailored, specific interventions and to develop their own operational approaches and identify best practice. Any intervention for the purpose of this exception should be bespoke. They must be consumer, scam, and transaction specific. They should not consist of ‘boilerplate’ written warnings. Providers should not refuse reimbursement claims on the basis that a consumer received vague, non-specific written warnings, or warnings that routinely accompany most or all transactions of a similar type. Where a PSP does choose to intervene with a written warning, this must be actively brought to the attention of the consumer. PSPs should not rely upon the availability of passive warnings, such as on public websites.” Here, I’m conscious that when Mrs C input the payment purpose for the third party transfers, as well as when she spoke to Barclays on the phone about other payments sent during the course of the scam, she didn’t give accurate reasons for the payments. That made it difficult for Barclays to give scam specific interventions. The PSR has clarified that, in such circumstances, consideration should be given to “the nature of the information given by the consumer to their PSP including its accuracy, as part of their overall assessment of whether the CSOC exception applies.” The PSR has also clarified that a consumer that gives inaccurate responses should not automatically be deemed to be grossly negligent. So I’ve thought about the overall question of whether Mrs C failed with gross negligence to have regard to Barclays’ interventions. In doing so, I’ll consider all of the circumstances, including why Mrs C gave misleading responses to Barclays. How did Barclays intervene? Prior to the third party payments, Barclays intervened by speaking to Mrs C on the phone before processing some other payments made as part of the scam. It explained it needed to ask further questions to assess whether she was falling victim to a scam. Mrs C maintained she was sending money to an established cryptocurrency account she held and was investing because the price of a particular cryptocurrency was low. She said she had opened the account herself, wasn’t being instructed, and hadn’t been speaking to a broker or been added to any group chats. In response, Barclays ran through some warnings relating to the risks of cryptocurrency investment scams. Then, for the payments covered by the Reimbursement Rules, Mrs C was asked to select the purpose of each payment. Before doing so, she was shown a warning explaining that, if she’d been told which option to select, this was a scam.

-- 5 of 9 --

For two of the payments, Mrs C selected she was buying a physical item – and for the other two she selected “friends and family”. She was then shown warnings based on the scam risks commonly associated with those payment reasons (such as purchase and impersonation scams). Barclays also went on to speak to Mrs C about further payments sent later on in the scam – and she similarly maintained that she was investing on her own. Gross negligence under the Reimbursement Rules The Guidance explains that gross negligence has: “… a higher standard than the standard of negligence under common law. The consumer needs to have shown a ‘significant degree of carelessness’. No further guidance is given as to the interpretation of gross negligence. In Red Sea Tankers Ltd v Papachristidis [1997] 2 Lloyd's Rep. 547, Mance J said of gross negligence that it “is clearly intended to represent something more fundamental than failure to exercise proper skill and/or care constituting negligence. But, as a matter of ordinary language and general impression, the concept of gross negligence seems to me to be capable of embracing not only conduct undertaken with actual appreciation of the risks involved, but also serious disregard of or an indifference to an obvious risk.” The Guidance doesn’t provide a significant expansion on the PSR’s brief definition of gross negligence, but does provide some direction on the practical application of the test in relation to the Exception, particularly at paragraph 1.13, which I’ve repeated (in part) below. “…any assessment of the degree of negligence should include consideration of all relevant factors, including: “…the complexity of the scam to which the consumer has become victim, including whether the victim has been subject to any degree of social engineering, or was otherwise in thrall of a scammer” A consideration of “the complexity of the scam” suggests that I should be considering, objectively, whether the scam had complex features (which, given the context, I’ve taken to mean an assessment of whether these were so sophisticated that a reasonable person in the consumer’s position would have found it plausible or compelling). Whereas a consideration of whether the consumer was subject to any degree of social engineering, or was otherwise in thrall of a scammer, seems to me to introduce a more subjective element – whether the consumer was psychologically manipulated into acting in the way the fraudster desired. The Guidance does not provide any further explanation on this point. But it seems unlikely that a purely subjective assessment of gross negligence was intended – that would render the test little more than whether the fraudster was able to manipulate the victim into misunderstanding who was the beneficiary of the payment, or its true purpose. And that is almost always going to be the case, or the payment would never have been made and the fraud would not have succeeded; so there could almost never be a finding of gross negligence. It would also mean that there would be little purpose in considering the complexity of the scam, because what would matter would be whether it succeeded in misleading the victim rather than how that was achieved. On the other hand, it’s also hard to conclude that a purely objective test is intended. That would render a consideration of whether and to what extent the customer was, as a matter of fact, under the thrall of the scammer irrelevant. Whereas that is a matter to which the Guidance refers as amongst the relevant considerations.

-- 6 of 9 --

In summary, I think the Guidance is asking me to consider the complexity of the scam, while also recognising in that context the role that social engineering can have in a victim’s decision making, particularly in light of any interventions. Did Mrs C fail to have regard to Barclays’ interventions with gross negligence? I’ve thought about Mrs C’s actions at the point of making the third party transfers. I think it’s relevant that, prior to making these payments, Mrs C had provided misleading answers to Barclays’ interventions on earlier payments made as part of the same scam. She had similarly provided misleading responses to other firms whose accounts she made scam payments from. Furthermore, I consider it relevant that Mrs C had already reported the matter as a scam. I appreciate what her husband has said about not being certain. But in listening to these calls, I’ve found she (and her son) did clearly say she had been scammed rather than suggesting there was still some doubt about this. Mr C says this may have been said more definitely to seek reassurance on whether or not it was actually a scam. Regardless, I think Barclays’ responses should have affirmed this belief of suspicion. Barclays warned Mrs C about the need to research any job opportunities – and not to make online transfers to people she didn’t know, which she went on to do. It also explained no genuine company would ask her to open or use other accounts to facilitate payments (as the scammers did here). Barclays also told Mrs C to make sure she selected the correct payment purpose when making a payment – and explained, if she didn’t, she wouldn’t be covered if this ended up being a scam. Yet Mrs C went on to select payment reasons that didn’t reflect what she understood she was doing – as well as providing misleading explanations when Barclays spoke to her on the phone about later payments connected to the scam. When asked why she proceeded after reporting the matter as a scam, Mrs C said that she had spoken to a member of the group chat, who she understood to be someone else completing the sale role as her, and they reassured her it was legitimate. However, I do find it hard to reconcile why Mrs C relied on the word of an anonymous person she didn’t know – identified only by initials in the chat – over the advice of both her son and Barclays. Mrs C also said she felt she had no choice to continue due to Barclays failing to offer any support. While I appreciate it didn’t agree to refund her earlier payments, as above, I do think Barclays affirmed that the scheme was a scam. So while I appreciate the impact of the loss, I do think it should have been clear that attempting to recoup this by sending further funds to the same platform came with significant risk. I’ve considered this within the wider context of the scam. I do appreciate there were some more sophisticated elements to this scam, such as the use of a fake job platform. However, the base concept of the scam – that Mrs C could click links to complete tasks, and would earn substantial amounts from doing this, yet would also need to send payments to earn money – wasn’t particularly complex. I’m also conscious the job offer was made via a message from an unknown person, and without any formal contract being provided or any selection process being completed.

-- 7 of 9 --

I appreciate this occurred alongside the social engineering tactics such as the use of others in the chat to reassure Mrs C. However, in looking at the messages she exchanged with the anonymous individual who claimed to have been able to withdraw their funds, it doesn’t appear it took much explanation from them to convince Mrs C. It’s very difficult to conclude it was reasonable for her to proceed after her prior contact with Barclays and her son about the scheme being a scam. More broadly, as I’ve set out above, I don’t think the Reimbursement Rules are asking me to consider a purely subjective test. I must weigh up the role of social engineering against the other factors listed in the Guidance – particularly the (objective) complexity of the scam. Moreover, it is necessary to keep in mind the meaning of gross negligence, specifically the extent to which Mrs C showed a serious disregard for an obvious risk. Unfortunately for Mrs C, I think the nature (and plausibility) of the scam wasn’t particularly complex. And in looking at the clear questions Barclays asked when she made these payments, and the inaccuracy of her responses, I do think Mrs C showed a serious disregard for Barclays’ attempts to intervene – as well as for the overall risk in proceeding. It appears Mrs C was largely motivated by wanting to recover her earlier losses. However, in light of what she had already discussed with Barclays, I think she carried on making the payments despite being aware of the risk of proceeding. For example, she had been specifically warned about the relevance and importance of answers its questions accurately, yet repeatedly provided inaccurate responses. And it seems this was done to try to minimise/avoid Barclays’ interventions – knowing it would be concerned if she was paying towards the scheme she had previously reported as a scam. Having carefully considered all the circumstances, I do think Barclays can fairly rely on the Intervention Standard to decline Mrs C’s claim – and so isn’t liable to refund her under the Reimbursement Rules. Should Barclays have prevented Mrs C’s losses? As covered above, most of the payments made towards the scam aren’t covered by the Reimbursement Rules. Regardless, Barclays should also have been on the lookout for uncharacteristic payments or other indications Mrs C might be at risk from financial harm from fraud. Here, it’s clear Barclays did identify a risk and so took action – such as displaying warnings based on the payment reasons selected, as well as speaking to Mrs C directly about what she was doing. In looking at how Mrs C responded to Barclays’ interventions (as well as the interventions of other firms during the course of the scam), I don’t think Barclays can fairly be held at fault for not preventing this scam from unfolding. That’s because Mrs C appears to have been very persistent about paying, including using different accounts to proceed when payments were blocked and overlooking the warnings she was given which had some relevance to the scam she fell victim to. She also didn’t respond accurately when asked about what she was doing – hindering Barclays’ ability to assess, and warn her, of the true risk. I appreciate Barclays allowed further payments to be sent after Mrs C initially reported the scam. But I don’t think it had reason to suspect she would be sending further payments on to that same scheme. And the way the funds were sent on didn’t make it clear they were being sent on to the same ultimate destination.

-- 8 of 9 --

There was no obvious connected between the third party accounts paid and the earlier cryptocurrency payments. And even for those later payments sent to cryptocurrency accounts, Barclays wouldn’t have known how/whether the funds would be sent on unless Mrs C disclosed this – which she didn’t. This included when Barclays specifically mentioned her previous scam report when discussing a later payment. Mrs C insisted the further cryptocurrency payments were not connected, and said it was different from the earlier scam as she was investing alone and wasn’t being told what to do. On balance, I’m not persuaded Barclays missed a clear opportunity to successfully uncover the scam and prevent Mrs C from incurring further fraudulent losses. I therefore don’t think there are grounds to fairly hold it liable for her loss on this basis. Are there any other reasons why Barclays holds liability for Mrs C’s loss? I’ve also considered Barclays’ actions when the scam was reported. For those funds sent on via Mrs C’s own accounts (mainly via cryptocurrency wallets), it couldn’t have recalled the payments – as the funds had been sent on to the scam. Anything not sent on would also have been able to Mrs C to access directly. Barclays has also shown it tried to recover funds from the third party accounts but wasn’t successful. Given the time that had elapsed between making those payments and reporting them as part of the scam, I don’t think it could realistically have recovered them; unfortunately, in scams like this, funds are generally sent on very quickly to prevent them from being recalled. I’ve thought carefully about Barclays’ role in what happened. However, in all the circumstances, I’m not persuaded Barclays made any errors which caused or contributed to Mrs C’s loss. This includes its considering of her claim under the Reimbursement Rules. I appreciate this will be disappointing for Mrs C, and I’m very sorry to hear about the substantial loss she has suffered due to the cruel actions of the scammers. But for the reasons I’ve explained above, I don’t think it would be fair to decide Barclays should reimburse her outstanding loss. My final decision For the reasons given above, my final decision is that I do not uphold this complaint. Under the rules of the Financial Ombudsman Service, I’m required to ask Mrs C to accept or reject my decision before 11 May 2026. Rachel Loughlin Ombudsman

-- 9 of 9 --