Financial Ombudsman Service decision

DRN-6212741

Authorised Push Payment (APP) ScamComplaint not upheld
Get your free legal insight →Email to a colleague
Get your free legal insight on this case →

The verbatim text of this Financial Ombudsman Service decision. Sourced directly from the FOS published decisions register. Consumer names are reduced to initials by FOS at point of publication. Not an AI summary, not a paraphrase — every word below is the original decision.

Full decision

The complaint Mrs M is unhappy Lloyds Bank PLC (‘Lloyds’) hasn’t refunded her the money she lost after falling victim to an authorised push payment (‘APP’) scam. What happened The details of this case are well-known to both parties, so I don’t need to repeat them at length here. In summary, Mrs M (and her husband) fell victim to an employment / visa purchase scam. As Mrs M liaised with the scammer and made the payments, and for ease of reading, I will refer to Mrs M in the main. Mrs M had been looking for a job for her and her husband which provided a Certificate of Sponsorship (‘CoS’), which they could use for a visa application when their current visa was due to expire. Mrs M came across an individual whom I’ll call ‘F’ on a well-known social media platform. F had posted advertising they could assist with job searches and application support for jobs with employers who offered a CoS. Mrs M contacted F directly, and believing he would help, paid £2,500 across three payments between 20 – 29 May 2024. Mrs M realised it was a scam when there were delays and then communication became inconsistent – and Mrs M says F subsequently blocked her and deleted the conversation history. Mrs M contacted Lloyds on 18 August 2024 to report the matter and to see if it could recover or reimburse her funds. Lloyds subsequently contacted the Receiving Firm (the beneficiary bank where the funds had been sent to), but unfortunately it advised no funds remained that could be recovered and returned to Mrs M. Lloyds also considered whether Mrs M was due a refund of the funds she lost. Lloyds considered the case under the Lending Standards Board Contingent Reimbursement Model (‘CRM’) Code which it was a signatory of at the time of the payment. The CRM Code was implemented to reduce the occurrence of APP scams. The CRM Code required firms to reimburse customers who had been the victims of APP scams like this in all but a limited number of circumstances. Lloyds didn’t agree that it was liable to reimburse Mrs M under the CRM Code. It didn’t consider Mrs M had carried out enough checks or taken enough steps to verify the legitimacy of who she was paying. So, it considered there was an exception to reimbursement – namely that Mrs M didn’t have a reasonable basis for believing that the payment was for genuine goods or services, or that the person or business with whom she transacted with was legitimate.

-- 1 of 5 --

Lloyds did offer and pay £100 for the distress and inconvenience it caused due to the delays in its answering of the complaint. Unhappy with Lloyds’ response, Mrs M brought her complaint to this service. One of our Investigator’s looked into things and didn’t uphold the complaint. In short, they agreed with Lloyds’ assessment of the complaint under the CRM Code – that Mrs M made the payments without having a reasonable basis for believing that the payments were for genuine goods or services; and/or the person or business with whom she transacted with was legitimate. They considered there were some concerning features that ought to have given Mrs M cause for concern that all might not be as it seemed. And, given the value of the payments, they didn’t consider, under the CRM Code, that Lloyds was required to display an ‘effective warning’ as part of the payment process. The Investigator also considered that while there were provisions under the CRM Code relating to vulnerability, they weren’t persuaded that Mrs M was unable to protect herself from what had happened here – so didn’t consider Mrs M met the definition of a vulnerable customer as set out within the CRM Code. The Investigator also didn’t consider that Lloyds could have done anything more to try and recover Mrs M’s funds as the scam was reported on 18 August 2024 – which was some time after the payments had been made, and the beneficiary bank had confirmed no funds remained. So, our Investigator agreed Lloyds had acted fairly and reasonably in choosing to decline reimbursement under the CRM Code. Mrs M didn’t agree with the Investigator’s opinion. So, as agreement couldn’t be reached, the complaint has been passed to me for a final decision. What I’ve decided – and why I’ve considered all the available evidence and arguments to decide what’s fair and reasonable in the circumstances of this complaint. I’m aware that I’ve summarised this complaint and Mrs M’s responses briefly, in less detail than has been provided, and in my own words. No discourtesy is intended by this. Instead, I’ve focussed on what I think is the heart of the matter here. And that is whether it was fair for Lloyds to decline reimbursing Mrs M under the provisions of the CRM Code or whether there was any other failing by Lloyds that meant Mrs M’s loss could have been prevented. If there’s something I’ve not mentioned, it isn’t because I’ve ignored it. I haven’t. I’m satisfied I don’t need to comment on every individual point or argument to be able to reach what I think is the right outcome. Our rules allow me to do this. This simply reflects the informal nature of our service as a free alternative to the courts. In deciding what’s fair and reasonable, I’m required to take into account relevant law and regulations; regulatory rules, guidance and standards; codes of practice; and, where appropriate, what I consider to have been good industry practice at the time. I’m sorry to disappoint Mrs M, but I’m not upholding her complaint. I know she’s been the victim of a cruel scam, and I don’t doubt that these events have had a significant impact on her and her husband. But I don’t believe Lloyds has acted unfairly or unreasonably in not reimbursing Mrs M under the provisions of the CRM Code or for any other reason. I’ll explain why.

-- 2 of 5 --

There’s no dispute that Mrs M authorised the payments that are the subject of this complaint, even though she did so as a result of being deceived by a fraudster. Broadly speaking, under the account terms and conditions and the Payment Service Regulations 2017 (which are the relevant regulations here), she would normally be liable for them. But that isn’t the end of the story. Where a customer has been the victim of a scam it may be appropriate for the bank to reimburse the customer, even though payments have been properly authorised. Of particular relevance to the question of what is fair and reasonable in this case is the CRM Code. The CRM Code required firms to reimburse customers who have been the victims of APP scams like this, in all but a limited number of circumstances. Under the CRM Code, a Sending Firm (in this case Lloyds) may choose not to reimburse a customer if it can establish that*: • The customer made payments without having a reasonable basis for believing that: the payee was the person the Customer was expecting to pay; the payment was for genuine goods or services; and/or the person or business with whom they transacted was legitimate. • The customer ignored what the CRM Code refers to as an ‘Effective Warning’ by failing to take appropriate action in response to such an effective warning. *Further exceptions outlined in the CRM Code do not apply to this case. In this case, I think Lloyds has been able to establish that it may choose not to reimburse Mrs M under the terms of the CRM Code. I’m persuaded one of the listed exceptions to reimbursement under the provisions of the CRM Code applies. I have taken into account all of the circumstances of this case, including the characteristics and complexity of the scam. Having done so, I think the concerns Lloyds has raised about the legitimacy of the transactions Mrs M made are enough to support its position that she didn’t have a reasonable basis for believing the payments were for genuine goods or services; and/or the person or business with whom she transacted with was legitimate. I’ll explain why. In order to determine whether this exception to reimbursement applies, I must ask if Mrs M made the payments she did whilst having a reasonable basis for belief that all was genuine. I’m afraid I don’t find that’s the case having considered all the testimony and evidence presented to me. Upon reviewing what’s happened, I understand that Mrs M was worried about her and her husband’s visas expiring and the need for them to obtain a job that provided them with a CoS. And I am mindful of the potential consequences of what could happen to them if they didn’t obtain a job with a CoS. However, I have to also bear in mind how Mrs M came across the individual in question (F) and whether there were signs that ought to have led her to consider that things might not be as they seemed. Having considered this aspect, I think Mrs M needed to approach matters with far more caution and ought to have sought to verify things more than she did. Mrs M came across F through a social media post. So, Mrs M didn’t know this person, nor had she been recommended F by someone else who had used F. And it doesn’t appear that F worked for a company either. And I’m also mindful that while the conversation/messages between Mrs M and F are no longer available, Mrs M seemingly received no formal documentation or an invoice setting out the details of any agreement or arrangement with F

-- 3 of 5 --

and what work he would undertake. Mrs M also paid into a personal account belonging to F – and not a business account. It doesn’t appear that Mrs M sought to verify that F worked for a genuine company or recruitment agency and took things at face value. Given Mrs M was seeking employment with an employer who provided a CoS, it’s reasonable to expect that Mrs M ought to have checked/carried out research to ensure that the person – F and any company or recruitment agency she was potentially dealing with was legitimate or actually existed. I’m also mindful that when applying for any types of Visas, clear information about the process and costs are available on the GOV.UK website. Mrs M and her husband had been residing within the UK and Mrs M does communicate (speak, read and write) in English. And it is not unreasonable to suggest that her and her husband could have looked at what the formal requirements and processes are and what the costs typically are – especially given the seriousness of matters and the potential Visa implications they may face. Overall, I think there were sufficient red flags here that reasonably ought to have led Mrs M to have acted far more cautiously than she did, and ask questions, or carry out some additional checks to ensure the person she was dealing with was legitimate. So, I think Lloyds can fairly rely on one of the exceptions to reimbursement – that Mrs M made the payments without a reasonable basis for believing the payment was for genuine goods or services; and/or the person or business with whom she transacted with was legitimate. Should Lloyds have done anything else to prevent the scam? Good industry practice requires that regulated firms such as Lloyds engage in the monitoring of customer accounts and to be on the lookout for suspicious or out of character transactions with an aim of preventing fraud and protecting customers from financial harm. And under the CRM Code, where it identified a risk of a customer falling victim to an APP scam, it was required to provide that customer with an ‘effective warning’. We now know, with the benefit of hindsight, that Mrs M was falling victim to a scam. But based on the information that was available to it at the time, I don’t consider Lloyds would’ve had any reasonable basis for believing that its customer was falling victim to an APP scam at the time the payments were made. So, when considering the CRM Code, it wasn’t required to provide its customer with an ‘effective warning’ – as defined by the CRM Code. I say this because I don’t consider the payments appeared so out of character or unusual and the payments weren’t particularly large or remarkable. So, I can’t fairly or reasonably conclude that Lloyds hasn’t met its obligations under the CRM Code. Also, and for the same reasons, I’m not persuaded Lloyds would’ve had any grounds for intervening to question the payments any further with Mrs M, such as carrying out some additional checks or through human intervention, before allowing them to be processed. So, I can’t fairly say Lloyds would have been able to prevent Mrs M’s loss either.

-- 4 of 5 --

Recovery of funds I have also considered whether Lloyds did all it could to try and recover the money Mrs M lost. Lloyds was limited in terms of what it could do here; it could only ask the Receiving Firm to return any money that remained in the recipient’s account. It needed to make enquiries quickly for the best chance of recovery. The evidence I’ve seen persuades me Lloyds did act quickly. While Mrs M had reported the matter – it was in August 2024, which was unfortunately some months after she had made the payments in late May 2024. Sadly, it is common for fraudsters to withdraw or move the money on as quickly as possible. And that was the case here with the Receiving Firm confirming in its response to Lloyds that no funds remained. So, sadly there wasn’t any further Lloyds could do to help Mrs M recover any money. Vulnerability Under the CRM Code, if it is deemed that a customer was vulnerable, then they are entitled to be reimbursed. However, for the reasons I’ve touched on above, I don’t find Mrs M was vulnerable. I’m not persuaded that the evidence suggests that either her or her husband was unable to protect themselves from this particular type of scam. I’ve not seen any evidence to suggest that either Mrs M or her husband couldn’t have questioned/challenged or carried out more research to have satisfied themselves that they were dealing with a legitimate person/company. The customer service Mrs M received Lloyds accepts that Mrs M didn’t receive a good customer journey, and there were clearly delays which would have caused Mrs M some unnecessary distress and inconvenience. Lloyds has offered and paid £100. I think that compensation amount is fair – and it recognises the impact those delays had and the inconvenience caused to Mrs M in having to chase matters. Summary With all of this in mind, I am sorry that Mrs M lost her money this way and fell victim to a cruel scam and is out of pocket as a result. And I don’t underestimate her strength of feeling and why she thinks this money should be returned in full. But for the reasons explained, I don’t find that Lloyds has acted unfairly or unreasonably in not reimbursing Mrs M under the provisions of the CRM Code. And it isn’t liable for the loss either, as I don’t find it could have reasonably prevented her loss or recovered any funds as they had already been moved on or utilised already. And finally, it has offered and paid fair compensation for the customer service Mrs M received. My final decision For the above reasons, I don’t uphold this complaint. Under the rules of the Financial Ombudsman Service, I’m required to ask Mrs M to accept or reject my decision before 14 May 2026. Matthew Horner Ombudsman

-- 5 of 5 --