Banks concerned about conflicting fraud reporting obligations

Market participants have reacted to a call for regulators to do more to align European banks’ fraud reporting obligations – which are currently “fragmented” and could cause “ambiguity, cost and effort inefficiencies”.

“Account servicing payment service providers (ASPSPs) are concerned about fragmentation, and the incredible workload that comes with that because the requirements, timelines and formats are not aligned across the different communities and will be superseded by the ECB regulation shortly afterwards,” says Annick Moes, spokesperson for the Euro Banking Association (EBA).

“While the ECB regulation is technically foreseen to incorporate the EBA guidelines on fraud reporting, it is difficult to understand what this means in practice since the guidelines will not have been implemented in a uniform way across Europe,” she says.

Roberto Scognamiglio, product manager at anti-fraud vendors, TAS Group, said by email that the current EBA guidelines “risk different interpretations at country level and, other than causing ambiguity, creates cost and effort inefficiencies in fraud monitoring and reporting

Scognamiglio also added that the ECB ran the risk of contradicting the EBA’s article 21 of the regulatory technical standards (RTS) on Strong Customer Authentication (SCA).

“In our opinion, the ECB’s revised regulations on payment statistics should also avoid introducing inconsistencies with the content of the EBA’s article 21 of the RTS on SCA which comes into effect this September,” said Scognamiglio.

The EBA published its recommendation for a pan european standardised and aligned approach to fraud reporting at the beginning of this week. The recommendation was jointly made during workshops involving the PSD2 Practitioners’ Panel and the SCT Inst Migration Action Round Table (SMART2) and is endorsed by representatives from 18 ASPSPs including Barclays, Deutsche, Intesa Sanpaolo and Nordea.

Borrowed time: EBA and practitioners’ panels call for a reassessment:

  • PSPs and NCAs should not be required to run two subsequent implementation programmes: one for meeting the EBA’s fraud reporting requirements applicable as from 2019 and one for complying with the revised ECB’s Regulation on Payments Statistics applicable from 2021.
  • A full alignment of the reporting content and format.
  • Start and end dates of each reporting period and submission deadlines should be the same.
  • Data collection and transmission should be fully standardised based on reporting IT taxonomy.

A pan European approach to fraud… data sharing?

According to Thomas Egner, secretary general of the EBA, there is firm interest among the EU’s ASPSPs for fraud prevention data sharing and improvements to informing each other over suspicious activity, particularly in the case of SCT Inst.

“For this to work at a pan-European level it obviously would require the necessary legal framework and authority support, and I think that’s probably where some of the anti-fraud activities at the level of the European Payments Council come in,” he said.

“In the instant payments space you risk seeing an enormous acceleration of fraud issues if you don’t keep up to speed. There is a dedicated fraud detection sub group of the SMART2 initiative we [Euro Banking Association] facilitate in the SCT Inst space. This sub group is looking at how fraud detection could be further improved through more harmonisation and collaboration at pan-European level,” said Egner.

Likewise, TAS Group’s Scognamiglio believes there is an opportunity to create a “sort of ‘European repository’ to combat fraud” through the regular sharing of fraud data.

“This is increasingly important as new payment tools and methods are adopted and can contribute to a ‘natural selection’ of those tools which are more robust and secure than others. The positive effects of this type of pooling of information will, of course, be greater the more frequent the sharing,” he said.

Related reading