Fraud has become the defining operational and regulatory risk for financial services. With authorised push payment scams surging, mandatory reimbursement tightening pressure, and Consumer Duty raising expectations, firms face a pivotal moment. Those who invest early in smarter monitoring, clearer communication and faster interventions won’t just reduce losses – they’ll strengthen trust.
Published: 27 March 2026
Authors: Daren Allen
According to our annual Litigation Report, general counsel (GC) in financial services faced almost twice as many fraud related disputes (47%) as any other sector in the past year. And the risk isn’t easing. When GCs look three years ahead, fraud tops the list of expected disputes (63%), eclipsing even major concerns like tax and IP. It’s a clear warning: FS businesses are entering an era where fraud isn’t a peripheral threat. Instead, it’s the central battleground shaping regulatory scrutiny, operational resilience and customer trust.
Operational risk redefined
But what is driving the focus on fraud? Authorised push payment (APP) fraud now accounts for hundreds of millions in losses each year, with banks absorbing most of the cost upfront under the mandatory reimbursement regime. These scams don’t rely on complex system breaches. They rely on people. Criminals manipulate customers into sending money themselves, often convinced they’re responding to a trusted request or chasing a legitimate investment. The surge in cases has pushed APP fraud into the spotlight, drawing scrutiny from regulators, the media and the public. It is now firmly recognised as a core operational and regulatory risk for banks and payment providers, not just a criminal issue.
The stakes have grown even higher with the introduction of the mandatory reimbursement scheme. Banks must now repay most APP fraud victims at speed, with only narrow exceptions such as clear cases of gross negligence. The financial impact is significant, with losses mounting into the hundreds of millions. The operational pressure is equally intense: firms must assess and settle claims within extremely tight timelines, with a target for most cases to be resolved within five business days. This is a challenge that hits smaller institutions hardest as they race to match the capabilities of larger banks with established fraud infrastructure. The risk of system abuse adds another layer of complexity.
Regulation steps up
Perhaps unsurprisingly, regulators have responded decisively. The Financial Conduct Authority’s 2025-2030 strategy has made APP fraud a priority within its broader approach to financial crime, emphasising the need for robust systems, proactive monitoring and stronger customer protections. Its Consumer Duty raises the bar even further for how firms respond. It expects proactive protection – spotting unusual activity early, stepping in fast, and supporting customers with clarity and empathy throughout the process. It pushes firms to move beyond quick payment processing and towards behaviour that genuinely prevents harm: asking questions, offering warnings, and helping the moment fraud is suspected. In short, Consumer Duty makes active monitoring, timely intervention and meaningful support a regulatory expectation, not a nice to have.
A strategic opportunity
The message for financial services is clear: the firms that will thrive in this new landscape are the ones that treat fraud as a frontline strategic risk, not just a cost of doing business. APP fraud is exposing weaknesses in systems, culture and customer journeys, and regulators are watching. But this moment also creates opportunity. Firms that invest early in smarter monitoring, clearer customer communication and more joined up operational processes won’t just meet regulatory expectations, they’ll rebuild trust at a time when it’s under strain.
In an era where fraud is accelerating faster than defences, the winners will be those bold enough to rethink their approach now, before the next wave hits.