Financial Ombudsman Service decision

Santander UK Plc · DRN-6228256

Authorised Push Payment (APP) ScamComplaint upheld
Get your free legal insight →Email to a colleague
Get your free legal insight on this case →

The verbatim text of this Financial Ombudsman Service decision. Sourced directly from the FOS published decisions register. Consumer names are reduced to initials by FOS at point of publication. Not an AI summary, not a paraphrase — every word below is the original decision.

Full decision

The complaint Mr F complains that Santander UK Plc won’t refund the money he lost as a result of an investment scam. Mr F is represented in this complaint, but I’ll refer to him as it’s his complaint. What happened The detailed background to this complaint is well known to both parties. On 14 September 2024, Mr F received a message from an unknown contact on his instant messaging app. It was from Person B (the scammer) who said he was an investment broker who had set up his own company as he had access to software that could assist with crypto trades. Mr F was interested as he was looking for an additional source of income and he’d seen on the media how crypto investments could be very lucrative. Mr F was persuaded to open an account with Person B’s company where he could benefit from his trading tool and monitor the success of his trades. Also, he was part of a messaging group with fake investors. On 16 and 17 September 2024, Mr F made two payments to Person B from his account with crypto exchange Firm C for £20 (16 September) and £5,980 (17 September) after transferring funds from his Santander bank account. £5,000 of the payment was a service fee. Mr F was led to believe his initial investment would earn between £10,000 and £15,000. But that was the last he heard of Person B and he realised he’d been scammed. Mr F contacted Santander to claim a refund. But Santander rejected his claim as the payments had been authorised by him and he paid the scammer through an account elsewhere. Mr F brought his complaint to our service. Our investigator’s view was that Santander should provide Mr F with a refund as she thought Santander should’ve intervened and this would’ve prevented his financial loss. However, she thought the refund should be half of Mr F’s loss, due to contributory negligence, as she couldn’t see that he’d done any due diligence. Mr F agreed but Santander strongly disagree. Santander asked for an Ombudsman review and their points in a voluminous submission included the following: • Mr F had recently made larger multiple transfers to a third party and the funds were going to his own account. • There was nothing to suggest Mr F was at risk of financial harm or that his payment was for the purpose of buying crypto and Santander cannot assume this just because Firm C was being used. Also, the use of Firm C ‘cannot be treated as suspicious in the interest of fairness and integrity’. • ‘The transactions did not detect as unusual by our fraud prevention systems so there was no missed opportunity’ and ‘the financial ombudsman service isn’t a regulator, and it can’t instruct the bank to change the design of its fraud prevention systems’.

-- 1 of 6 --

• An assumption has been made ‘that after having a conversation with Santander Mr F would not have proceeded to send funds. We know from experience that any Santander checks would have most likely been treated as a hindrance to a lucrative investment opportunity. Mr F hadn’t traded in crypto before but as mentioned he was familiar with risk taking using his own funds and its unlikely any hypothetical conversation would have changed his mind’. • They pointed to available crypto information and said our investigator’s ‘argument that there was not much information online in 2024 is defunct’. • ‘He was also not completely honest when selecting the payment reason’ and he ignored Firm C’s prominent warning which said ‘Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment, and you should not expect to be protected if something goes wrong.’ • ‘Mr F was equipped with enough information to know that cryptocurrency investments are high risk and took the risks himself. There is no evidence which suggests a conversation would have deterred Mr F’. What I’ve decided – and why I’ve considered all the available evidence and arguments to decide what’s fair and reasonable in the circumstances of this complaint. Having done so, my decision is to partially uphold this complaint. I’ll explain why. I should first say that: • I’m persuaded by Mr F’s submissions and transactions that a scam has occurred here and I’m very sorry to hear that he has lost a significant amount of money to the cruel scammer. • Although Santander is a signatory of the CRM Code which required firms to reimburse customers who have been the victim of a scam in most circumstances, I’m satisfied this code doesn’t apply here as Mr F paid another account in his name (with Firm C). • Regarding efforts to recover Mr F’s loss. As the payments to the scammer were to a crypto exchange and then onto the scammer, I don’t think Santander could’ve been expected to recover the funds. • The Payment Services Regulations 2017 (PSR) and Consumer Duty are relevant here. PSR Under the PSR and in accordance with general banking terms and conditions, Banks should execute an authorised payment instruction without undue delay. The starting position is that liability for an authorised payment rests with the payer, even where they are duped into making that payment. There’s no dispute that Mr F made the payments here, so they are considered authorised. However, in accordance with the law, regulations and good industry practice, banks should be on the look-out for and protect its customers against the risk of fraud and scams so far as is reasonably possible. If it fails to act on information which ought reasonably to alert a prudent banker to potential fraud or financial crime, it might be liable for losses incurred by its customer as a result.

-- 2 of 6 --

Banks do have to strike a balance between the extent to which they intervene in payments to try and prevent fraud and/or financial harm, against the risk of unnecessarily inconveniencing or delaying legitimate transactions. So, I consider Santander should fairly and reasonably: o Have been monitoring accounts and any payments made or received to counter various risks such as anti-money laundering and preventing fraud and scams. o Have systems in place to look for unusual transactions or other signs that might indicate that its customers were at risk of fraud (among other things). This is particularly so given the increase in sophisticated fraud and scams in recent years, which banks are generally more familiar with than the average customer. o In some circumstances, irrespective of the payment channel used, have taken additional steps, or made additional checks, before processing a payment, or in some cases declined to make a payment altogether, to help protect customers from the possibility of financial harm from fraud. Consumer Duty Also, from July 2023 Santander had to comply with the Financial Conduct Authority’s (FCA’s) Consumer Duty which required financial services firms to act to deliver good outcomes for their customers. Whilst the Consumer Duty does not mean that customers will always be protected from bad outcomes, Santander was required to act to avoid foreseeable harm by, for example, operating adequate systems to detect and prevent fraud. Also, Santander was required to look out for signs of vulnerability. However, although Mr F has provided information on him being vulnerable, I can’t see that he’d made Santander aware of this and discussed any risks and mitigation with them. With the above in mind the above, I first considered whether Mr F’s £5,980 payment should’ve been identified as having a heightened risk and triggered either an automated or a human intervention to protect him from financial harm. Although I recognise the following: A. Santander process thousands of payments for their customers each day and, as mentioned above, they have to strike a balance between the extent to which they intervene in payments to try and prevent fraud and/or financial harm. B. Mr F made the following similar size payments: o £5,000 and £5,900 approximately nine months earlier. o £4,999, £5000 and £5,000 approximately one month earlier. C. Santander didn’t realise he was buying crypto. D. Santander’s system didn’t flag the payment, and it isn’t for our service to give them design instructions. E. Firm C would likely have some warnings. I’m not persuaded by Santander’s argument that the payment wasn’t unusual and didn’t have an elevated risk. I say this because: • In 2024, they would’ve known from the FCA, Action Fraud and their own data that crypto investments carry a very high risk of customers losing all their money due to volatility or to scammers who frequently use it as payment method to fake companies.

-- 3 of 6 --

• The five payments detailed in above Point B were either to a non-crypto financial firm or towards a car purchase. And I can’t see any information that indicates the financial firm payments were related to crypto. • I can’t see that Santander had any information that Mr F had previously invested in crypto and, as it carries an elevated risk, I consider £5,980 to be a large payment and one, for the reasons mentioned above, that could result in financial harm. • Santander could see a sort code that belonged to Firm C, who are the clearing bank for one of the largest crypto exchanges. Also, they’ve shared a report that illustrates the payment was going to Firm C. • By September 2024, Santander would’ve likely seen countless payments to the above sort code, some of which would have been reported as fraud. • Considering their responsibilities detailed in the above referenced PSR and Consumer Duty, I don’t think it is reasonable for Santander to rely on warnings given by a crypto exchange. Having reviewed Santander’s submissions, I can’t see that they did any analysis to understand the payment was unusual, considered questioning the payments or have provided sufficient evidence to persuade me that the payment wasn’t unusual, and it wasn’t proportionate for them to intervene. If a bank doesn’t question payments that might be at risk, then it can’t fulfil its duty to protect customers. I’m not saying that means it must check every payment out of its customers’ accounts. But here, I consider they had information that it was a high-risk crypto payment and with crypto investment scams well known, I think they ought to have identified a elevated risk and put in place: • A human intervention which would ask probing questions to provide relevant education, warnings and look to detect a fraud or scam. I then considered what would’ve happened if Santander had put in place such an intervention and whether their failure to do so caused Mr F’s financial loss. Causation To do this, I looked closely at the file and reflected on whether this type of intervention would’ve made any difference. I noted that Santander: • Consider that Mr F wouldn’t have been honest and would likely have ignored warnings. This is because when they issued an automated warning, he entered what they consider to be a false reason, and this negated their warning. • Think an intervention would’ve likely been treated as a hindrance to a lucrative investment opportunity. • Say our investigator made an assumption when she considered what would’ve likely happened on an intervention. And that there isn’t any evidence which suggests a conversation would have deterred Mr F. Regarding these points: • Although I recognise that Mr F informed Santander that the two payments were to his own account rather than for an investment, there was more than one correct answer. This is because he was making an investment by transferring money to his account

-- 4 of 6 --

with a crypto exchange. So, I don’t think it would be fair or reasonable to interpret this as him being untruthful. • Although scam victims are indeed led to believe their investment is lucrative, they aren’t all persuaded that their bank may prevent payments and many aren’t inclined to be dishonest. • My role (and that of our investigator) is to independently evaluate the evidence provided by both parties. And where evidence is incomplete, inconsistent or contradictory, as some of it is here, a decision has to be reached on the balance of probabilities – in other words, what most likely would’ve happened in light of the available evidence and wider circumstances. Having read Mr F’s submissions and reviewed his dialogue with the scammer, in which I can’t see any evidence of coaching, I have no reason to think he wouldn’t have given honest answers to Santander’s questions. Although I can’t be certain of how he would’ve responded to probing questions, I think it likely a Santander fraud and scam agent, who importantly would be trained to detect lies and been able to see the payment was going to a crypto exchange, would’ve asked the following type of open questions that banks frequently ask: • Payment purpose. • Method of approach. • Checks and research completed. • Expected returns and ability to withdraw. • Third parties, brokers or recovery agents advising of fees. • Third party communications including requests to deceive the bank. Based on the available evidence (Mr F’s dialogue with the scammer and his testimony) I think Mr F would’ve explained the introduction, the promised return and an agent would’ve immediately been suspicious and discussed checks including with the FCA, Companies House and on-line presence and, upon scrutiny of these, the scam would’ve very quickly unravelled. So, having considered the available information and what would’ve likely happened if Santander implemented a human intervention and it was implemented effectively, on balance, I think Mr F’s loss could’ve been prevented and Santander should therefore be held liable. I then considered: Contributory Negligence There’s a general principle that consumers must take responsibility for their decisions. Although I recognise how convincing the cruel scammer was and the impact on Mr F, I’m in agreement with Santander and our investigator that he should’ve been more diligent and: • Completed research on the investment company, verified Person B and not taken their assurances at face value. • Should’ve seen the high return for a small investment within a short period of time (see what happened section), as too good to be true and prompted him to exercise greater diligence and seek professional advice.

-- 5 of 6 --

And I noted that Mr F hasn’t argued against this. Putting things right I think both parties made errors here, Santander in not intervening and Mr F in not undertaking due diligence to protect himself. I therefore consider it to be both fair and reasonable for Santander to split liability and pay 50% of Mr F’s loss). So, to put things right I require Santander UK Plc to: • Provide Mr F with a refund of £2,990. • Pay 8% interest on this amount from the date of payment to date of settlement. My final decision For the reasons mentioned above, I’m partially upholding this complaint against Santander UK Plc and I require them to pay the amounts detailed in the above ‘Putting things right’ section of this final decision paper. Under the rules of the Financial Ombudsman Service, I’m required to ask Mr F to accept or reject my decision before 21 April 2026. Paul Douglas Ombudsman

-- 6 of 6 --