16th Jan 2024

Corporate Payments in 2024: APP Fraud, ISO 20022-readiness and generative AI

The start of a new year is a natural time to consider what lies ahead. Here, we look at four key themes in corporate payments: Authorised Push Payment (APP) fraud, operational resilience, generative AI and ISO 20022, and consider what lies in store for 2024.

 

Authorised Push Payment Fraud

Combatting APP fraud will be high on the agenda for many organisations in 2024. UK Finance’s 2023 Half Year Fraud Report released last October showed that APP fraud cases were up 22% in the first half of 2023 compared to the first half of 2022.

For various reasons, all types of organisations, from utilities and charities to councils and corporates, are susceptible to this type of fraud. There is also the growing challenge of AI tools, given their now mainstream accessibility, being used to clone the voice and image of trusted people, such as CEOs, to authorise large payments.

This year sees the introduction of the PSR’s new reimbursement requirements for APP fraud cases. For any fraudulent transactions made using Faster Payments, PSPs will now be obliged to reimburse individuals, charities and microenterprises within five working days.

Most businesses, however, will not be protected by the new rules and their focus will need to be on putting in place other controls, such as Confirmation of Payee and other authorisation checks, to mitigate APP fraud risk.

 

Operational resilience and control culture

Operational resilience will also be front of mind. In the financial services sector, FIs will be focused on ensuring they meet the 2025 implementation deadline for the operational resilience requirements issued by the FCA and PRA in 2022.

These requirements, together with the Consumer Duty, place greater emphasis on service delivery trust and the need for end-users of banking and payment systems to have confidence in the reliability of online services. There will also be significant efforts expended on stress testing systems and testing controls.

In the corporate world, all eyes will be on the corporate governance reforms. Unofficially dubbed UK SOx, a revised Corporate Governance Code is scheduled to be published in January, with the changes set to be introduced later this year.

Targeted at companies with more than 750 employees, the planned changes put a greater emphasis on the need for stronger controls and preventative measures against fraud and operational risk. We can, therefore, expect considerable corporate attention on reviewing finance systems, identifying weaknesses, and automating processes to reduce the risk of fraud and error.

 

Generative AI in finance

Generative AI was one of the hottest topics in 2023 and will continue to dominate the agenda this year. Financial and non-financial organisations will be testing proof of concepts to optimise payment workflows using AI and the likelihood is that general corporate adoption of generative AI will outpace that of FIs because they are not subject to the same level of regulation.

There are still challenges to overcome. Most generative AI technologies are too generic to be applied precisely for finance use cases, and training models on a company’s or FI’s data is not straightforward due to data protection constraints. There is also significant scope for model risk and bias; if the training data is unrepresentative or of low quality, the output will similarly be biased and unreliable.

 

Corporate ISO 20022 readiness

Finally, corporate ISO 20022 readiness will likely reach a crunch point in 2024. In 2023, the Bank of England migrated its Real-Time Gross Settlement System and high-value payment system, CHAPS; in 2024, it will start mandating the inclusion of additional information in payment messages. From November, it will be necessary to include the purpose of payment for all property transactions, a requirement which will subsequently be extended to all CHAPS transactions.

These changes mean that corporates must update their processes and systems to ensure they are collecting the relevant data and can move it between their enterprise resource planning systems, bank portals, and other financial applications. Failure to do so will lead to more failed payments and payments that need fixing. 2023 was notable for the lack of preparation on the part of corporates. This will need to change in 2024.

 

Preparing for 2024

Corporate and FIs in the UK have significant work to do this year. IS0 20022 is finally here and will require corporates to pay attention to the changes it requires of them; FIs will have a key role to play in supporting this.

For many organisations, there will be new operational resilience and corporate governance requirements to meet, not to mention the growing threat of APP fraud to combat. Yet, amongst the challenges, opportunities can be found as we move into a new data-rich payment world and embrace the latest technologies.