HSBC UK Bank Plc · DRN-6050325

The complaint Mr A is unhappy HSBC UK Bank Plc (“HSBC”) hasn’t offered him a refund after he complained about being the victim of a scam. What happened Mr A was looking for a company online that could help him enforce a debt when he came across a company I will refer to as “C”. Mr A read some positive reviews about C so he contacted it for a quote. C confirmed that it could help Mr A recover his money from the debtor and so a contract was signed and agreed. Mr A was asked to pay C’s fees upfront. Mr A made two payments of £1,500 on 17 May 2024 and 29 May 2024 to C’s business banking account. C informed Mr A that he would receive a weekly update as to its progress via its consumer portal but debt recovery could take three to six months. However, Mr A says the portal was not updated as agreed and was eventually closed down. Mr says that when he emailed or called C he was provided with generic updates. After a while, Mr A became concerned that C wasn’t actively pursuing the debt as it said it would and so he wrote to C to terminate his contract with it and request a refund. When this refund wasn’t forthcoming, Mr A pursued C via the civil courts. The court awarded in Mr A’s favour but C did not pay the amount due to him and all further communication stopped. Mr A now feels he’s been scammed by C and so he reported what had happened to him to HSBC and asked it for a refund of the amount paid. HSBC didn’t agree to offer Mr A a refund. It said it didn’t think he had been the victim of a scam at all. It thought his circumstances amounted to a private civil dispute because he had paid a legitimate company that was still operating and had been for some years. Mr A disagreed with what HSBC said and he brought his complaint to this service where one of our investigators looked into things. Our investigator didn’t recommend the complaint be upheld. They agreed that Mr A’s circumstances most likely amounted to a civil dispute, rather than a scam that HSBC should become involved in now. They didn’t think there was enough evidence to say C had most likely set out to defraud Mr A from the outset. Mr A didn’t agree with the investigator’s findings. He said he had visited C’s registered address and used the services of another debt collection agency to do the same thing and C wasn’t operating out of the address used on their website / Companies House. Mr A says this supports that the company is operating fraudulently. The points raised by Mr A didn’t change our investigators mind and as an informal agreement could not be reached, the case has been passed to me to decide.

-- 1 of 4 --

What I’ve decided – and why I’ve considered all the available evidence and arguments to decide what’s fair and reasonable in the circumstances of this complaint. In deciding what’s fair and reasonable, I am required to take into account relevant law and regulations, regulators’ rules, guidance and standards, and codes of practice; and, where appropriate, I must also take into account what I consider to have been good industry practice at the time. Having done so, I agree with the outcome reached by our investigator, for largely the same reasons. I’ll explain why in more detail below. The CRM Code HSBC was a signatory to the Lending Standards Board’s Contingent Reimbursement Model Code (“The CRM Code”). Under The CRM Code, the starting principle is that a firm should reimburse a customer who is the victim of an authorised push payment (“APP”) scam, except in limited circumstances. But the CRM Code only applies if the definition of an APP scam, as set out in The Code, has been met. When deciding this case, I have therefore considered whether Mr A’s claim falls within the scope of the CRM Code, which defines an APP scam as: “...a transfer of funds executed across Faster Payments…where: (i) The Customer intended to transfer funds to another person, but was instead deceived into transferring the funds to a different person; or (ii) The Customer transferred funds to another person for what they believed were legitimate purposes but which were in fact fraudulent.” Therefore, in order to decide whether Mr A has been the victim of an APP scam as defined in The CRM Code, I have considered: • The purpose of the payment and whether Mr A thought this purpose was legitimate. • The purpose the recipient (C) had in mind at the time of the payment, and whether this broadly aligned with what Mr A understood to have been the purpose of the payment. • Whether there was a significant difference in these purposes, and if so, whether it could be said this was as a result of dishonest deception. Mr A thought he was paying a debt collection agency to retrieve some funds he was owed after a previous successful civil court claim. I haven’t been provided with any evidence to suggest Mr A didn’t think this to be a legitimate purpose. So, I’ve then gone on to consider, based on the evidence available to me, the purpose C likely had in mind when it took Mr A’s funds and whether this aligned with his. Overall, I’m not satisfied Mr A has sufficiently demonstrated it’s more likely than not C had a different purpose in mind when it took his payment or that there was an intent to defraud him from the outset. I’m not persuaded that the evidence provided supports that C never intended to pursue the debt on Mr A’s behalf. I say this because: • Mr A found C after completing a search online. It appears he found a number of

-- 2 of 4 --

positive reviews for C at the time too. C has a professional looking website and Mr A was also asked to sign an online contract with C before he engaged its services. All of this suggests to me that C was (and had been for some time) operating as a legitimate debt collection agency. • There were a number of emails shared between Mr A and C that indicate C was pursuing the debt as it had agreed to. The emails set out that C had spoken to the debtor on the telephone and intended to attend their premises. However, it wasn’t able to retrieve Mr A’s funds as the debtor passed away. This is not indicative of an intention to deceive from the outset, rather it suggests the agency was running as agreed. And whilst I understand why it would be frustrating for Mr A that C had been able unable to retrieve his funds, this appears to be because the person who owed him the funds had passed away, not because recovery action wasn’t taking place at all. • I can see that C was a registered company that was incorporated in 2009. So, at the time Mr A made his payments, C was an active company registered on Companies House and had been for some 15 years. • Whilst I am unable to share details about a third party and the nature of their relationship with their bank, the evidence I’ve seen regarding the beneficiary account indicates C’s account was legitimate and being run in line with C’s business model. • I’ve not seen any evidence from any external organisation that has concluded that C intended to use Mr A’s funds for a different purpose to the one agreed with him. So, whilst I’m very sorry Mr A hasn’t been able to successfully pursue the money owed to him using C’s services, this isn’t enough, in and of itself, to bring his claim within the scope of the CRM Code. Debt collection can be a slow and difficult process and it becomes especially complicated when the debtor passes away with no estate – which is what appears to have happened here. I haven’t seen anything to persuade me that it’s more likely than that C never intended to pursue the debt owed as agreed. I acknowledge what Mr A has said about C not operating out of the address provided but, this could be for many reasons. C may have moved premises or be using non-permanent serviced or virtual offices. I also want to assure Mr A that I have carefully considered what he has said about not receiving the portal services that enticed him into the agreement in the first place. I don’t doubt what Mr A has told us but again, there could be many reasons why a business’ operating system may not be used as agreed. And in this case, I can’t rule out that C was having problems with the portal so it wasn’t being updated as often as it should’ve been - this is what C said was happening. Or this could be a symptom of a badly administered business. Regardless, I haven’t been provided with any evidence that supports the lack of updates on this portal means C intended to defraud Mr A of his funds. I have gone on to consider whether there is any other reason I can require HSBC to reimburse Mr A. HSBC should be on the lookout for, and protect its customers from, potentially falling victim to fraud or scams. This includes monitoring accounts and identifying suspicious activity that appears out of character. Where potential fraud is identified, I would expect HSBC to intervene and attempt to prevent losses for the customer. But here, I don’t think HSBC ought reasonably to have intervened when Mr A made the payments now under discussion. But even if it had, I don’t think that HSBC would’ve have had any concerns as I’m persuaded Mr A was paying a legitimate business. I know this decision will be a huge disappointment to Mr A. I know what has happened has caused significant upset but I can’t reasonably say that this situation meets the definition of an APP scam as set out in The CRM Code. What I have said here doesn’t mean Mr A doesn’t have a legitimate grievance against C. But for the reasons I’ve explained, I don’t think his circumstances meet the high legal bar for this to be a scam and therefore I don’t

-- 3 of 4 --

think it was unfair for HSBC to take the view that his circumstances amount to a private civil dispute. The fact that Mr A was able to pursue C through the civil courts also supports this conclusion. For these reasons, it wouldn’t be fair for me to hold HSBC responsible for the money Mr A has lost now. My final decision My final decision is that I do not uphold this complaint. Under the rules of the Financial Ombudsman Service, I’m required to ask Mr A to accept or reject my decision before 27 April 2026. Emly Hanley Hayes Ombudsman

-- 4 of 4 --