Financial Ombudsman Service decision

Santander UK Plc · DRN-5992281

Authorised Push Payment (APP) ScamComplaint upheldRedress £18,000
Get your free legal insight →Email to a colleague
Get your free legal insight on this case →

The verbatim text of this Financial Ombudsman Service decision. Sourced directly from the FOS published decisions register. Consumer names are reduced to initials by FOS at point of publication. Not an AI summary, not a paraphrase — every word below is the original decision.

Full decision

The complaint Mr M complains Santander UK Plc (‘Santander’), hasn’t reimbursed him following an authorised push payment (‘APP’) investment scam he fell victim to. He says Santander should reimburse him the money he lost. Mr M referred his complaint to this service with the help of a professional representative. However, for ease of reading, I will refer to Mr M in the main throughout this decision. What happened As both parties are familiar with the circumstances of this complaint, I’ve summarised them briefly below. Mr M was introduced to two investment companies which I’ll refer to as ‘Company S’ and ‘Company L’ – who shared the same director, whom I’ll call ‘Mr H’. Mr M was introduced to the investment companies by someone I’ll call ‘Mr G’. Mr M has explained that Mr G worked as a ‘senior investment manager’ for a company that I’ll call ‘Company F’. Mr M explained that he is a novice investor who wanted to invest some savings at that time. Company S was offering fixed rate bonds typically at around 8 – 10%, claiming it would invest in property development. Company L issued loan notes to invest in small and medium businesses promising interest of approximately 12% per year with an 18-month term. Mr M invested with Company S in 2019. Mr M made payments from his account held with Santander towards the investment with Company S. Mr also invested with Company L in late 2019. Mr M made two payments from another banking provider. Then, in February 2020, Mr M invested £18,000 as a loan note, with Company L. Mr M made this payment to Company L from his account with Santander and the payment was made through an intermediary firm that I’ll call ‘N’. Mr M says he didn’t receive any returns. He has explained that he did manage to speak with Mr H (the director of Company S and Company L) who promised him settlement on several occasions, which ultimately didn’t materialise. Through his representative, Mr M reported the payment he made to Company L to Santander in June 2025, to try and recover or be reimbursed his losses.

-- 1 of 5 --

Santander considered the matter under the Lending Standards Board’s Contingent Reimbursement Model (‘CRM’) Code, which was in place at the time and to which it was a signatory. The CRM Code required firms to reimburse customers who had been the victims of APP scams like this in all but a limited number of circumstances. Santander considered the matter to be a civil dispute as Mr M had paid N, which was a genuine firm. As civil disputes weren’t covered by the provisions of the CRM Code, Santander didn’t consider it was liable to reimburse Mr M. Unhappy with Santander’s response, Mr M then brought his complaint to this service. One of our Investigators looked into things and thought the complaint should be upheld. In short, they were satisfied that Company L was operating a scam. They also considered that, while Mr M had paid N, it was an intermediary, and the payment went to Company L. The explained that Mr M didn’t have any customer relationship with N and the funds were outside of his control and were in Company L’s control at the point they arrived with N. So, they were satisfied that the CRM Code was an applicable consideration. They were of the opinion that there weren’t any exceptions to reimbursement under the CRM Code and considered Santander should refund Mr M the money he lost, along with interest from the date it declined his claim under the CRM Code. Mr M accepted the findings, however Santander did not. It remained of the opinion that N was a genuine firm that had gone into liquidation in 2021 and the matter was a civil dispute between the two parties. As an informal agreement could not be reached, the complaint has been passed to me for a final decision. What I’ve decided – and why I’ve considered all the available evidence and arguments to decide what’s fair and reasonable in the circumstances of this complaint. First, and for clarity, I’m aware that Mr M made payments in relation to investments with Company S. And I’m aware, in relation to those investments, there were payments made seemingly from his Santander account. I am unaware as to whether Mr M complained about the payments he made in 2019 from his Santander account that were in relation to Company S. Those payments aren’t being considered here. This decision focuses solely on the payment, that has been complained about by his representative, and that Santander issued its final response on. That payment is the £18,000 payment Mr M made, from his Santander account in February 2020 that went to Company L. I would also add at this point, the payments Mr M made from his other banking provider to Company L were complained about separately, with Mr M receiving a refund of the payments he made. In deciding what’s fair and reasonable in all the circumstances of a complaint, I’m required to take into account relevant: law and regulations; regulators’ rules, guidance and standards; codes of practice; and, where appropriate, what I consider to have been good industry practice at the time. Under the relevant regulations, the starting position is that customers are responsible for payments they have authorised. Since Mr M authorised the payment in question, he is presumed liable for it. However, this is not the end of the matter. Banks are also expected to monitor account activity for signs of potential fraud. If a bank identifies indicators of risk, such as a payment being unusual or out of character, it should respond to that risk in a proportionate way.

-- 2 of 5 --

In addition to that, as mentioned earlier, Santander was a signatory to CRM Code. Signatories to the CRM Code were generally required to reimburse customers who fell victim to APP scams, except if a limited range of exceptions applied. In order for Mr M to benefit from its provisions, what happened here has to meet the relevant parts of its definition of an APP scam. In other words, these payments must have been ones where Mr M: “…transferred funds to another person for what they believed were legitimate purposes, but which were in fact fraudulent.” The CRM Code is also explicit that it doesn’t apply to private civil disputes. It says: “This Code does not apply to […] private civil disputes, such as where a Customer has paid a legitimate supplier for goods, services, or digital content but has not received them, they are defective in some way, or the Customer is otherwise dissatisfied with the supplier.” The first matter, therefore, that I have to decide is whether the provisions of the CRM Code apply at all in view of the above. To find that this was fraud, I'd expect (a) there to be a misalignment between the purpose for which Mr M made the payment and the purpose for which it was procured by Company L; and (b) that difference to have been due to dishonest deception on the part of Company L. The key consideration here is what the intentions were of the director(s) of Company L (and also Company S). I obviously can't know what they were for sure, so I have to look at what the other available evidence shows and use that to infer what their intentions likely were. I’ve considered the available evidence carefully and, having done so, I’m satisfied that it is strong enough to support a finding that Mr M fell victim to an APP scam. I say that for the following reasons: • I understand Mr H, the principal director of Company L and Company S, has been disqualified from serving as a director of a limited company for eight years by the Secretary of State for Business and Trade and that both the companies and the director are now the subject of a substantive police investigation. • The Financial Conduct Authority issued a warning about Company L in March 2020, advising it was providing financial services without authorisation. • This service has seen evidence that Company S claimed to have a formal agreement in place to lease local authority properties, but this has since been discovered to have been a false claim. • Company S is in liquidation and, as I understand it, the Insolvency Service has confirmed that its directors have refused to co-operate with its activities. Mr H failed to provide Liquidators accounting records for Company L. • Mr H appears to have claimed that Company S had assets of £34 million, but it never filed any accounts with Companies House, and its accounts have never been independently audited.

-- 3 of 5 --

• There is no evidence to suggest Company S or Company L were operating as legitimate companies nor any evidence of any investments made. While some ‘investors’ may have received small monthly returns, others received no returns at all. Fundamentally, it appears that no evidence has been uncovered to show that investor money was ever used by Company L (or Company S) for the intended purposes of its investors. I’m satisfied that essential difference, in the purpose for which Mr L made this payment and the purpose for which Company L procured it, came about as a result of dishonest deception on the part of the director of Company L. Santander has pointed out that the payee here wasn’t Company L, but an otherwise legitimate third-party intermediary – N. I’ve taken that into consideration, but the involvement of a genuine intermediary doesn’t exclude the possibility of the CRM Code applying to this payment. It isn’t necessary that the initial recipient of Mr M’s funds was an account under the name of Company L. In this instance, I’m persuaded that Mr M’s funds were under the effective control of the fraudster at the point they arrived with that intermediary and so the payment is capable of being covered by the CRM Code’s provisions. As a result, I’m satisfied these payments were covered by the CRM Code. The CRM Code requires firms to reimburse customers in all but a limited number of circumstances. It is for the firm to establish that one of the exceptions to reimbursement applies. Broadly summarised, the CRM Code allows a firm to not reimburse its customer if it can show that: • Mr M made the payment without a reasonable basis for believing that it was for genuine goods or services; and/or Company L was legitimate. • Mr M ignored what the CRM Code deems to be an ‘Effective Warning’ And importantly, when assessing whether it can establish these things, Santander must consider whether they would have had a “material effect on preventing the APP scam”. I’ve considered whether Santander can fairly rely on either exception to decline to reimburse Mr M. Santander did provide a warning at the point Mr M made the payment. The warning advised that if anyone was cold calling with investment opportunities, then they are likely to be criminals. Here, Mr M initially liaised with Mr G of Company F, whom he believed were a firm specialising in investments. And, importantly, at the time of making this payment, Mr M had already made payments to Company S and Company L in 2019. So, I don’t think I can fairly say that the warning provided would have had a material effect on preventing the scam given Mr M had made payments previously and his belief that his payments were going towards legitimate investment opportunities. I’m also satisfied that Mr M made this payment with a reasonable basis for believing that he was dealing with a legitimate investment firm. As noted above, Mr M had invested with Company S and had also received bond certificates which would have appeared legitimate. He had also invested with Company L in 2019. I also can’t see that there was any disconcerting information available at the time either. I note there was an FCA warning published in March 2020, but this was after Mr M had made his payment to Company L. So, I can see why Company S (initially), and then Company L, would have appeared credible to an ordinary observer such as Mr M – especially having been introduced to them by a firm that he believed specialised in investments.

-- 4 of 5 --

Mr M hasn’t provided all the documentation or correspondence he received, which is unsurprising given the time that has passed. However, from other cases, we know the firms promoted themselves using a professional-looking brochure and website. It’s likely Mr M saw similar materials when the investment was presented to him. The returns offered were higher than those available from traditional savings products. But I note Company S claimed to invest in residential property, and so it wasn’t implausible for it to claim to be able to generate more generous returns. It also emphasised that its investments were backed by assets, making them appear more secure, and it claimed to have lucrative agreements with at least one local authority to provide homes for people in need in exchange for public funds. So having dealt with and invested with Company S, I can see why Mr M would have also had a belief in Company L being able to achieve the returns it said it could. In view of these factors, I don’t think it was unreasonable for it to not have occurred to Mr M that he might not be dealing with a legitimate firm and so it follows that Santander should reimburse him under the CRM Code. Putting things right I uphold this complaint. Santander UK Plc should pay Mr M: • £18,000 lost to the scam (Santander UK Plc may, if it chooses to, seek an assignment of rights on any potential amount that Mr M may receive as a result of any ongoing investigation); and • 8% simple interest per year on that amount, calculated from the date Santander UK Plc originally declined Mr M’s claim until the date of settlement. My final decision For the reasons given above, I uphold this complaint. Under the rules of the Financial Ombudsman Service, I’m required to ask Mr M to accept or reject my decision before 17 April 2026. Matthew Horner Ombudsman

-- 5 of 5 --