Authorised Push Payment Fraud: AML Risk Guide
In brief: Authorised push payment fraud happens when someone is tricked into sending money to a fraudster, and professional firms should consider the AML impact when client or matter funds are involved.
Key points
- APP fraud is about a victim authorising a payment after deception.
- For AML, focus on whether funds, instructions, or client explanations create suspicion.
- Payment reimbursement rules are separate from a firm's AML duties.
What is authorised push payment fraud?
Authorised push payment fraud, or APP fraud, happens when a person or business is deceived into sending money to a fraudster. The Payment Systems Regulator describes APP scams as cases where someone is tricked into sending money to a fraudster posing as a genuine payee.
Why it matters for AML
A professional firm may see APP fraud where a client has paid a fake supplier, received suspicious funds, or asks the firm to help explain or move money after the event. The firm should separate consumer reimbursement questions from AML risk questions.
AML file questions
- Who sent and received the funds?
- Is the client the victim, payer, recipient, or intermediary?
- Does the explanation match bank records and documents?
- Is there a risk the firm is being asked to handle criminal property?
- Should the matter be escalated internally?
Practical response
Keep documents, update the client risk assessment, and record whether the matter affects source of funds, source of wealth, or suspicious activity reporting.
See the Payment Systems Regulator's APP scams page for current payment-system context.
This guide is general information for AML risk assessment, not legal advice or fraud-investigation guidance. Use it alongside the firm's AML procedures, the Fraud Act 2006, the NCA's money laundering and illicit finance material, and supervisor guidance.