An 89-year-old Victoria man, Ray Anholt, recently made headlines after losing his $1.7M life savings in a “bank investigator” scam. Over six months, scammers spoofed bank numbers, sent fake government letters, and directed him to withdraw cash, buy gold with large bank drafts, and hand it to couriers. CIBC and RBC allowed repeated large withdrawals without stopping them; both declined interviews, and RBC says the matter is “resolved.” A courier was arrested, but the money is likely gone. Canadians lost $643M to bank fraud in 2023, and police-reported fraud rose another 12% from 2022 to 2023—evidence that protections are lagging. The UK offers a roadmap. After the Supreme Court’s Philipp v. Barclays confirmed banks must execute instructions unless contracts allow pauses for suspected fraud, the UK shifted risk to payment firms. Under the Financial Services and Markets Act 2023 and the Payment Systems Regulator’s rules (effective Oct 2024), providers must reimburse most authorized push payment (APP) fraud losses up to £85,000 per claim within 5–35 business days. Sending and receiving providers usually split the cost, incentivizing prevention on both sides. Reimbursement can be denied only if the customer acted fraudulently or with gross negligence—and providers must prove gross negligence. Consumers are expected to heed clear bank/police warnings, report promptly (within 13 months), cooperate with information requests, and allow police reporting when asked. Canada is moving in that direction. The federal Bank Act review (through June 30, 2026) is considering duties to pause suspicious payments, customer “safety switches” (like turning off wires), regulated fraud-prevention standards, and liability caps that shift more losses to banks. The BC Court of Appeal in Zheng v. Bank of China let a claim proceed on possible duties to inquire/warn in APP-style scams. Quebec’s Bill 72 (enacted, not yet in force) would require refunds for unauthorized debits over $50 except for consumer “gross fault,” and refunds for authorized debits where fraud occurred unless the bank lacked strong indicators or took necessary precautions—pushing toward intervention and reimbursement. What should banks do now? Invest in detection on send and receive rails; train frontline staff to spot red flags, ask focused questions, escalate, and document; give customers controls (alerts, holds/callbacks, MFA, optional wire shut-offs and spend caps); update contracts to permit delaying/refusing suspected fraudulent payments and clarify loss allocation; educate seniors and youth on APP scams and fast reporting; and prepare funding and operations for reimbursements, including cost-sharing with counterpart institutions. Contact Samantha Gale at s.gale@privatelenderassociation.ca
