Metro Bank PLC · DRN-6230411

The complaint Mr W complains on behalf of his mother, Mrs W, that Metro Bank PLC won’t refund the money she lost when she was the victim of a scam. What happened Mrs W appears to have fallen victim to a scam involving payments which she believed were going to cryptocurrency. Mrs W has since been diagnosed with dementia and a brain tumour, and as a result there is limited information available about precisely how this scam unfolded. But we do know that Mrs W initially made some payments from an account held with another bank, and when that bank blocked payments to cryptocurrency she opened a Metro account to facilitate the payments she’d been asked to make. As part of the scam, Mrs W made payments totalling over £48,000 to various accounts. She also withdrew a small amount of cash towards the end of the scam. Metro invoked the banking protocol on the 22 March 2024, when there were a series of transfers in and out of Mrs W’s account to the same payee, and as a result the scam came to light. I’ve set out the scam payments in the table below: Payment Date Payee Amount 1 02/05/2023 International payment to payee 1 £1,000 2 02/05/2023 International payment to payee 1 £4,800 3 03/05/2023 International payment to payee 1 £5,800 4 26/09/2023 Faster payment to payee 2 £5,500 5 26/09/2023 Faster payment to payee 2 £1,750 6 28/09/2023 Faster payment to payee 2 £6,850 7 05/10/2023 Faster payment to payee 2 £5,000 8 10/10/2023 Faster payment to payee 2 £4,300 9 16/10/2023 Faster payment to payee 2 £4,251 10 19/10/2023 Faster payment to payee 3 £4,200 11 02/01/2024 Faster payment to payee 4 £2,800 12 13/03/2024 International payment to payee 5 £2,000 No loss 21/03/2024 Faster payment to payee 6 £125 No loss 21/03/2024 Payment from payee 6 £125 No loss 22/03/2024 Faster payment to payee 6 £125 No loss 22/03/2024 Payment from payee 6 £125 No loss 22/03/2024 Faster payment to payee 6 £125 No loss 22/03/2024 Payment from payee 6 £125 No loss 22/03/2024 Faster payment to payee 6 £125 No loss 22/03/2024 Payment from payee 6 £125 No loss 22/03/2024 Faster payment to payee 6 £125 No loss 23/03/2024 Payment from payee 6 £125 13 23/03/2024 Cash withdrawal £125

-- 1 of 4 --

Mr W contacted Metro about these payments in April 2024. Metro asked for some additional information, but ultimately felt there was not enough clear evidence of what these payments related to for it to properly investigate the claim. Mr W was unhappy with Metro’s response, so he referred the complaint to our service. Our investigator upheld the complaint in part. They were satisfied that there was enough evidence to show that Mrs W had most likely been the victim of a scam, and they thought that Mrs W was entitled to a full refund of all the payments covered by the CRM Code due to her vulnerabilities. And, in any case, they thought Metro ought to have questioned Mrs W about the second payment that she made to the scam. The investigator thought that, had that happened, the scam would likely have been uncovered. So, they recommended that Metro refund all the payments Mrs W made from the second payment onwards, plus 8% interest from the date of each payment to the date of settlement. Metro disagreed with these findings, although it does appear to be in agreement that Mrs W was most likely the victim of a scam, it does not agree that she is entitled to a refund of her loss. So, as no agreement could be reached, the matter has been passed to me for review. What I’ve decided – and why I’ve considered all the available evidence and arguments to decide what’s fair and reasonable in the circumstances of this complaint. I’ve first considered whether the CRM code applies to the payments Mrs W made as a result of this scam. The Lending Standards Board Contingent Reimbursement Model (the CRM code) was a voluntary code which set out a number of circumstances in which firms are required to reimburse customers who have been the victims of certain types of scams. Firstly, I can confirm that, based on what we’ve been told by Mr W and by the recipient banks where Mrs W sent her money, I’m satisfied that Mrs W was the victim of a scam. The CRM Code was in place at the time of the payments that Mrs W made to this scam, and Metro was a signatory of the CRM Code. However, the Code does not apply to international payments or cash withdrawals. In this case four of the payments Mrs W made were to international accounts, and one was a cash withdrawal. So, these five payments are not covered by the CRM Code. The rest of the payments Mrs W made do meet the CRM Code’s criteria. The payments covered by the Code The CRM Code requires firms to reimburse customers who have been the victim of authorised push payment scams, like the one Mrs W fell victim to, in all but a limited number of circumstances. And it is for the firm to establish that one of those exceptions to reimbursement applies. However, amongst the other requirements set out, the CRM code also requires firms to assess whether a customer was vulnerable to the APP scam they fell victim to at the time it occurred. The relevant sections state: “A Customer is vulnerable to APP scams if it would not be reasonable to expect that Customer to have protected themselves, at the time of becoming victim of an APP scam, against that particular APP scam, to the extent of the impact they suffered.

-- 2 of 4 --

This should be assessed on a case-by-case basis. In these circumstances, the Customer should be reimbursed notwithstanding the provisions in R2(1), and whether or not the Firm had previously identified the Customer as vulnerable.” Mrs W has been diagnosed with frontotemporal dementia, and a meningioma brain tumour. I am satisfied that these conditions would have significantly affected Mrs W’s ability to protect herself from this scam. So, as per the CRM Code, Mrs W should be refunded in full for all the payments covered by the CRM Code (payments 4 to 11 in the table above). Metro has stated that it was not aware of Mrs W’s vulnerabilities at the time, but as set out in the CRM Code, that is not relevant when deciding whether Mrs W is entitled to a refund of her loss. The payments not covered by the Code As I explained above, five of the payments Mrs W made aren’t covered by the CRM Code as they were either international payments or a cash withdrawal. And the starting point under the relevant regulations (in this case, the Payment Services Regulations 2017) and the terms of Mrs W’s account is that she is responsible for payments she authorised herself. Because of this, Mrs W is not automatically entitled to a refund of these payments. But even with this in mind, the regulatory landscape, along with good industry practice, also sets out a requirement for account providers to protect their customers from fraud and financial harm. And this includes monitoring accounts to look out for activity that might suggest a customer was at risk of financial harm, intervening in unusual or out of character transactions and trying to prevent customers falling victims to scams. Taking the above into consideration, I need to decide whether Metro acted fairly and reasonably in its dealings with Mrs W, or whether it should have done more than it did. Having thought carefully about what happened here, I consider that by the time of the second payment to the scam there was enough going on that Metro should have intervened directly to satisfy itself that Mrs W wasn’t at risk of financial harm. I say this because the second payment represented a transfer of almost £6,000 to an international payee within one day on a very newly opened account. I do think this activity should have been seen as potentially concerning to Metro and warranted further investigation. We cannot be certain of what would have happened if Metro had questioned Mrs W about these payments, but I note that when it did question her much later on in the scam Mrs W was apparently honest about what she was making the payments for, which ultimately led to the scam being uncovered. It therefore seems fair to conclude that she would most likely have also been honest with Metro if questioned at the time of the second payment. And what Mrs W would likely have told Metro would almost certainly have caused it significant concern, as it did later in the scam, leading to the scam being brought to light and so preventing Mrs W’s loss from that point onwards. I note that it appears another bank had told Mrs W she may be the victim of a scam prior to her opening her Metro account, when payments to cryptocurrency were blocked, but the information we have received from that bank doesn’t suggest that any particularly detailed conversation took place about scams at that time so I don’t think this shows that proper intervention from Metro would not have been effective. I have though thought about whether it would be fair for Mrs W to also bear some responsibility for the loss she suffered relating to these payments. But given the particular vulnerabilities we are aware of here, I don’t think it would be fair to say that Mrs W contributed to her loss through any negligence on her part, so I don’t think she should share responsibility for that loss.

-- 3 of 4 --

Overall then, with all of this in mind, I think Metro should refund Mrs W’s loss in full, from the second payment onwards, plus interest to reflect that I think the loss could have been prevented. Putting things right To resolve this complaint Metro Bank PLC should: - Refund Mrs W’s loss from the second payment onwards onwards (inclusive). - Pay 8% simple interest on this refund, from the date of each payments until the date of settlement. My final decision I uphold this complaint in part. Metro bank PLC should put things right in the way I’ve set out above. Under the rules of the Financial Ombudsman Service, I’m required to ask Mrs W to accept or reject my decision before 23 April 2026. Sophie Mitchell Ombudsman

-- 4 of 4 --