Financial Ombudsman Service decision

Starling Bank Limited · DRN-6055365

Authorised Push Payment (APP) ScamComplaint upheldRedress £5,000
Get your free legal insight →Email to a colleague
Get your free legal insight on this case →

The verbatim text of this Financial Ombudsman Service decision. Sourced directly from the FOS published decisions register. Consumer names are reduced to initials by FOS at point of publication. Not an AI summary, not a paraphrase — every word below is the original decision.

Full decision

The complaint A company, which I’ll refer to as L, complains that Starling Bank Limited (‘Starling’) won’t reimburse £5,000 it lost to what it believes to be an investment scam. Mr and Mrs H, who are directors of L, bring the complaint on L’s behalf. For ease, I will refer to L throughout this decision. What happened The background to this complaint is well known to both parties, so I won’t repeat it in detail here. But in summary, L was introduced to an investment by a friend (who was also an investor) with a company that I’ll refer to as ‘V’. Believing everything to be genuine, L made a payment of £5,000 in February 2023. L became concerned when it received notification that trading had been paused due to an investigation by the Financial Conduct Authority (‘FCA’). L contacted Starling for help recovering the lost funds. Starling looked into things, with consideration to the Lending Standards Board Contingent Reimbursement Model (‘CRM’) Code. It issued its final response to L in July 2025 not upholding the complaint. In summary, Starling said it found L’s requirements under the CRM Code had not been met. It said, given how high-risk this type of investment can be, it is recommended that a financial advisor be consulted before proceeding. It therefore felt insufficient research and due diligence was undertaken by L prior to the payment being made. Starling said the investment scheme was not regulated by the FCA and that unregulated investments were high risk. Starling also says it provided sufficient warnings during the payment journey. Unhappy with Starling’s response, L referred the matter to our service. One of our Investigator’s looked into things and upheld the complaint. He was persuaded, on balance, the available evidence L had a reasonable basis for believing the investment to be legitimate. He concluded L was entitled to a full refund under the terms of the CRM Code and that, Starling should also pay L interest to compensate for the delay in refunding its financial loss. Starling disagreed with our Investigator’s view. In brief, it maintained L didn’t have a reasonable basis for belief when making the payment. It said the correspondence was via a messaging app, which was not a method of contact used by genuine companies. That the company was not registered on Companies House (‘CH’), despite allegedly being authorised by the FCA, which should have been a red flag. It added that L says it was told the fund was regulated through Europe and so were aware it wasn’t regulated in the UK, which it says should’ve led L to conduct its own due diligence as to the legitimacy of the investment. Further, Starling said a warning was provided when the payment was made. Our Investigator noted that although some communication took place via a messaging app, L also received investment information and documents (including contracts) from V’s official email address. He also said V was registered on CH when the payment was made. While he acknowledged V wasn’t FCA-regulated, he explained that one of the individuals L dealt with

-- 1 of 6 --

– ‘LJ’ – was FCA-regulated. LJ promoted the investment and investors were told that V was regulated by an EU body and in the process of obtaining FCA authorisation. Based on this, our Investigator considered the fraud to be sophisticated and concluded the scam warning provided was insufficient. As there has been no agreement, the complaint has now been passed to me to decide. What I’ve decided – and why I’ve considered all the available evidence and arguments to decide what’s fair and reasonable in the circumstances of this complaint. Having done so, I’m upholding this complaint for largely the same reasons as our Investigator. I’ll explain why. When considering what is fair and reasonable, I’m required to take into account: relevant law and regulations; regulatory rules, guidance and standards; codes of practice; and, where appropriate, what I consider to have been good industry practice at the relevant time. In broad terms, the starting position in law is that a firm is expected to process payments and withdrawals that a customer authorises, in accordance with the Payment Services Regulations 2017 (PSRs) and the terms and conditions of the customer’s account. However, where the customer made the payment because of the actions of a fraudster, it may sometimes be fair and reasonable for the provider to reimburse the customer even though they authorised the payment. Starling considered the payment L made under the CRM Code. So there doesn’t appear to be any dispute that L fell victim to an authorised push payment (‘APP’) scam in this case. Starling was a signatory of the CRM Code at the time L made the payment and under the CRM Code, a firm should reimburse a customer who have been the victim of an APP scam, like the one L fell victim to, in all but a limited number of circumstances. And it is for the firm to establish that one of those exceptions to reimbursement applies. Under the CRM Code, a firm may choose not to reimburse a customer if it can establish that: • The customer ignored an effective warning in relation to the payment being made • The customer made the payment without a reasonable basis for believing that:  the payee was the person the customer was expecting to pay;  the payment was for genuine goods or services; and/or  the person or business with whom they transacted was legitimate There are further exceptions within the CRM Code, but these don’t apply here. Did L ignore an effective warning in relation to the payment? The CRM Code says that an effective warning should enable a customer to understand what actions they need to take to address a risk and the consequences of not doing so. And it says that, as a minimum, an effective warning should be understandable, clear, impactful, timely and specific. Starling has said it provided sufficient warnings at the time L made the payment. It says when L set up the payment to V, it was shown the following warning:

-- 2 of 6 --

“Could this payee be part of a scam? Always verify who you are sending money to as you made not be able to recover these funds. A fraudster may tell you to ignore these warnings. Call us on [phone number] or visit our website for scam advice.” I’ve considered the above warning but as explained by our Investigator, the warning above, gives a general warning and doesn’t cover or bring to life any specific type of scam. I’m mindful Starling has said that, before allowing the payment to V to be made, it asked L a series of questions about it. These included questions about the purpose of the payment and then follow up questions following the payment purpose L selected. I’m aware L selected ‘goods and services’ for the payment purpose instead of ‘investment’. Starling has provided us with the warnings L would’ve seen had ‘investment’ been selected by L as the payment purpose. Having carefully considered these, I’m not persuaded the warnings would’ve been impactful or effective in L’s circumstances. The warning would have told L to research the company before investing by checking independent reviews from other people, that if the returns sound too good to be true, it’s probably a scam and, that it recommends speaking to an FCA-regulated financial advisor. Here, one of the individuals L was in communication with (who I’ll refer to as LJ), was FCA regulated and was a promoter of the investment opportunity. I also don’t think the warnings were clear enough about what research L could do and what might suggest a company was a scam, or about what types of returns could be considered too good to be true. I’m also not persuaded the warnings that Starling say L would’ve seen had investment been selected as the payment purpose, were clear enough about what this kind of investment scam could look or feel like or did enough to set out the seriousness of the possible consequences of falling victim to a scam. And while the warnings did also say that all financial institutions should be FCA registered, I don’t think it was clear enough that an institution not being registered should be a significant red flag that they are a scam. In the circumstances of this case, L had enquired about V’s registration and were given a plausible explanation of the company’s progress in becoming registered with a foreign regulator. So I don’t think these warnings were clear or impactful enough to be effective in L’s circumstances. Or that Starling has established that L unreasonably ignored the warnings it was shown. Did L make the payment without a reasonable basis for belief? I’ve also considered whether L acted reasonably when making the payment, or whether the warning signs ought to have reasonably made it aware that this wasn’t a genuine investment. In doing so, I’ve given careful consideration to how L was introduced to V, alongside the overall sophistication of this scam. L has told us it was first introduced to V by someone it knew – a friend, who was also an investor in V. I think the introduction by a friend, who’d also invested in V would have been compelling for L and would have made V seem legitimate. I’m aware Starling considers the communication L had with LJ via a messaging app not to be a method of contact used by a genuine company. I’ve thought carefully about this, but I can

-- 3 of 6 --

see communication was not solely via a messaging app. I acknowledge L was liaising with LJ via a messaging app, but from what I’ve seen, L also received communication via an email address for V. So, I’m not persuaded this point, in and of itself ought to have been a red flag to L that V might not be legitimate. Given what is known about LJ, she was heavily involved in the marketing of this investment opportunity, had invested in V herself and, her own firm was FCA regulated. I think it is more likely than not that her contact with L would’ve been convincing and persuasive to L. From what I’ve seen and been told, I’m persuaded the sophisticated set up of the scam would also have been compelling. The documentation L received appeared professional and the account opening process followed a similar pattern to what you would expect from a legitimate firm - expected to fulfil KYC checks. L was also given access to an online portal. In the circumstances, I can understand why L felt the investment was a genuine one at the time. I also understand L attended a webinar and was provided with information relating to the investment it was looking to make with V – this provided information around how the investment would work and the returns projected. I think having this kind of interaction will also have reasonably made V seem legitimate. I appreciate that some of the claims made by V about the returns may have been unrealistic, but I have to weigh this up alongside what L had been told and shown. Further, I’m mindful from the information shared about the returns projected that this did say that the investment L was looking to trade in, had inherent risks and that there was no capital guarantee and that past returns are not a guarantee of future turns. With this in mind, I don’t think it’s unreasonable that perhaps the rate of returns didn’t cause L more concern. Starling has also said V wasn’t registered on CH, despite alleging that it was authorised by the FCA, which it feels should’ve been a red flag to L. It adds that L said it was told the fund was regulated through Europe and so Starling feels this suggests L was aware the fund was not regulated in the United Kingdon. We are now aware that V’s claims of being regulated, or at least in the process of being regulated, with the relevant bodies such as the FCA and by Luxembourg Commission de Surveillance du Secteur Financier (‘CSSF’) are false. However, as I’ve explained, LJ who was promoting the investment opportunity and who L was in communication with was FCA regulated and, investors were led to believe that V was in the process of gaining its FCA regulation. Further, V claimed to be partners with an FCA authorised trading exchange - that was regulated. From what I’ve seen, L was told that the investment opportunity it was proceeding with was held by the FCA regulated trading platform. So, I’m not persuaded that this factor, when considering the wider circumstances and what L was told, ought to have caused L such concerns that V might not be legitimate. I appreciate that, with the benefit of hindsight, it’s possible to identify a number of things about what was happening and what it was told that could have given L pause for thought. But based on the evidence I’ve seen, I don’t think it was unreasonable that, at the time, L either didn’t pick up on these things or wasn’t caused enough concern by it to overcome the parts of the scam that felt genuine. On balance, I think there was enough to reasonably convince L at the time that this was a genuine investment company. With this in mind, I don’t think it made the payment without a reasonable basis of belief that V and the investment itself was genuine. So I don’t think it would be fair to say that L acted unreasonably when making the payment, or that Starling has established that it made the payment without a reasonable

-- 4 of 6 --

basis for belief that the investment was genuine. Could Starling have otherwise prevented L’s loss? Outside the provisions of the CRM Code, I consider it unlikely that any further proportionate intervention by Starling at the time of the payment would have positively impacted L’s decision-making. As discussed, this was a sophisticated scam that would have appeared legitimate at the time. I’m also aware there was nothing in the public domain at the time about V from which Starling or L could have reasonably inferred that a scam was taking place. In the circumstances, I don’t think either party would have likely uncovered sufficient cause for concern about V such that L would have chosen not to proceed. Summary Overall, for the reasons I’ve explained above, I don’t think Starling has established that any of the exceptions to reimbursement under the CRM Code apply here. Nor do I think it could fairly rely on such an exception in these circumstances. It follows that it should refund the money L lost in full. Redress I’m aware there is an ongoing investigation into V by the FCA, and so it’s possible L may recover some further funds in the future, through that process. In order to avoid the risk of double recovery, Starling is entitled to take, if it wishes, an assignment of the rights to all future distributions under that process in respect of this £5,000 investment before paying the award. If Starling elects to take an assignment of rights before paying compensation, it must first provide a draft of the assignment to L for its consideration and agreement. As L has been deprived of access to the funds for some time, I think it would also be fair for Starling to pay interest on this refund. But as much of the information and evidence I’ve relied on to come to this decision wasn’t available to Starling when it was first assessing L’s claim, I don’t think it would be fair to require it to pay interest from the date it initially responded to the claim. Instead, I think it would be fair to require Starling to pay interest from the date of our Investigator’s opinion of 5 December 2025 – as I think this is a fair approximation for when the information and evidence to fairly assess L’s claim was available. Compensation For completeness, I’m aware L, within its submissions, has referred to the emotional and psychological impact the scam and Starling’s failure to prevent the scam has had on it. As explained by our Investigator, while I acknowledge Mr and Mrs H as the director’s of L, this complaint has been brought by L – an incorporated entity. Vulnerability and emotional impact, under the CRM Code can only be considered for natural persons and doesn’t extend to businesses. As such, I am unable to make any recommendations in relation to a distress and inconvenience award in respect of L. Nor can I consider the information Mr and Mrs H have provided relating to vulnerabilities under the CRM Code when reaching my conclusions for the complaint brought by L. My final decision For the reasons set out above, I uphold this complaint and require Starling Bank Limited to:

-- 5 of 6 --

• Refund L the payment it made as a result of this scam – £5,000. • Pay L, 8% simple interest on this refund, from the date of our Investigator’s opinion of 5 December 2025 until the date of settlement. Under the rules of the Financial Ombudsman Service, I’m required to ask L to accept or reject my decision before 27 April 2026. Staci Rowland Ombudsman

-- 6 of 6 --