FCA Romance-Fraud Review: What Banks Should Do and What Victims Can Expect
Banks and payment providers occupy an important position in the fight against romance fraud. They may see unusual transfers, rapid increases in payment values, cryptocurrency purchases or repeated transactions to unfamiliar recipients before the customer recognises that the relationship is fraudulent.
In October 2025, the Financial Conduct Authority published the findings of a multi-firm review into how payment providers prevent and detect romance fraud and support affected customers.
The FCA found examples of firms going to considerable lengths to protect customers. It also identified missed opportunities, including cases where warning signs were visible but staff did not probe explanations sufficiently or respond effectively to signs of vulnerability.
The findings should not be simplified into a claim that every bank is failing or that banks can prevent every romance scam. Fraudsters deliberately coach victims to provide misleading explanations, divide payments between several accounts and move money through cryptocurrency, payment platforms and money mules.
The practical question is how banks, victims and investigators can respond when warning signs appear.
What the FCA review found
The FCA reviewed how firms identify romance fraud, intervene before payments are completed and support customers after fraud has been established.
Its findings included examples of both good and poor practice.
Areas of concern included:
- Staff failing to ask sufficiently detailed questions about suspicious payments;
- Warnings being delivered in ways that did not persuade the customer to reconsider;
- Customer explanations being accepted despite apparent inconsistencies;
- Indicators of vulnerability being overlooked;
- Support becoming weaker after the fraud had been confirmed;
- Inconsistent use of transaction monitoring and behavioural information;
- Insufficient consideration of how fraudsters groom victims over time;
- Limited recognition that repeated smaller payments may form part of one continuing fraud.
The FCA also found firms that used specialist teams, tailored conversations, payment delays and contact with trusted family members, where appropriate, to protect customers.
This distinction matters. The review was not a finding that the entire banking system had failed. It identified variable practice and opportunities for firms to improve.
Why romance fraud is difficult for banks to detect
A romance-fraud payment is often authorised by the customer.
The victim may:
- Believe the recipient is a genuine partner;
- Describe the payment as a loan, gift or investment;
- Repeat an explanation supplied by the fraudster;
- Hide the relationship from relatives and bank staff;
- Become defensive when challenged;
- Use several banks, cards or payment platforms;
- Purchase cryptocurrency before transferring it;
- Send smaller amounts over an extended period;
- Ignore warnings because the relationship feels genuine.
The transaction may therefore look different from an unauthorised card payment or account takeover.
A bank cannot assume that every transfer to a new recipient is fraudulent. It must balance fraud prevention with the customer’s right to use their own money.
The most effective intervention usually combines transaction data with a careful conversation about the purpose of the payment and the surrounding relationship.
Warning signs banks may be able to identify
No single transaction pattern proves romance fraud.
However, relevant indicators may include:
- A sudden increase in transfers to new recipients;
- Repeated international payments;
- Large cryptocurrency purchases inconsistent with previous activity;
- Payments to several individuals or companies connected with one story;
- A customer borrowing or liquidating savings to make transfers;
- A payment purpose that changes when questioned;
- Repeated claims involving emergencies, customs, travel or investment;
- The customer appearing distressed, coached or unusually secretive;
- Several rejected warnings followed by attempts through another channel;
- Payments continuing after a supposed partner repeatedly fails to meet.
These indicators should lead to proportionate enquiry, not an automatic conclusion that the customer lacks capacity or control over their finances.
What effective intervention may look like
A generic fraud warning may have little effect on someone who believes they are helping a trusted partner.
A more effective conversation may involve:
- Asking how the customer met the recipient.
- Establishing whether they have met in person.
- Checking whether the identity has been verified independently.
- Discussing why the recipient cannot access their own funds.
- Asking whether previous payments have been repaid.
- Explaining common romance-fraud methods without blaming the customer.
- Encouraging a pause while independent checks are carried out.
- Considering an appropriate payment delay or further review.
- Offering specialist support where vulnerability is evident.
- Recording relevant information so repeated attempts are considered together.
The FCA’s wider guidance says firms should understand customers in vulnerable circumstances, ensure staff can recognise their needs and provide support throughout the customer relationship.
The importance of customer vulnerability
Vulnerability does not mean that every customer affected by romance fraud lacks financial knowledge or decision-making ability.
A person may become more susceptible to manipulation because of:
- Bereavement;
- Relationship breakdown;
- Illness;
- Isolation;
- Financial pressure;
- Mental-health difficulties;
- Reduced confidence;
- A recent major life change;
- Emotional dependence created by the fraudster.
The fraud itself can also create vulnerability. A person who has lost money may experience shame, severe distress or fear that ending the relationship will make recovery impossible.
Banks should avoid treating the customer as foolish or responsible for the crime. The aim should be to reduce further harm while respecting autonomy and confidentiality.
Can a bank stop a customer’s payment?
A bank may pause or review a transaction where fraud indicators are present, but it cannot permanently prevent every customer from making a payment they continue to authorise.
The response will depend on:
- The payment method;
- The firm’s fraud controls;
- The information available;
- The level of apparent risk;
- Whether vulnerability is identified;
- The customer’s explanation;
- Applicable legal and regulatory obligations.
A temporary delay can provide time for further questions or independent verification. It does not guarantee that the customer will accept the warning or that the payment will ultimately be refused.
What victims should do after sending money
Contact the bank or payment provider immediately.
Provide:
- The date and amount of each payment;
- Recipient account details;
- Payment references;
- Cryptocurrency exchange and wallet information;
- Messages explaining why the payment was requested;
- The identity used by the suspected fraudster;
- Any police or fraud-reporting reference;
- Details of previous warnings or conversations with the bank.
Ask the provider to:
- Review the transactions as suspected fraud;
- Attempt to recall recent transfers;
- Contact the receiving institution;
- Secure the account where credentials were disclosed;
- Preserve relevant records;
- Explain the reimbursement and complaint process;
- Confirm what additional evidence is required.
Do not wait for a private investigation before contacting the financial provider.
For wider post-loss guidance, read Romance Fraud Investigation and Asset Recovery: What Victims Should Do.
How APP-fraud reimbursement works
Authorised Push Payment fraud occurs when a person is deceived into sending money to an account controlled by a fraudster.
Mandatory reimbursement protections for qualifying Faster Payments APP scams took effect on 7 October 2024. Romance fraud can fall within those protections where the transaction and customer meet the relevant requirements.
The current Faster Payments reimbursement cap is generally £85,000 per claim. The rules are intended to cover the great majority of eligible claims, but reimbursement is not automatic in every case.
Factors that may affect a claim include:
- Whether the payment was made through an in-scope payment system;
- When the payment was made;
- Whether the payer qualifies under the rules;
- Whether the claim was reported within the relevant period;
- Whether the customer acted fraudulently or with gross negligence;
- Whether an exclusion applies;
- Whether the payment was made to an account the customer controlled;
- Whether the transaction involved cryptocurrency, cash or another payment route outside the central protections.
A bank should explain its decision and the applicable complaint process.
Payments that may fall outside the main protections
The APP reimbursement framework does not mean every romance-fraud loss will be repaid.
Different treatment may apply to:
- Cryptocurrency transfers made from an exchange account;
- Cash withdrawals;
- Gift-card purchases;
- Card payments;
- International payments outside the relevant scheme;
- Payments made before the reimbursement rules took effect;
- Transfers between accounts controlled by the same customer;
- Claims above the applicable limit.
Other remedies may still exist, including chargeback, Section 75 protection for qualifying credit-card purchases, a complaint to the bank or escalation to the Financial Ombudsman Service. The correct route depends on the payment type and facts.
Victims should ask the provider to explain every available option rather than assuming that an initial rejection is final.
What to do if the bank rejects the claim
Request the decision in writing.
Then:
- Check the reason given for rejecting reimbursement.
- Provide any missing evidence.
- Explain the relationship and manipulation clearly.
- Identify earlier contacts or warnings involving the bank.
- Ask whether vulnerability was considered.
- Submit a formal complaint through the bank’s process.
- Retain every letter, call note and decision.
- Consider escalating the complaint to the Financial Ombudsman Service where eligible.
- Seek legal advice where losses are substantial or the issues are complex.
- Continue reporting and investigative steps separately.
A reimbursement complaint and an investigation into the fraudster are different processes. One should not necessarily wait for the other.
The role of receiving banks
The sending bank is only one part of the payment chain.
Receiving institutions may hold accounts used by:
- The principal fraudster;
- A money mule;
- An intermediary;
- A company connected to the network;
- Another victim being manipulated into forwarding money.
Receiving banks are expected to maintain controls for identifying suspicious incoming activity and money-mule accounts.
Relevant indicators may include:
- Rapid movement of incoming funds;
- Payments from multiple unrelated people;
- Funds being converted into cryptocurrency;
- Cash withdrawals soon after receipt;
- Account activity inconsistent with the customer profile;
- Several fraud reports connected with one account.
Better information sharing between payment providers can improve prevention and speed up action after a report.
Banks cannot solve the problem alone
The FCA reported that a high proportion of romance fraud originates through online channels. Banks may see the payment, but social-media companies, dating platforms, telecommunications providers and cryptocurrency services may hold different parts of the evidence.
An effective response may involve:
- Dating and social-media platforms removing fraudulent accounts;
- Banks identifying and interrupting suspicious payments;
- Receiving institutions detecting mule activity;
- Cryptocurrency exchanges preserving account and transaction data;
- Police using statutory investigative powers;
- Regulators assessing firm conduct and controls;
- Victims and families reporting promptly and preserving evidence;
- Investigators and lawyers organising evidence and identifying realistic routes for action.
No single organisation has complete visibility of the fraud.
What banks should improve
The FCA review indicates several practical priorities for firms.
Staff training
Employees need to understand the psychological features of romance fraud, not only transaction typologies.
Training should cover:
- Long-term grooming;
- Victims concealing the true payment purpose;
- Investment fraud introduced through a relationship;
- Celebrity and professional impersonation;
- Cryptocurrency payments;
- Signs of emotional distress;
- Repeat victimisation and recovery scams.
Better customer conversations
Scripts should support meaningful questions rather than generic warnings.
The goal is to help the customer recognise inconsistencies without humiliation or confrontation.
Connected transaction monitoring
Repeated smaller transactions should be viewed collectively where possible.
Firms should consider activity across:
- Bank transfers;
- Cards;
- Cash withdrawals;
- Cryptocurrency purchases;
- New payees;
- Loans or savings withdrawals.
Post-fraud support
Support should not end once the payment has been classified as fraud.
Customers may need:
- Clear reimbursement information;
- Account-security assistance;
- Support with vulnerability;
- Referral to appropriate reporting services;
- Protection against repeat targeting;
- Accessible complaint routes.
What victims and families should not assume
Do not assume that:
- A bank warning proves the recipient is fraudulent;
- A completed payment means the bank approved the relationship;
- An authorised transfer can never be reimbursed;
- Every romance-fraud loss falls within the mandatory rules;
- A reimbursement decision identifies the offender;
- Bank reimbursement removes the need to report the crime;
- A police report guarantees repayment;
- Asset tracing guarantees that recoverable property exists.
Each process addresses a different part of the problem.
Evidence to preserve for a banking complaint
Retain:
- Bank statements;
- Payment confirmations;
- Recipient details;
- Call records and correspondence with the bank;
- Fraud warnings shown during the payment process;
- Notes of branch visits;
- Names or reference numbers supplied by staff;
- Messages from the fraudster about each payment;
- Evidence of vulnerability disclosed to the bank;
- Police and Report Fraud references;
- The bank’s final response.
A clear timeline can help show what the bank knew, when it knew it and how the customer responded.
Prevention remains a shared responsibility
Banks should maintain effective controls, investigate warning signs and support customers fairly. Platforms should prevent fraudsters from repeatedly creating accounts. Regulators and police should use their respective powers.
Customers can also reduce risk by pausing unusual payments, seeking independent advice and verifying identities before transferring significant funds.
For practical warning signs, read How to Spot a Romance Scam: Warning Signs and Practical Steps.
The purpose of shared responsibility is not to shift blame onto victims. Fraudsters are responsible for the crime. The aim is to create several opportunities to interrupt it before the loss becomes irreversible.
Fraud-investigation support
Conflict International assists individuals, families, financial institutions and legal advisers with complex fraud matters.
Depending on the circumstances, work may include:
- Identity and background enquiries;
- Open-source and digital investigation;
- Company and address research;
- Financial intelligence;
- Recipient and intermediary analysis;
- Cryptocurrency tracing;
- Asset tracing;
- Evidence collation;
- Support for legal advisers and internal reviews;
- International investigative enquiries.
Learn more about our Fraud and Financial Investigation Services, or contact us in confidence to discuss the available evidence and realistic options.
Private investigative work does not replace a banking complaint, regulatory process or police investigation. Where money has recently been transferred, contact the financial provider and report the fraud immediately.