Mr. Colm Kincaid:

When we say the data, specified data are gathered under the PSD and collated with a taxonomy set out at a European level. One of the challenges of authorised push-payment fraud is that it is a sort of banking, financial industry or common parlance concept that does not necessarily map very specifically into the existing taxonomy at European level. Therefore, it is difficult to distil it down. We have done some work looking at the data and the material from the BPFI, which would give us confidence in what the committee has heard. One of the things I wanted to check before we came here today was if it tallies as best we can with the data we have and I think it does.

That should give confidence to the information, to give credit to Banking and Payments Federation Ireland, BPFI.

We also have our own supervisory engagements with firms, where we can see at a more local level how they are going about reimbursement. They all have detailed policies in place, including for APP fraud. They all have policies in place for whether and when they will provide compensation to a customer, notwithstanding there is no liability at EU level, whether that is because of extenuating circumstances or the vulnerability of the customer. I hope I have been very clear, in our opening statement, that in any case where part of the loss is down to some failure in the firm's own systems of control, be that delay or otherwise, we expect there to be reimbursement. We see that reimbursement occurring.

I agree with the Deputy. Part of the challenge has been that we have very detailed data - the last publication around payments activity was for the 2021 period - we gather as part of a European system that is fed into the ECB, which is the authority that owns and gather those data, but it can be quite challenging to move from the cells in that data collection into a topic such as APP fraud at a national level. As part of being in a European system, we also want to see, and are very keen to understand in the context of this debate, the extent to which fraud activity in Ireland involves cross-border activity. We believe that may be one of the key distinctions between, for example, Ireland and the UK. As the Deputy knows, the UK arrangement only applies to intra-UK arrangements. It is quite critical for us to get a handle on the extent to which authorised push payment fraud occurs cross-border, because that could change the policy consideration of what the next steps for Ireland might be.