Following Part 1 of this two-part article series on the Arbiter for Financial Services (the “Arbiter”) on the guidance document on relationship-based financial fraud, commonly known as ‘pig butchering’ (“Technical Note”), this Part 2 article will delve into the implemented conclusions of the Arbiter following the Court of Appeal’s (the “CoA”) recent judgements.
The Arbiter is encouraging Payment Services Providers (“PSP”) to consider and take more effective measures to combat the rising number in cases of financial fraud through addressing the below identified main areas:
The Technical Note is encouraging PSPs to employ workforce that is well-trained and skilled in the prevention and timely address of financial fraud. Whilst understanding the difficulty in achieving such a goal, the Arbiter is encouraging PSPs to allow staff to undergo specialised training to safeguard potential victims and keep up to date with newer methods of fraud.
This area was identified after the Arbiter noticed that PSPs’ staff failed to remain vigilant in operation and missed clear opportunities to identify the scam, and therefore, exposing the PSP to potential liability.
The Technical Note lists the below examples of red flags which PSPs should be aware of:
The aim shall be to be able to take proportionate measures in the consumer’s interest and educate and alert consumers about new scam scenarios.
The Arbiter has seen an influx of romance fraud and deems worth highlighting the below examples to combat such scams:
In pig butchering scams, victims through illicit guidance from fraudsters often route funds through intermediary PSPs to bypass bank blocks on direct crypto transfers. Scammers instruct naming the victim themselves as beneficiary while quoting crypto merchant accounts held by the PSP. In turn, funds hit the victim's scammer-guided crypto account, convert to assets, then flee to untraceable external blockchain wallets.
The Arbiter flags this prevalent pattern, as a fraud red flag; PSPs must revert to the remitter bank to verify/correct the beneficiary before crediting, or risk breaching PSD2/RTS monitoring or VFA fiduciary duties.
The Arbiter communicates that generally victim support in ‘pig butchering’ cases is inadequate, with PSPs often failing to proactively engage. PSPs are being urged to actively discuss cases for intelligence-gathering, trend analysis, and robust investigations, while demonstrating empathy over defensiveness.
The Technical Note, read together with the Court of Appeal jurisprudence outlined in Part 1, reflects a clear development in the standard of conduct expected of payment and financial service providers in ‘pig butchering’ and similar fraud scenarios. The focus has moved beyond a strict reliance on customer authorisation under PSD2 towards a broader obligation of active transaction monitoring, detection of anomalous behaviour, and timely intervention.
The case law confirms that authorisation alone does not discharge a provider’s duties. The combined reading of PSD2 and the Regulatory Technical Standards establishes a heightened expectation of vigilance, requiring institutions to assess transactions against customer profiles and act on indicators of fraud. At the same time, liability remains fact-specific. The Court of Appeal has made clear that contributory negligence, particularly where warnings or evident risks are disregarded, may limit or exclude liability.
The Technical Note consolidates these developments into a practical compliance framework. It emphasises the need for demonstrable controls, including trained staff, effective escalation procedures, proportionate customer warnings, and meaningful post-incident engagement.
Overall, the position is one of balanced responsibility: increased operational obligations on service providers, coupled with continued scrutiny of customer conduct in determining liability.
For any further information or assistance, please contact us at info@gtg.com.mt
Author: Dr Neil Gauci