Santander UK Plc · DRN-6054495

The complaint Mrs M complains that Santander UK Plc (‘Santander’) won’t reimburse the funds she lost when she fell victim to a scam. What happened Mrs M says that a building company I’ll refer to in this decision as ‘G’ offered her the opportunity to invest by providing a short-term loan. She understood G had a contract to install air conditioning units for a major hotel chain and that her investment would be used to fund this work. In return, she would receive interest payments. Mrs M made two payments of £10,080 to G from two different Santander accounts – in June 2023 and May 2024. She received returns in respect of these two payments into her Santander account and another account which totalled £1,282.16. When returns stopped and G went into administration, Mrs M raised a fraud claim with Santander. Santander didn’t agree to reimburse Mrs M’s loss. It said that Mrs M has a civil dispute with G, which was trading at the time she made her payments. Santander also noted that there was an ongoing police investigation and said that if there was a successful prosecution it would review its position. Mrs M was unhappy with Santander’s response and brought a complaint to this service through a professional representative. The investigator who considered this complaint recommended that Santander reimburse Mrs M’s full outstanding loss. She said she thought Mrs M was the victim of a scam and that Santander couldn’t fairly rely on an exclusion to reimbursement set out in the Lending Standards Board’s Contingent Reimbursement Model Code (‘CRM Code’). Santander said that funds may have been used for genuine business purposes and it would like to wait for the outcome of the police investigation before amending any claims decisions. Mrs M’s complaint has been passed to me to decide. What I’ve decided – and why I’ve considered all the available evidence and arguments to decide what’s fair and reasonable in the circumstances of this complaint. In broad terms, the starting position at law is that a firm is expected to process payments and withdrawals that a customer authorises, in accordance with the Payment Services Regulations and the terms and conditions of the customer’s account. However, where the customer made the payment as a consequence of the actions of a fraudster, it may sometimes be fair and reasonable for the firm to reimburse the customer even though they authorised the payment. At the time of these payments, Santander was a signatory of the CRM code. This code required firms to reimburse customers who had been the victim of certain types of scams, in

-- 1 of 5 --

all but a limited number of circumstances. But customers were only covered by the code where they had been the victim of a scam – as defined in the code. Is it appropriate to determine this complaint now? As there is an ongoing police investigation into the building company I’ve considered whether the outcome of this investigation is reasonably likely to impact Santander’s reimbursement decision. There may be circumstances and cases where it’s appropriate to wait for the outcome of external investigations and/or related court cases. But that isn’t necessarily so in every case, as it may be possible to reach conclusions on the main issues on the basis of evidence already available. And it may be that the investigations or proceedings aren’t looking at quite the same issues or doing so in the most helpful way. I’m conscious, for example, that any criminal proceedings that may ultimately take place might concern charges that don’t have much bearing on the issues in this complaint; and, even if the prosecution were relevant, any outcome other than a conviction might be little help in resolving this complaint because the Crown would have to satisfy a higher standard of proof (beyond reasonable doubt) than I’m required to apply (which is the balance of probabilities). The Lending Standards Board has also said that the CRM Code does not require a criminal test to have been met before a reimbursement decision can be reached. Nor does it require a firm to prove the intent of the third party before a decision can be reached. So, for reasons I’ll explain in more detail below, I don’t think it’s necessary to wait for the outcome of any police investigation or court case for me fairly to reach a decision on whether Santander should reimburse Mrs M under the provisions of the CRM Code. I’m not persuaded that the outcome of the police investigation will impact Santander’s reimbursement decision under the CRM Code. And I’m satisfied there is already convincing evidence to demonstrate, on the balance of probabilities, that those who invested with the building company were dishonestly deceived about the purpose of the payments they were making and that Mrs M most likely the victim of a scam. Has Mrs M been the victim of a scam, as defined in the CRM Code? As I said above, under the CRM Code, the starting principle is that a firm should reimburse a customer who is the victim of an authorised push payment (APP) scam, except in limited circumstances. But the CRM Code only applies if the definition of APP scam, as set out in it, is met. I have considered whether Mrs M’s claim falls within the scope of the CRM Code, which defines an APP scam as: ...a transfer of funds executed across Faster Payments…where: (i) The Customer intended to transfer funds to another person, but was instead deceived into transferring the funds to a different person; or (ii) The Customer transferred funds to another person for what they believed were legitimate purposes but which were in fact fraudulent. To decide whether Mrs M is the victim of an APP scam as defined in the CRM Code I have considered: - The purpose of the payments and whether Mrs M thought this purpose was legitimate.

-- 2 of 5 --

- The purpose the recipient (G) had in mind at the time of the payments, and whether this broadly aligned with what Mrs M understood to have been the purpose of the payments. - Whether there was a significant difference in these purposes, and if so, whether it could be said this was as a result of dishonest deception. I’m satisfied Mrs M made the payments with the intention of investing with G. She thought her funds would be used to fund work G had been contracted to do by a major hotel chain, and that she would receive interest payments in return. I haven’t seen anything to suggest that Mrs M didn’t think this was legitimate. But I think the evidence I’ve seen suggests G didn’t intend to act in line with the purpose for the payments it had agreed with Mrs M. I note G did have a genuine contract to carry out work for the major hotel chain it mentioned to investors. But the administrators for the company have confirmed the value of the contract to G between 2021 and 2024 was £4.4 million, but that when it went into administration G owed £25.3 million to investors. So, G had raised far more from investors than the available evidence suggested it needed to fulfil the contract. It also appears that G had been deceiving investors about future work it would receive from the hotel chain. Multiple investors were told the hotel chain planned to refurbish numerous hotels around the country and that this would lead to around £18 million in revenue for G. But there’s no evidence of this kind of income on G’s account statements and, as the administrators have said, the actual amount G received from the hotel chain was significantly lower than this. The administrators have said they can’t confirm exactly how much of investors’ money was used to carry out work for the hotel chain, or in the ordinary course of business, but it is significantly lower than the amount raised from investors. Administrators also said one director loaned himself around £560,000, which has not been paid back. And that company funds have been spent on seemingly non-company related expenses, including: • around $6 million spent on sponsoring an American-based motor racing team between October 2020 and May 2024 • around £500,000 spent by one director on home improvements, which was not paid back to the company • around £4 million sent to Spanish bank accounts, which the directors of the company say was to raise investment but are now claiming has been lost due to fraud • around £2 million sent abroad for supposed investment purposes, which the directors of the company have told administrators has now been lost due to fraud committed against the company This service has also reviewed information relating to accounts held by G. While I can’t share details of this information, it appears to show there was a large amount of spending from the accounts that wasn’t related to the company’s contract with the hotel chain or other business purposes. Funds appear to have been used for sponsorship or personal reasons – in line with what the administrators have said (above).

-- 3 of 5 --

G also told investors it had a credit insurance policy with a large insurance provider, which would provide protection for investors if something went wrong. But the insurance provider has told police that there was no policy in place with the company, and that the policy number G gave investors didn’t match its policy number format. I think the available evidence shows G wasn’t providing the investment it had led Mrs M to believe she was making. This means the purpose G intended for the payments Mrs M made wasn’t aligned with the purpose Mrs M intended for the payments. The directors will have known they intended to use the majority of investors’ funds for a different purpose, that they were misleading investors about the amount of future work the company would receive from the hotel chain, and about the insurance policy. So I also think the discrepancy in the payment purposes was the result of dishonest deception on the part of the company. I appreciate that some investor money will have been used to carry out work for the hotel chain, and that we don’t know which specific payments G received were made towards that work. But, overall, I’m satisfied that this wasn’t a legitimate investment and Mrs M’s and other investors’ funds weren’t being used in the manner they were led to believe they were. So, regardless of where Mrs M’s specific payments went, G and its model was illegitimate, and Mrs M was deceived on this point. It’s clear Mrs M received some interest payments back from G. But a victim initially receiving returns is a common feature of a number of scams, so I don’t think this means that G was using Mrs M’s money as intended or wasn’t operating a scam. It seems likely the company provided returns to gain trust and further investment. I’ve considered also that there may be evidence our service does not have access to or that may become available later. But, for the reasons I’ve explained above, I’m satisfied there is sufficient evidence available for me to come to a fair and reasonable decision on this complaint, and I don’t consider it likely that the outcome of any ongoing investigation would significantly affect the conclusions I have reached. Is Mrs M entitled to a refund under the CRM Code? As I explained above, Santander was a signatory of the CRM Code. This code required firms to reimburse customers who had been the victim of authorised push payment scams, like this one, in all but a limited number of circumstances. It is for Santander to establish that one of those exceptions to reimbursement applies. Under the CRM Code, a firm may choose not to reimburse a customer if it can establish that: • The customer ignored an effective warning in relation to the payment being made • The customer made the payment without a reasonable basis for believing that: o the payee was the person the customer was expecting to pay; o the payment was for genuine goods or services; and/or o the person or business with whom they transacted was legitimate There are further exceptions in the CRM Code, but they don’t apply here. Santander hasn’t suggested that it is seeking to rely on an exception to reimbursement but for the sake of completeness I’ll briefly cover whether I think any exception can fairly be applied.

-- 4 of 5 --

I understand that Mrs M lives in a small village where a director of G also lived. In April 2023 she attended a hospitality event organised by the same director, where she met him and other investors. Mr M also knew several other people locally who had invested with G who discussed the returns they had received. I can see why this would have made Mrs M think the investment was legitimate. I don’t think there was anything about what Mrs M was told about the investment or the communication she received from G that ought to have caused her significant concern either. I haven’t seen any evidence that suggests there were warning signs that the company wasn’t offering a genuine investment when Mrs M made her payments. Overall, I don’t think Santander has established that Mrs M made the payments without a reasonable basis for believing that the investment was legitimate. Santander hasn’t said that an effective warning was ignored when Mrs M made the payments or provided evidence of an effective warning being presented at the time. So, it can’t fairly rely on that exception to reimbursement either. As I don’t think Santander has established that any of the exceptions to reimbursement under the CRM Code apply here, it should refund the money Mrs M lost. Redress As Mrs M received interest payments from the building company in relation to these payments, these payments need to be deducted from the amount Santander has to refund her. Mrs M invested £20,160 and received back £1,282.16 in respect of these investments. So her outstanding loss is £18,877.84. Whilst I’d expect Santander to be on the look-out for out of character transactions, I don’t think that any intervention would have caused it to be concerned given what was known about G at the time. But I do think there was sufficient evidence available at the time Mrs M reported her scam claim for Santander to assess the claim and conclude that she had been the victim of an APP scam as set out in the CRM Code. So, I think Santander should have refunded Mrs M’s losses in its original response to her claim, and so should now pay 8% interest on this refund from the date it originally declined her claim to the date of settlement. My final decision For the reasons set out above, I uphold this complaint and require Santander UK Plc to: • Refund Mrs M £18,877.84; and • Pay Mrs M 8% simple interest on that refund, from the date it originally declined her claim to the date of settlement. Under the rules of the Financial Ombudsman Service, I’m required to ask Mrs M to accept or reject my decision before 8 April 2026. Jay Hadfield Ombudsman

-- 5 of 5 --