A consumer law firm has called on Finance Minister Enoch Godongwana to introduce a mandatory reimbursement framework that would require banks to compensate victims of banking fraud unless they can prove the customer was grossly negligent.
The proposal forms part of an open letter addressed to the Minister and several financial-sector bodies, including the South African Reserve Bank, the Financial Sector Conduct Authority, the Financial Intelligence Centre, the Banking Association South Africa (BASA), and the Payments Association of South Africa. After receiving no substantive response, Broekmann Attorneys launched a public petition calling on Godongwana to implement the reforms.
The proposal raises a fundamental policy question: when fraudsters deceive consumers into disclosing confidential banking credentials or authorising payments, who should bear the financial loss? Trudie Broekmann argues that banks, rather than consumers, should ordinarily carry that risk because they are better placed to prevent and detect increasingly sophisticated fraud.
The National Financial Ombud Scheme (NFO), while acknowledging that fraud is becoming more sophisticated and that the current framework “may not be fully effective” in addressing evolving fraud schemes, continues to determine disputes on their individual facts. BASA, meanwhile, says the existing framework strikes an appropriate balance between consumer protection and customer responsibility, although it has not adopted an industry position on Broekmann’s proposal.
A case for change
Broekmann’s starting point is that consumers are no match for organised fraudsters.
“The consumer is a novice in the context of fraud, while the bank is (or should be) an expert,” she told Moonstone.
Broekmann Attorneys argues the imbalance does not end once the fraud has occurred.
In its open letter, the firm says victims are often left to investigate the loss themselves, while banks hold critical information such as the recipient account details, the time and date of transactions, and information about where stolen funds were withdrawn. Consumers are frequently unable to obtain this information because, according to the firm, banks cite the Protection of Personal Information Act as a basis for refusing disclosure, leaving victims without the tools needed to trace or recover their money.
That imbalance underpins its proposal that banks should reimburse victims unless they can demonstrate that the customer acted with gross negligence.
Broekmann argues that gross negligence is a high threshold that should apply only in exceptional circumstances and should not be confused with a consumer being deceived.
“We must distinguish between being deceived, where the consumer is not being negligent, but has simply been taken in by a well-resourced and inventive fraudster, and being careless,” she said.
“Gross negligence implies recklessness or a blatant disregard for safety measures. Giving out your access information is not necessarily grossly negligent.”
Broekmann also contends that the current legal framework leaves many victims without an effective remedy. She points to the NFO’s latest annual report, which shows that only 17% of Banking and Credit Division determinations were in favour of complainants. In her view, this reflects a structural problem in the way banking fraud disputes are resolved and demonstrates why a mandatory reimbursement framework is needed to ensure victims are “not victimised a second time by the law and the adjudication bodies”.
Broekmann believes the reforms should go beyond changing the legal test for reimbursement. She says the Code of Banking Practice and the Joint Standards for Cybersecurity and Information Technology Governance issued under the Financial Sector Regulation Act should be strengthened because they “contain no provisions that hold banks liable”. Although comprehensive legislation governing banking fraud could ultimately be introduced, she believes strengthening the existing regulatory framework would provide a faster solution.
The proposal is also broader than authorised payment scams alone.
“The mandatory reimbursement policy needs to apply to banking fraud as a whole,” Broekmann said. “This would include banking fraud where customers are deceived into authorising transactions and cases where money is taken out of your account fraudulently without authorisation, which we’re also seeing regularly.”
Looking to the United Kingdom
Broekmann’s proposal is informed by the United Kingdom’s mandatory reimbursement framework for victims of Authorised Push Payment (APP) scams, but she says South Africa should adopt a broader approach.
APP scams differ from traditional banking fraud because the customer authorises the payment after being deceived. Rather than obtaining unauthorised access to an account, fraudsters manipulate victims into transferring money themselves by impersonating trusted organisations or individuals.
The UK introduced a mandatory reimbursement regime for qualifying APP scams on 7 October 2024. Subject to specified conditions and exceptions, payment service providers must reimburse victims of qualifying scams. Under the UK model, the sending provider reimburses the customer, while the receiving provider generally contributes 50% of the reimbursement cost. The framework includes safeguards such as an exception for gross negligence and a reimbursement cap of £85 000 per claim.
Broekmann believes the UK has adopted the correct underlying principle.
Referring to the UK Payment Systems Regulator’s reimbursement framework, Broekmann said that save where the consumer committed gross negligence, the bank must reimburse the defrauded consumer. I believe this is the right approach.”
While she supports adopting all its consumer protections, she believes South Africa should provide even broader protection.
Asked which aspects of the UK framework should be adopted, Broekmann said it protects individuals, micro-enterprises, and charities and requires banks to reimburse qualifying complaints within five days. She added that there were no elements she would not recommend introducing locally.
“There are no elements that I would not recommend introducing in South Africa – in fact, our socio-economic conditions and the relatively lower sophistication of our population would justify even firmer protections.”
What the ombud is seeing
According to Nerosha Maseti, Lead Ombud for the NFO’s Banking and Credit Division, the underlying objective of fraudsters has not changed, but their methods continue to evolve.
“The basic modus operandi of these scams is not new, and the fraudsters’ core objectives remain consistent – to induce consumers either to disclose confidential credentials or to transact or authorise transactions under false pretences. However, over the years, there is a constant change in the execution techniques that fraudsters have applied, and the growing use of AI has materially increased the sophistication, scale, and effectiveness of these fraud schemes.”
The ombud has also seen a rise in complaints involving consumers who are persuaded to make payments themselves.
“Year to date, we have received 193 more push payment complaints than during the corresponding period last year,” Maseti said.
However, she cautions against assuming these complaints should automatically result in reimbursement.
The NFO says it follows an evidence-based approach, assessing each complaint on a balance of probabilities after considering the versions presented by both the customer and the bank. Banks are generally required to provide detailed evidence explaining how disputed transactions occurred and how they were authenticated, while the ombud considers whether either party contributed to the loss.
“In the majority of cases the finding on a balance of probabilities is that complainants compromised their confidential access credentials or made or authorised the payments themselves which resulted in the transactions and the loss,” Maseti said.
This, however, does not mean banks are never responsible. The NFO examines whether a bank acted reasonably, complied with its contractual and regulatory obligations, maintained appropriate security measures and responded appropriately once fraud became apparent. Reimbursement may be appropriate where a bank failed to exercise reasonable care or where deficiencies existed in its systems or processes.
At the same time, the ombud accepts that the current framework may not fully address the changing fraud landscape.
“The NFO’s complaint data, together with other available fraud statistics, indicate that fraud incidents and associated financial losses continue to increase despite existing legal and regulatory measures,” Maseti said.
“This trend suggests that the current framework, while providing important protections, may not be fully effective in addressing the evolving nature and sophistication of modern fraud schemes.”
Rather than focusing solely on banks, however, the NFO believes any reform should encompass the wider payments ecosystem. It points out that merchants, non-bank payment service providers, telecommunications providers, online betting platforms, and digital platform operators all play a role in preventing and responding to fraud, yet many fall outside the jurisdiction of the FSCA or an ombud scheme. The ombud therefore advocates greater co-operation, information sharing, and accountability across the entire digital payments value chain.
BASA: No industry position
BASA believes the existing legal and regulatory framework strikes an appropriate balance between consumer protection and customer responsibility. It said individual banks deal with fraud on a case-by-case basis within the applicable framework and their own policies and procedures, while customers who are dissatisfied with the outcome may approach the NFO.
BASA declined to comment on Broekmann’s proposed gross-negligence standard or on the adoption of a UK-style reimbursement framework, explaining that the proposal is not the subject of a formal legislative or regulatory process.
“The proposal is not a formal regulatory or legislative proposal. BASA has not discussed same with its members and there is no industry position on the issue raised. Should government or a regulator initiate a consultation, BASA will engage with its members and participate in that process per its usual procedure.”
The association said the Code of Banking Practice does not aim to address losses from fraud. It organises financial sector regulation applicable to banking customers in a way that is easy to understand and access. Its purpose is to ensure that bank customers are empowered to make use of their rights set out in legislation.
BASA said the Conduct of Financial Institutions Bill aims to establish a single, comprehensive regulatory framework for the market conduct of financial institutions in South Africa. This framework is designed to improve how financial institutions treat their customers, manage risks, and contribute to the integrity and stability of the financial system.
Broekmann said the petition was launched after none of the recipients of the firm’s open letter responded to its proposals. Once it has attracted sufficient support, it will be presented to the Minister of Finance. At the time of publication, no formal legislative or regulatory consultation on the proposal had been announced.




