Santander UK Plc · DRN-6265300

Complaint Mr K is unhappy that Santander UK Plc didn’t reimburse him in full after he reported falling victim to an investment scam. Background In 2023, Mr K fell victim to an investment scam. He had come across what he believed to be a legitimate company after watching YouTube videos about investment strategies. After he made contact, he was approached by someone he understood to be a representative of that company. In reality, this individual was a fraudster. The fraudster explained an investment strategy centered on cryptocurrencies and told Mr K he could expect annual returns of around 8–9%. Mr K was happy to proceed and so, following the fraudster’s instructions, he opened accounts with two third-party cryptocurrency exchanges. He used his Santander account to send funds to those platforms, where the money was converted into cryptocurrency. The cryptocurrency was then transferred into wallets controlled by the fraudsters. These payments were a mixture of faster payments and credit card payments. The values and dates are set out in the table below: 1 17 April 2023 £4,028.79 2 18 April 2023 £4,047.13 3 21 April 2023 £8,062.35 4 22 April 2023 £4,852.23 5 23 April 2023 £808.71 6 27 April 2023 £900 7 27 April 2023 £4,100 8 28 April 2023 £5,000 9 28 April 2023 £200.89 10 3 May 2023 £321.71 11 3 May 2023 £7,045.60 Once Mr K realised he had been the victim of a scam, he contacted Santander. It agreed to reimburse him in part. Specifically, it refunded 50% of the payments he had made by Faster Payments, but none of the payments he had made by card. It didn’t, however, agree to offer anything further. It said that because Mr K had been transferring money into accounts that were in his own name and under his effective control, he hadn’t suffered a loss at the point the funds left his Santander account. In its view, the loss only arose after later steps were taken. Santander therefore didn’t think it would be fair or reasonable for it to be held liable for processing payments which, at the time they were made, didn’t result in any financial loss to Mr K.

-- 1 of 4 --

Mr K wasn’t happy with that response and referred his complaint to this service. An Investigator considered the case and partially upheld it. The Investigator thought Santander should have been concerned about fraud risk and intervened when the second payment was made and that, had it done so, Mr K’s losses would likely have been prevented. Santander disagreed with the Investigator’s view. It repeated its position that Mr K had been paying his own accounts. It also said I needed to consider whether the third‑party cryptocurrency platforms Mr K used had carried out any fraud‑prevention measures. It said this was relevant both to assessing the seriousness of any failing on its part when apportioning responsibility between all firms involved, and to understanding whether a timely intervention by Santander would have made any difference to the eventual outcome. As the parties couldn’t reach an agreement, the case was passed to me to decide. Findings I’ve considered all the available evidence and arguments to decide what’s fair and reasonable in the circumstances of this complaint. I issued a provisional decision on 17 March 2026. I wrote: As a starting point, the legal position is that a bank is generally required to process payments and withdrawals authorised by its customer, in line with the Payment Services Regulations 2017 and the relevant account terms and conditions. It’s accepted that the disputed payments were authorised by Mr K. However, that isn’t the end of the matter. Good industry practice requires banks to monitor account activity and identify transactions that appear unusual or out of character, and which may indicate a risk of fraud. Where such concerns arise, I would expect a bank to take reasonable steps to protect its customer. This could include presenting a clear and timely warning during the payment journey, or contacting the customer to understand the circumstances before allowing the transaction to proceed. With hindsight, we know Mr K was the victim of fraud. I have to decide whether the risk should reasonably have been apparent to Santander at the time, based on the information it had available, and whether it ought to have intervened. The investigator identified the second payment in the table above as the point at which the firm ought to have had concerns and I’m minded to agree with that conclusion. The payment was out of keeping with the way the account had been used in the preceding months, and it was for a significant sum being sent to a cryptocurrency firm, which carried an associated fraud risk. I accept that customers can make one-off payments that do not follow their usual pattern of account usage, and I can see why payment 1 was processed without question. However, by the time Mr K instructed it to make payment 2, he was sending a substantial amount of money to a relatively new and high-risk payee across a two-day period. In my view, the bank should not have processed that payment without making further enquiries. There is no good reason to think Mr K would have attempted to mislead the bank had it intervened. He has said the fraudsters did not instruct him to conceal anything, and the limited information he has supplied, including his messages with the fraudster, does not suggest he was coached to respond to a bank intervention in any particular way. Furthermore, if a discussion had taken place, I do not think it would have been difficult for the bank to identify that he was at risk of fraud. The investment opportunity had been introduced to him on social media. He was being asked to transfer cryptocurrency into the control of the broker, which in itself was a strong

-- 2 of 4 --

indicator that the operation was almost certainly fraudulent. His understanding of cryptocurrency was shallow at the time, and he would not have been able to articulate how his money would be used or how the returns were supposedly generated. If an employee of the bank had discovered these facts, they could’ve advised him on the steps he could take to protect himself, including checking whether the firm was authorised. It could also have clearly warned him about the risks of giving a third-party control of his cryptocurrency and that his situation shared many of the hallmarks of commonly occurring investment scams. I’m not persuaded that there’s any good reason to think he would’ve proceeded had that happened. I acknowledge that Mr K remained in control of his money after the payments left Santander, and that the loss occurred only after he took further steps. However, Santander should still have recognised that he was at serious risk of financial harm at the point of payment 2. It should have made further enquiries and, ultimately, prevented the loss. In those circumstances, I consider it fair to hold Santander responsible for the loss from that point onwards. I have also taken into account the role of the other firms involved, namely the cryptocurrency exchanges. It’s possible they may have fallen short in their handling of any potential fraud risks, but Mr K has chosen not to pursue a complaint against them, and I can’t require him to do so. I don’t consider it fair to reduce his compensation simply because he has sought to recover his losses from only one firm, particularly when I have explained why I consider that firm should’ve prevented the loss he suffered. I’ve also considered whether it would be fair and reasonable for Mr K to bear some responsibility for his own loss by way of contributory negligence. I accept that he sincerely believed he was dealing with a legitimate investment company, but I am not persuaded that this belief was reasonable. He was investing a significant amount of money, yet he carried out no checks to confirm the legitimacy of the company. The promised returns were somewhat higher than would typically be available to a retail investor, though not so excessive that they were obviously fraudulent. Nevertheless, I am concerned that there appear to have been no formalities to his supposed agreement with the company at all. He was given no explanation as to how the company intended to generate returns on his behalf, and there was no contract or documentation setting out what would happen to his money once he placed it under the company’s control. Taking all of this into account, I consider it fair and reasonable for a 50 per cent deduction to be applied to the compensation payable. I asked for both sides to respond before 31 March 2026. Mr K responded to say that he accepted the provisional decision, but Santander didn’t respond. As neither side has provided anything to challenge the basis of the provisional decision, I don’t see any reason to depart from it and so I’m upholding Mr K’s complaint for the reasons set out above. Final decision For the reasons I’ve set out above, I uphold this complaint. If Mr K accepts my final decision, Santander UK Plc needs to: - Refund 50% of the transactions in the table above from payment 2 onwards (less any refund that has already been paid). - Add 8% simple interest per annum up until the date of settlement to reflect the fact that Mr K was out of pocket on those funds. As the relevant payments were made by credit card, the starting date for this calculation will be the date he paid off those amounts from the balance of his credit card account.

-- 3 of 4 --

Under the rules of the Financial Ombudsman Service, I’m required to ask Mr K to accept or reject my decision before 28 April 2026. James Kimmitt Ombudsman

-- 4 of 4 --