Contingent Reimbursement Model (CRM) Code
The voluntary UK bank code under which subscribing firms agreed to reimburse APP fraud victims who were not negligent — superseded by mandatory PSR rules in October 2024.
Also known as: CRM Code, voluntary reimbursement code
Last reviewed: 10 June 2026
The Contingent Reimbursement Model Code was a voluntary industry code launched in May 2019 and administered by the Payment Systems Regulator. Subscribing payment service providers committed to reimbursing retail and small-business customers who were victims of authorised push payment (APP) fraud, provided the customer had not been grossly negligent, had not ignored adequate warnings, and had taken reasonable care. Customers were expected to have checked payee details and heeded genuine warnings.
The CRM Code achieved partial success: reimbursement rates improved under signatory firms compared with non-signatories, but firms interpreted 'gross negligence' inconsistently, leading to widely varying outcomes. The PSR found that a significant proportion of eligible victims were still not being reimbursed, prompting the transition to mandatory rules.
From 7 October 2024, the CRM Code was replaced by the PSR's mandatory reimbursement rules. The new rules apply to all payment service providers sending or receiving Faster Payments in the UK, set a default reimbursement limit of £85,000, and split liability 50/50 between sending and receiving firms. The CRM Code is now largely of historical relevance for claims arising before October 2024.
Examples
- A victim defrauded in 2022 by a courier impersonation scam claims under the CRM Code; the bank initially cites gross negligence but the FOS overturns the decision.
- A consumer defrauded in November 2024 is entitled to reimbursement under the new mandatory PSR rules rather than the now-defunct CRM Code.