Now that the Online Safety Bill is law, the hard work begins

Now that the Online Safety Bill is law, the hard work begins

 Barring any last-minute hold-ups, the Online Safety Bill will have become, or will be waiting to become, the Online Safety Act by the time you read these words. This legislation has had a difficult gestation. First proposed six years ago by Theresa May as Prime Minister, it has been “stuck in development” as hundreds of campaign groups have called for tighter controls and social media firms have tried to amend the Bill to make it less burdensome, arguing regulation is unnecessary.

Whilst we are alive to many of the concerns stakeholders have outside our narrow interest, the establishment of a ‘Duty of Care’ on social media websites and search engines in the UK is a hugely important principle and a victory for all those who have campaigned over the years for this principle to be established in law.

PIMFA is pleased to have been part of a campaign group that included consumer groups like Which? and the Money and Mental Health Policy Institute, other trade associations such as UK Finance, the Association of British Insurers and the Investment Association and interested parties including the City of London Corporation, City of London Police and the Carnegie Institute UK. That such organisations came together to campaign for fraud to be included as a priority harm within the Bill, after its absence in the initial White Paper in December 2020, is a measure of how passionate we all are about the need to protect the public from such a menace.

Fraud is, and remains, the most reported crime in the UK. According to the Office for National Statistics there were 3.7 million incidents of fraud in the UK in 2022, while the National Crime Agency (NCA) estimates £2.46 billion was lost to fraud in the year, an increase of 17% on the year before. Moreover, the NCA estimates that only 20% of all fraud in the UK is reported, meaning the true cost to the UK is closer to £12 billion, and the majority of all fraud today, according to the City of London Police, is committed online. Not only that, but fraud is one of the main sources of funding for organised crime worldwide, without which many other problems the Online Safety Bill seeks to address – including child exploitation and terrorism – would not be possible.

This was our argument from the start, and we were delighted when the Government accepted that. We were, of course, helped along the way with interventions by Nikhil Rathi, chief executive of the FCA, Andrew Bailey, the Governor of the Bank of England, too many backbench MPs to mention here, the Treasury Select Committee and the Work and Pensions Select Committee, among others.

We accept that the legislation is not perfect, but no legislation ever is. There will be those for whom the legislation doesn’t go far enough, just as there will be those for whom the legislation goes too far. However, it seeks only to make illegal online that which is illegal in real life.

Our campaign group sought to fight fraud in the only way possible. It is impossible for a wealth manager or financial adviser to buy every iteration of a website domain name. Domain Name Registration Services are spread worldwide and are a Wild West, allowing organised criminals to clone legitimate company websites easily and then buy advertising on search engines and social media without oversight, making victims of many innocent people. In much the same way, banning cold calling, as recently proposed by HM Treasury, whilst welcome, will not completely solve the problem without the cooperation of telecom companies.

Even the attempt by those search engines and social media platforms to circumvent the legislation by voluntarily beginning to check for FCA registration numbers of their advertisers is insufficient as these are also easily obtained from the register itself, and legitimate companies will put their registration numbers on their websites anyway, so they are easily copied. Therefore, the only way to prevent fraudsters is to stop them from gaining access to their victims by introducing a Duty of Care on those search engines and social media companies to ensure they introduce far more stringent checks on their advertisers.

This was always something search engines and social media companies were able to do. Traditional media companies already do so and have done for over a century. At the heart of the debate was whether social media companies and search engines were publishers or merely platforms – and, therefore, had less responsibility for what was published on their websites. Now we know. From now on, these companies will have to abide by similar rules to those that traditional media companies always have done.

But that doesn’t mean this is the end of the road. The Government must ensure Ofcom has the right resources to be able to properly identify instances of fruad. To ensure that the law is enforced and online fraud is eradicated in this country, PIMFA believes that there is a clear role for the FCA in supporting Ofcom.

We are not done yet. The principles have been established. Now, the hard work begins.