Barring any last-minute hold-ups, the online safety bill will have become, or will be waiting to become, the Online Safety Act by the time you read my words here. The legislation has had a difficult gestation.
First proposed six years ago by Theresa May as prime minister, it has been “stuck in development” as hundreds of campaign groups have called for tighter controls and social media firms have tried to amend the bill to make it less burdensome, arguing regulation is unnecessary.
While we are alive to many of the concerns stakeholders have outside our narrow interest, the establishment of a duty of care on social media websites and search engines in the UK is a hugely important principle and a victory for all those who have campaigned over the years for this principle to be established in law.
Pimfa is pleased to have been part of a campaign group that included consumer groups like Which? and the Money and Mental Health Policy Institute; other trade associations such as UK Finance, the Association of British Insurers and the Investment Association; and interested parties including the City of London Corporation, City of London Police and the Carnegie Institute UK.
That such organisations came together to campaign for fraud to be included as a priority harm within the bill, after its absence in the initial white paper in December 2020, is a measure of how passionate we all are about the need to protect the public from such a menace.
Fraud is, and remains, the most reported crime in the UK. According to the Office for National Statistics there were 3.7mn incidents of fraud in the UK in 2022, while the National Crime Agency estimates £2.46bn was lost to fraud in the year – an increase of 17 per cent on the year before.
The legislation seeks only to make illegal online that which is illegal in real life.Moreover, the NCA estimates that only 20 per cent of all fraud in the UK is reported, meaning the true cost to the UK is closer to £12bn, and the majority of all fraud today, according to the City of London Police, is committed online.
Not only that, but fraud is one of the main sources of funding for organised crime worldwide, without which many other problems the online safety bill seeks to address (child exploitation, terrorism, illegal weapons sales, the illegal drug trade) would not be possible.
This was our argument from the start, and we were delighted when the government accepted that argument.
We were, of course, helped along the way by interventions by Nikhil Rathi, chief executive of the FCA, Andrew Bailey, governor of the Bank of England, too many backbench MPs to mention here, the Treasury Committee and the Work and Pensions Committee, among others.
I accept that the legislation is not perfect, but no legislation ever is. There will be those for whom the legislation doesn’t go far enough, just as there will be those for whom the legislation goes too far.
However, the legislation seeks only to make illegal online that which is illegal in real life.
Our campaign group sought to fight fraud in the only way possible. It is impossible for a wealth manager or financial adviser to buy every iteration of a website domain name.
Domain name registration services are spread worldwide and are a wild west, allowing organised criminals to clone legitimate company websites easily and then buy advertising on search engines and social media without oversight, making victims of many innocent people.
In much the same way, banning cold-calling, as recently proposed by the Treasury, while welcome will not completely solve the problem without the co-operation of telecom companies.
Even the attempt by those search engines and social media platforms to circumvent the legislation by voluntarily beginning to check for FCA registration numbers of their advertisers is insufficient as these are also easily obtained from the register itself, and legitimate companies will put their registration numbers on their websites anyway, so they are easily copied.
Therefore, the only way to prevent fraudsters is to prevent them from gaining access to their victims by introducing a duty of care on those search engines and social media companies to ensure they introduce far more stringent checks on their advertisers.
I accept that the legislation is not perfect, but no legislation ever is.This was always something search engines and social media companies were able to do. Traditional media companies already do so and have done so for over a century.
At the heart of the debate was whether social media companies and search engines were publishers or merely platforms and, therefore, had less responsibility for what was published on their websites. Now we know.
From now on those companies will have to abide by similar rules that traditional media companies always have.
But that does not mean this is the end of the road. The government must ensure Ofcom has the right resources to be able to properly identify instances of fraud.
To ensure that the law is enforced and online fraud eradicated in this country, Pimfa believes that there is a clear role for the FCA in supporting Ofcom.
We are not done yet. The principles have been established. Now, the hard work begins.
David Ostojitsch is director of government relations and policy at Pimfa
