The original duty arose from the 1992 decision in Barclays Bank Plc v Quincecare and aimed to strike a balance between guarding against the facilitation of fraud and imposing a too burdensome obligation on Banks which could hamper their ability to transact effectively.
The duty requires Banks to use reasonable skill and care in carrying out customers’ orders and arises where the Bank (or Financial Institution) in question is “put on enquiry” that an instruction is an attempt to misappropriate funds. The Bank must have “reasonable grounds” for suspecting the instruction is fraudulent and will be held to the standard of an ordinary prudent banker.
It was not until 2017 when the Quincecare duty was revisited in Singularis v Daiwa1 and, it can be said, that thereafter the application of the Quincecare duty has been inconsistent. Since the original ruling, there has been a lack of clarity over what a Bank’s duty of enquiry is and how this can be reconciled with their duty to follow customers’ instructions.
In 2018, Mrs F Phillip was the victim of an Authorised Push Payment (APP) fraud. Mrs Phillip was tricked by a fraudster pretending to be from the Financial Conduct Authority (FCA), who convinced her to transfer funds totalling £700,000.
Upon discovering that she had been the victim of a fraudulent scam, she intended to hold Barclays accountable for loss suffered. Mrs Phillip implied that Barclays should have had policies in place to detect and prevent the APP fraud from occurring.
In the first instance, The High Court ruled in favour of Barclays accepting they did not owe a duty and that Quincecare limits Banks’ duty of care to “cases of attempted misappropriation by an agent of the customer.”2 In the judgment, whilst expressing sympathy for Mrs Phillip, the Judge concluded as follows: “it would not be fair, just or reasonable to impose liability on that part of the Bank in respect of the APP fraud... such liability could only rest upon what I regard to be an unprincipled and impermissible extension of the Quincecare duty.”3 In the Judge’s view, extending the duty to direct customer instructions would undermine the Banks’ duty to act on instructions promptly and would impose an onerous and unworkable duty on Banks.
The case was taken to the Court of Appeal, at which point the Consumers' Association (Which?) applied to intervene in the appeal. They were granted permission and sought to argue that the court should recognise a duty of care in these circumstances and the duty should not be confined to companies or agents. They also submitted that the duty would not be unworkable or onerous as it would reflect current banking practices.
The Appeal Judge broke the Quincecare duty down into stages:
The Trial Judge in the Court of Appeal determined that the Quincecare duty of care was not limited to instructions given by a customer's agent but instead there should be a question as to whether “the circumstances are such that the bank is on inquiry that executing the order would result in the customer's funds being misappropriated”4.
The Court went on to conclude that it is "at least possible in principle that a relevant duty of care could arise in the case of a customer instructing their bank to make a payment when that customer is the victim of APP fraud"5.
As a result of this, the Judge determined that the logic is to ultimately protect the customer.
Authorised push payment fraud is a form of fraud where individuals are manipulated into making real-time payments to fraudsters, typically by social engineering attacks involving impersonation. It differs from other types of fraud, where criminals obtain access to accounts and misappropriate funds without the account holder’s knowledge. With APP scams, criminals try to persuade account holders to take action quickly, often inciting panic, which in turns causes account holders to make ill thought through decisions. In recent years, APP scams have increased both in value and volume, with many individuals suffering significant financial and emotional harm.
Since 2016, the Payment Systems Regulator (PSR) and the payments industry have worked together to both prevent payments fraud, and to develop better mechanisms for reimbursing victims of APP scams. This has included introducing the voluntary Contingent Reimbursement Model (CRM) Code (“the Code”), which began operating in 2019. Under the Code, signatory payment service providers voluntarily reimburse APP scam victims. The Code has currently been signed by ten banking groups, and covers 90% of relevant transactions. Further payment service providers have also made independent voluntary commitments to victim reimbursement.
Since the original decision in Quincecare, fraudsters are becoming more sophisticated and even more so since the COVID-19 pandemic. It could be said there is an obligation on Financial Institutions to safeguard their customers against these risks. However, there is a balance to be struck between protecting customers from the vast array of sophisticated fraudulent schemes and not imposing a too onerous obligation on Financial Institutions so as to hamper their ability to carry out transactions effectively.
Whilst the Court did not determine whether there was a breach of duty in this case, (this will require a full examination of the facts at trial) nor did they look to expand the Quincecare duty per se, the decision has potentially paved the way for the duty to expand further, putting more onerous obligations on Financial Institutions to scrutinise instructions received from customers.
Therefore, in light of this decision, Financial Institutions may want to carefully consider their exposure to claims for APP fraud, including reviewing and potentially re-evaluating their processes and controls in order to mitigate against potential losses arising from such claims.
In terms of the scope of the Quincecare duty going forward, it will be interesting to see the further developments in other cases such as where the Supreme Court is considering whether a Bank’s Quincecare duty extends to protecting insolvent customer’s creditors as well as another case where the High Court is considering the extent of a Bank’s duty to investigate when it is on notice of a possible fraud.
Given that the burden of combatting fraud is being firmly placed at the door of Financial Institutions, it is likely we are going to see more cases where the scope of the duty is to be clarified and potentially widened in order to protect customers.
In the event a Financial Institution finds itself on the receiving end of an allegation of breach of duty, whether that be Quincecare or any other breach of duty, they should look to review their Insurance arrangements and discuss appropriate limits of liability and scope of coverage with their broker.
1 See Singularis Holdings Ltd v Daiwa Capital Markets [2019] UKSC 50.
2 Philipp v Barclays Bank UK Plc [2021] EWHC 10, [133]
3 Philipp v Barclays Bank UK Plc [2021] EWHC 10, [184]
4 Birss LJ, Philipp v Barclays Bank UK Plc [2022] EWCA Civ 318, [30]
5 Birss LJ, Philipp v Barclays Bank UK Plc [2022] EWCA Civ 318, [78]
