Skip to main content

High court limits bank’s duty to customer victim of APP fraud

Why is this case of interest?

The Quincecare duty [1], a form of duty of care owed by a bank to its customers, provides that the bank must refrain from executing a payment mandate from an authorised signatory of its customer if the bank has reasonable grounds (although not necessarily proof) for believing that the mandate is an attempt to misappropriate the customer’s funds.

Philipp v Barclays Bank UK plc [2] is a welcome decision of interest to financial services firms because it confirms that:

  • the Quincecare duty can protect corporate entities but it does not apply to individual customers; and
  • the duty does not operate in the context of authorised push payment (APP) fraud [3].

What practical advice arises for financial services firms?

Financial services firms will be able to rely on this new authority to defend Quincecare duty claims made against them in the context of individual customers and APP fraud.

The court ordered summary judgment in favour of the bank in this case.  It is therefore likely that this relatively quick and cost-effective method of disposing with claims early and without a full trial would be available in other APP fraud Quincecare duty claims.

Firms should note, however, that their fundamental common law duties to adhere to standards of reasonable, honest conduct and to be alive to the possibility of fraud remain.  So, too, do regulatory requirements, commitments under the Contingent Reimbursement Model Code for Authorised Push Payment Scams, and any duties as regards fraud prevention and protection which might arise by virtue of contractual terms or representations made to customers within legal and/or marketing material and other communications/interactions with customers.

Any claims made against firms which allege fraud of any kind should, therefore, be fully assessed on their own merits.  Strategies for responding to and resolving fraud claims of all types will differ on a case by case basis.

Alongside legal and regulatory obligations, effective fraud detection, prevention and, where appropriate, reimbursement policies are also, of course, an essential part of the customer service and PR policies of responsible lenders today.  Being aware of the different types of fraud risk operating in today’s market can help lenders and their advisers to spot potential indicators of fraud; and adopting rigorous due diligence and applying suitable Fintech solutions can contribute to effective fraud prevention which, ultimately, is the goal for firms and their customers alike.

What happened in the particular case?

This case concerned a scam which is, unfortunately, increasingly common.  The bank’s customer was tricked, by sophisticated fraudsters, into believing that she needed to transfer money – in this case some £700,000 – into what she thought were safe and genuine accounts.  In fact, the accounts were fraudulent and the money was lost.  The customer brought a claim against the bank, alleging that the bank owed to her, and had breached, the Quincecare duty, which involved detecting, preventing, stopping fraud and/or reversing/reclaiming monies which are the subject of a potentially fraudulent transfer.

The High Court held:

  • All previous Quincecare authorities had involved corporate entities (including unincorporated associations such as partnerships), where misappropriation of funds had been attempted by an agent of a customer. The Quincecare duty was intended to protect against an agent/representative/signatory of a customer who might go ‘rogue’.
  • Unlike those authorities, a case of APP fraud involves a payment instruction given by a customer itself. As between the bank and its customer, a payment instruction is no less real and genuine just because it has been induced by fraud or deceit.  A bank must be able to take a payment instruction from the customer itself as being real and genuine: a customer cannot steal from itself.
  • The Quincecare duty should not be elevated beyond the bank’s primary duty to act upon a customer’s instructions. Such an outcome would have the unwelcome results of placing and prioritising onerous and commercially unrealistic policing obligations over a bank’s fundamental obligation to act on its customer’s instructions.
  • In any event, there is no clear framework within which such an extended duty could sensibly operate. In relation to APP fraud, banks cannot be held to account for failure to adhere to any kind of fraud detection/prevention code which does not, in fact, exist and the terms of which are not, therefore, clearly defined.  Banks cannot be expected to become guardians of the commercial wisdom of their customer’s decisions.

How can we help?

Walker Morris’ cross-disciplinary Financial Services specialists are experienced and expert in dealing with all aspects of fraud prevention and cure, ranging from the provision of staff training and the preparation of policies and procedures to prevent, mitigate and respond to fraud; to litigation, tracing, recovery and enforcement action when the worst does happen.

If you would like to discuss any of the issues covered in this article, if you are interested in Walker Morris fraud prevention training, or if you would like any further advice or assistance in connection with the risks and prevention of APP or any other fraud in 2021, please do not hesitate to contact Louise Power.


[1] Named for the case which gave rise to this duty of care: Barclays Bank Plc v Quincecare Ltd [1992] 4 All ER 343

[2] [2021] EWHC 10 (Comm)

[3] See our earlier briefing for more information on APP fraud