Court of Appeal: Banks’ Quincecare Obligation May Apply to Instructions from Defrauded Customers | White & Case srl
In Philipp v Barclays Bank UK PLC, the Court of Appeal held that the Quincecare requirement could apply to direct instructions from customers (and not just those given by an agent), so banks could be held liable for failing to protect against “authorized push payment” fraud.1
The duty of Coingcare
Quincecare’s duty of care arises from the decision of Barclays Bank plc v Quincecare Limited.2 It provides that a bank must not execute the instructions of its customer if there are reasonable grounds to believe that it is an attempt to misappropriate the customer’s funds.
In March 2018, Mrs. Philipp was the victim of an authorized push payment (“APPLICATION“) fraud. APP fraud occurs when fraudsters trick a customer into authorizing a payment from the customer’s account to an account controlled by the fraudster. Here, Mr. and Mrs. Philipp were tricked by a fraudster, getting posing as an FCA employee, who convinced the couple that funds belonging to them needed to be transferred in order to protect them from suspected fraud following a transfer of money from her husband’s bank account to his own account ( held with Barclays Bank (the “Bank“)), Ms Philipp subsequently instructed the Bank to transfer £700,000 to various international bank accounts.
Following the discovery that they had been the victim of fraud, Ms. Philipp filed a complaint against the Bank, alleging that the Bank had failed in its Quincecare duty of care because it had failed to implement policies and procedures for the purpose of detecting and preventing APP fraud.
The Bank applied for the debt to be written off on the grounds that no obligation of Quincecare had arisen. She argued that the obligation was limited to cases of attempted misappropriation authorized by an employee of the customer, whereas the present case concerned payments directly authorized by the customer.
The High Court decision
At trial, the High Court agreed with the Bank that no Quincecare obligation had arisen.
While HHJ Russen QC said he felt “acute sympathy“for Mrs. Philipp, he concluded that”it would not be fair, just or reasonable to impose liability on the Bank“for fraud.3 The judge concluded that the Quincecare obligation was limited to situations where the instructions were given by a client’s agent (and not directly by the client). In his view, extending the requirement to direct customer instructions would be onerous and impractical, and could undermine a bank’s primary obligation to promptly execute instructions.
The decision of the Court of Appeal
The Court of Appeal reversed the High Court’s decision. She found that Quincecare’s duty of care was not limited to instructions given by a client’s agent. Instead, the key question is whether “the circumstances are such that the bank wonders whether the execution of the order would result in misappropriation of the client’s funds“.4 The Court of Appeal concluded that it is “at least possible in principle that a relevant duty of care may arise in the event that a customer asks his bank to make a payment while that customer is the victim of APP fraud“.5
In coming to this conclusion, the Court of Appeal made several important observations:
- Quince duty versus principal duty. The Court of Appeal emphasized that a bank’s obligation to carry out a customer’s instructions is not absolute. The primary obligation to carry out the instructions remains “in tension with” the bank’s duty of care when carrying out these instructions.6
- No new duty of care. The Court of Appeal emphasized that its decision did not constitute the creation of a new obligation or the extension of an existing obligation, but rather the application of the principles established in relation to the Quincecare obligation.7 These principles did not exclude an obligation where the payment was directly authorized by the customer rather than by his agent.
- Heavy and unworkable? The Court of Appeal held that the trial court decision should not have ruled on the question of whether the recognition of an obligation in this case would be onerous and impracticable. These were factual matters to be judged. The Court of Appeals nevertheless noted that there was ample evidence to support the argument that the policies and procedures necessary to protect against APP fraud would not have been onerous or impractical under the banking practices in March 2018 (when the fraud occurred). This included evidence from the Consumers’ Association (which intervened in the appeal) and banking advice from the British Standards Institution (“BSI“).
Despite the Court’s finding that the Quincecare obligation can apply in principle to APP fraud situations, the Court did not determine whether the obligation arose (or was breached) in this case. particular. This required a full review of the facts at trial.
The Court of Appeal’s decision opens the door to a bank’s liability for customers who are victims of APP fraud. However, the decision makes clear that the existence of a duty and the standard of care to be imposed will depend on the circumstances of each individual case.
Since 2018, a lot has changed in the policies and procedures banks use to minimize APP fraud. This has been driven by the changing regulatory landscape, placing banks at the forefront of the fight against financial crime and money laundering, as well as the development of guidance from industry bodies and associations of consumers.8 In many cases, existing bank policies and procedures may accommodate any Quincecare obligations arising from situations similar to those of Philip. Still, the decision is important because it raises the possibility that banks could be directly liable to customers for shortcomings in their policies and procedures. Philip provides further impetus to ensure robust procedures are in place, and the final outcome of this trial case will be eagerly awaited by financial institutions and consumer groups.
Isabella Conceicao Silva (White & Case, Trainee Solicitor, London) contributed to the development of this publication.
1  EWCA Civil 318.
2  4 All ER 343s.
3 Philipp v Barclays Bank  EWHC 10 (Comm), [183-184].
4 Philip, [28-30].
5 Philip, .
6 Philip, .
7 Philip, .
8 See, for example, the Contingent Reimbursement Model Code for Authorized Push Payment Scams, launched by UK Finance in 2019.