In Philipp v Barclays Bank UK PLC, the Court of Appeal held that the Quincecare duty may apply to direct customer instructions (not just those through an agent), such that banks may be liable for failing to protect against 'authorised push payment' fraud.1
The Quincecare duty
The Quincecare duty of care arises from the decision in Barclays Bank plc v Quincecare Limited.2 It provides that a bank must not execute its customer's instructions if there are reasonable grounds for believing that they are an attempt to misappropriate the customer's funds.
In March 2018, Mrs Philipp was the victim of authorised push payment ("APP") fraud. APP fraud occurs where fraudsters deceive a customer into authorising a payment from the customer's account to one controlled by the fraudster. Here, Mr and Mrs Philipp were tricked by a fraudster, pretending to be a FCA employee, who convinced the couple that funds belonging to them needed to be transferred in order to protect them from a suspected fraud. Following a transfer of money from her husband's bank account into her own account (held with Barclays Bank (the "Bank")), Mrs Philipp subsequently instructed the Bank to transfer £700,000 to various international bank accounts.
Following the discovery that they had fallen victim to a fraud, Mrs Philipp brought a claim against the Bank, alleging that the Bank had not complied with its Quincecare duty of care as it had failed to implement policies and procedures for the purpose of detecting and preventing the APP fraud.
The Bank applied to strike out the claim on the grounds that no Quincecare duty arose. It argued that the duty was limited to cases of attempted misappropriation authorised by an agent of the customer, whereas the present case concerned payments directly authorised by the customer.
The High Court's Decision
At first instance, the High Court agreed with the Bank that no Quincecare duty arose.
While HHJ Russen QC said he felt "acute sympathy" for Mrs Philipp, he concluded that "it would not be fair, just or reasonable to impose liability on the part of the Bank" for the fraud.3 The Judge found that the Quincecare duty was limited to situations where instructions were given by a customer's agent (and not the customer directly). In his view, extending the duty to direct customer instructions would be onerous and unworkable, and could undermine a bank's primary duty to execute instructions promptly.
The Court of Appeal's Decision
The Court of Appeal reversed the High Court's decision. It held that the Quincecare duty of care was not limited only to instructions given by a customer's agent. Instead, the key question is whether "the circumstances are such that the bank is on inquiry that executing the order would result in the customer's funds being misappropriated".4 The Court of Appeal concluded that it is "at least possible in principle that a relevant duty of care could arise in the case of a customer instructing their bank to make a payment when that customer is the victim of APP fraud".5
In reaching this conclusion, the Court of Appeal made several important observations:
- Quincecare duty vs primary duty. The Court of Appeal emphasised that a bank's duty to execute a customer's instructions is not absolute. The primary duty to execute instructions remains "in tension with" the bank's duty of care when carrying out those instructions.6
- No novel duty of care. The Court of Appeal emphasised that its decision did not amount to the creation of a novel duty or the extension of an existing duty, but rather the application of the established principles in relation to the Quincecare duty.7 Those principles did not exclude a duty where the payment was directly authorised by the customer rather than their agent.
- Onerous and unworkable? The Court of Appeal held that the first instance decision should not have made findings about whether recognising a duty in this case would be onerous and unworkable. These were factual matters for trial. The Court of Appeal nonetheless noted that there was ample evidence for the argument that the policies and procedures needed to protect against APP fraud would not have been onerous or unworkable under banking practices in March 2018 (when the fraud occurred). This included evidence from the Consumers' Association (which intervened in the appeal) and banking industry guidance from the British Standards Institution ("BSI").
Despite the Court's conclusion that the Quincecare duty may apply in principle to APP fraud situations, the Court did not determine the question of whether the duty arose (or was breached) in this particular case. This required a full examination of the facts at trial.
The Court of Appeal's decision opens the door for a bank to be held liable to customers who fall victim to APP fraud. However, the decision is clear that whether a duty arises, and what standard of care should be imposed, will depend on the circumstances of each individual case.
Since 2018, much has changed in the policies and procedures that banks use to minimise APP fraud. This has been driven by the evolving regulatory landscape, placing banks at the forefront of the fight against financial crime and money laundering, along with developing guidance from industry bodies and consumer associations.8 In many cases, it may be that banks' existing policies and procedures will discharge any Quincecare duty arising in situations akin to those in Philipp. Nonetheless, the decision is significant because it raises the prospect that banks may be liable directly to customers for shortcomings in their policies and procedures. Philipp provides additional impetus to ensure robust procedures are in place, and the ultimate outcome of this case at trial will be awaited with interest by financial institutions and consumer groups alike.
Isabella Conceicao Silva (White & Case, Trainee Solicitor, London) contributed to the development of this publication.
1  EWCA Civ 318.
2  4 All ER 343.
3 Philipp v Barclays Bank  EWHC 10 (Comm), [183-184].
4 Philipp, [28-30].
5 Philipp, .
6 Philipp, .
7 Philipp, .
8 See, for example, the Contingent Reimbursement Model Code for Authorised Push Payment Scams, launched by UK Finance in 2019.
This publication is provided for your convenience and does not constitute legal advice. This publication is protected by copyright.
© 2022 White & Case LLP