In Philipp v Barclays Bank UK plc [2021] EWHC 10 (Comm), the High Court struck out a claim from a victim of authorised push payment (“APP”) fraud against the bank for breach of its Quincecare duty of care in failing to stop her from transferring substantial sums from her account to a fraudster. The court found that this would be an “unprincipled and impermissible” extension of the Quincecare duty.

The claimant was the victim of “financially devastating” fraud. Mrs Philipp and her husband lost a very significant part of their personal savings when they were targeted by APP fraud in March 2018. APP fraud occurs where the customer is deceived into transferring money from their own bank account to someone else’s account, and has “authorised” the fraud by consenting to the payment (even where tricked into giving this consent). Mrs Philipp was deceived into making two international payments of £700,000 from her account, believing that she was transferring the money to assist in an investigation by the FCA and the NCA. She brought a claim against the bank seeking to hold them accountable for the losses she suffered. The bank applied for the claim to be struck out, on the basis that there was no real prospect of success of the claim at trial.

Her claim attempted to extend the scope of the Quincecare duty of care. Under Barclays Bank plc v Quincecare Ltd,[1] a bank must refrain from executing a payment order if there are reasonable grounds for believing that the order is an attempt to misappropriate the customer’s funds. Steyn J acknowledged in Quincecare that this duty is subordinate to the bank’s primary duty, to act on valid instructions from the customer.

The claimant argued that this duty required the bank to protect her from the consequences of the payments. She claimed that as part of its Quincecare duty, the bank was required to have particular anti-APP fraud policies and procedures in place, which would have stopped her from making the payments. The claimant relied on a number of publications from organisations like the Payment Systems Regulator (the “PSR”) to argue that APP fraud was such a widespread problem by 2018 that the bank should have exercised greater caution in relation to the payments. However, HHJ Russen QC pointed out that the PSR, in its various publications, appeared to be proceeding on the basis that the duties owed by the bank at common law did not provide adequate protection to victims of APP fraud.

The bank argued that this extension of the Quincecare duty would conflict with the established duty of the bank to comply with the customer’s instructions, and that it should not be made the “insurer of last resort” for fraud perpetrated against its customers. It pointed out that the Quincecare duty had only previously been applied where there were doubts over the motives of a signatory acting on behalf of a corporate customer, so that the instruction itself was fraudulent. In this case, the payments were properly and lawfully authorised by the customer.

The court struck out the claim and declined to extend the scope of the Quincecare duty of care. HHJ Russen QC gave two reasons for his decision:

• The proposed extension sought to elevate the Quincecare duty, which is ancillary to the bank’s primary duty to act on the customer’s instruction as to how the money in their account should be spent, to a point where too much doubt would be cast over the effectiveness of those instructions.
• There is no clear framework of rules by reference to which the extended duty of care might sensibly operate. Any extension of the duty, as advocated by the claimant, would have to be based on an industry-recognised set of rules.

He concluded that the existence of a duty to ‘second guess’ a customer’s instructions “would involve the triumph of unduly onerous and commercially unrealistic policing obligations over the bank's basic obligation to act upon its customer's instructions”. As a result, the Quincecare duty remains confined to cases where the suspicion that has been raised (or objectively ought to have been raised) is of attempted misappropriation of the customer’s funds by an agent of the customer.

This judgment brings welcome clarity for banks, offering reassurance that they “cannot be expected to carry out urgent detective work, or treated as a gatekeeper or guardian in relation to the commercial wisdom of the customer's decision”.

Since the events of this case, the banking industry has created a mechanism to compensate victims of APP fraud. HHJ Russen QC points out in his judgment that a voluntary system to reimburse victims of APP fraud, the Contingent Reimbursement Model Code, was introduced in May 2019. However, it would have been of little assistance to Mrs Philipp in her case – its protection does not extend to international payments.

According to the judgment, Mrs Philipp intends to appeal the decision. Watch this space for further updates on the scope of the Quincecare duty of care and APP fraud.

Rose Lynch, Associate in London

If you would like to discuss this case further or have any questions, please get in touch with our Banking Litigation team.

You can read more about our practice at Linklaters.com. The views and opinions expressed here are the personal opinions of the author and do not necessarily represent the views and opinions of Linklaters.

[1] [1992] 4 All ER 363.