The Supreme Court refuses to extend Quincecare duty of care in APP fraud case

The Supreme Court has handed down its judgment in Philipp v Barclays Bank UK plc [2023] UKSC 25, an important case in relation to the ongoing fight against authorised push payment fraud. This decision brings welcome clarity for banks and other financial institutions, including payment services providers. Firms will nevertheless need to comply with relevant statutory and regulatory obligations.



It has been over three decades since the High Court’s decision in Barclays Bank plc v Quincecare Ltd [1992] 4 All ER 363, a prominent authority in a line of English case-law, which established that a bank should not execute a payment instruction from a customer’s agent where it reasonably believes that the instruction is an attempt to misappropriate the customer’s funds.

There has only been limited judicial guidance on the scope of the duty since then. It was not until 2019 that the first successful claim for breach of the Quincecare duty was upheld by the Supreme Court, in Singularis Holdings Ltd (In Liquidation) v Daiwa Capital Markets Europe Ltd. 1

The Supreme Court’s decision in Philipp fundamentally concerned the nature and scope of this duty; in particular its underlying rationale and whether it could apply in a case where the instruction comes from the customer itself.

Facts and procedural history

As summarised in our post on the first instance decision, Mrs Philipp and her husband were victims of authorised push payment fraud (where the customer is deceived into transferring money from their own bank account to someone else’s account, and has “authorised” the fraud by consenting to the payment). They were deceived into instructing Barclays Bank to transfer £700,000 in two payments from Mrs Philipp's current account with the Bank to bank accounts in the United Arab Emirates. The instructions were carried out and the money was lost.

Mrs Philipp claimed that as part of its Quincecare duty the Bank was responsible for the loss and contended that the Bank owed her a duty under its contract with her or at common law not to carry out her payment instructions if - as was alleged - the bank had reasonable grounds for believing that she was being defrauded.

The High Court granted summary judgment to the Bank and found there was no potential breach of the Quincecare duty as it was not prepared to extend it to a situation where the instruction came from the customer. This decision was overturned by the Court of Appeal which accepted that, in principle, the duty could apply to such a situation.


On appeal, the Supreme Court unanimously reversed that conclusion of the Court of Appeal.

In its judgment it conducted a thorough survey of the nature of a bank’s ordinary (i.e. absent some unusual, express, agreement to the contrary) obligations to execute a customer’s payment instructions. It pointed out that where a valid instruction is given this obligation is strict. It is not concerned with the customer’s motivations. And it is subject only to very limited exceptions (the main one being that it cannot be required to act unlawfully).

In that context, any requirement to exercise reasonable skill and care in doing so was only relevant insofar as the situation is one where there is latitude for the bank with respect to how that instruction was carried out.

The Supreme Court pointed out that the reasoning in Quincecare had mistakenly seen a tension between the above position and a wider duty of care. This had led it to deploy an impermissibly wide policy-based reasoning to develop the latter. Instead, the Court said that the key question was one of authority i.e. if a bank executes an unauthorised payment instruction then it is in breach of its mandate.

So, where an agent is held out to the bank as being able to give payment instructions, but was acting fraudulently, although that agent will lack actual authority, the bank might be able to rely on apparent authority to say the payment is authorised - but that would be subject to the question of notice (i.e. did it have reasonable grounds for believing that the instruction given by the agent is an attempt to defraud the customer?).

It also, therefore, followed that the "Quincecare duty" had no application to a situation (such as in the present case) where (on the facts) the customer itself had given a clear and unequivocal instruction - no question of authority arises, and the Court of Appeal’s decision could not be followed.

In its reasoning the Supreme Court explicitly regarded the problem of APP fraud as one which is properly left to regulatory/statutory intervention, rather than the general law, and in this regard, surveyed the current progress of such intervention in the United Kingdom.

Finally, despite the above conclusion, this decision is not the end of the road for this case because the Supreme Court allowed Mrs Philipp to bring an alternative claim that the bank was in breach of duty in not acting promptly to try to recall the payments made to the UAE after being notified of the fraud. Banks should keep an eye on how this develops.

1 [2019] UKSC 50. 
What does this decision mean for banks and other payments firms?

The Supreme Court’s decision should provide welcome clarity for banks and other firms in relation to the circumstances to which the “Quincecare duty” is limited, its true nature, and its relationship with payment obligations of banks and other payments firms.

However, whilst the Court refused to extend the common law to deal with the mischief of APP fraud, firms will, of course, need to carefully consider and comply with their relevant statutory and regulatory obligations in that respect. One of which being the FCA Consumer Duty.

How does this line up with banks' Consumer Duty obligations?

As UK banks and payments firms will be well aware, the FCA's Consumer Duty rules come into force at the end of this month. One of the core rules that forms part of the Consumer Duty is the cross-cutting rule that 'a firm must avoid causing foreseeable harm to retail customers'. At first glance there appears to be a tension reached between the conclusions reached in Philipp and this requirement.

The FCA's finalised guidance (FG 22/5) on the cross-cutting rule explains that 'consumers becoming victims to scams relating to their financial products for example, due to a firm’s inadequate systems to detect/prevent scams or inadequate processes to design, test, tailor and monitor the effectiveness of scam warning messages presented to customers' is an example of foreseeable harm. Thus, in an APP context there is an expectation that banks warn customers about the threat of APP scams in a clear and effective manner.

However, the finalised guidance also makes it clear that neither the cross-cutting rule nor the Consumer Duty overall requires a firm to 'prevent an insistent customer from making decisions or acting in a way that the firm considers to be against their interests. Even where firms act reasonably to meet the Duty, consumers may sometimes make poor decisions. Firms should aim to help customers understand the consequences of their decisions but, if a customer insists on a course of action that the firm regards as harmful, they are not obliged to prevent it.'

In summary, the current position is that where a firm expects that a customer is the victim of APP fraud the firm should raises its concerns with the customer. However, there is no obligation to prevent the customer from making a payment.

For further Consumer Duty resources please see our Consumer Duty webpage.

Stephen Lacey (Counsel), Sara Cody (Counsel), Michael Munk (Managing Associate), Olivia Murphy (Managing Associate)