UK High Court demarcates a bank’s duty of care when executing an authorised payment instructions

On 18 January 2021, HH Judge Russen QC, sitting as a Judge of the High Court in the UK delivered an important decision in Fiona Lorraine Philipp vs Barclays Bank UK plc which put under spotlight the common law Quincecare duty, which duty was established in 1992 (following the case Barclays Bank plc vs Quincecare Ltd 4 All ER 363). The judge held that the scope of such a duty does not extend to authorised push payments, thereby underscoring the threat of financial loss for individuals who end up targets of authorised push payments (“APP”) fraud and send money to malicious payees. In a nutshell, the circa 30-year-old judgement had recognised that the relationship between a bank and its customer is also a principal-agent relationship and consequently, the credit institution owed fiduciary duties to its customer. Hence, from this agency relationship stems an implied term in a bank’s terms and conditions with its customers, that the institution was bound to observe reasonable skill and care when executing its customer’s instructions.

While expressing sympathy for the claimants the Judge asserted that it would not be fair, just or reasonable to impose liability on the Bank in respect of the APP fraud because it would be complicit to an “unprincipled and impermissible extension of the Quincecare duty”.

Back in March 2018, Mrs. Philipp (the “Claimant”) ended up losing almost a quarter of a million pounds after falling victim of APP fraudsters operating a scam. She made two international payments from her accounts held with Barclays Bank (the “Bank”) to the fraudster’s accounts in the UAE, who tricked her by impersonating officials from the Financial Conduct Authority and the National Crime Agency.

The fraud extended to inducing Dr Philipp (the claimant’s husband) to make the transfer of that larger sum to his wife from his account with Tilney. By way of background, the UK Payment Services Regulator in 2016 had outlined the main elements of an APP fraud, which generally refers to genuinely authorised payments between a bank and its customers but received by third-party fraudsters, typically using the Faster Payment Scheme, CHAPS or “On-Us payments” (where the payer and the payee have the same payment service provider).

“2.2 Push payments are payments where a customer instructs their bank to transfer money from their account to someone else’s account [which] can either be authorised or unauthorised. An authorised payment is one where the customer has given their consent for the payment to be made – and this can include situations where the customer has been tricked into giving that consent. An unauthorised payment is one made without the customer’s consent – for example, a payment made due to bank error or one made using a stolen payment card.”

Mrs Philipp sought action against the Bank for damages suffered in consequence of these two payments claiming that the Bank did not exercise the duty of care to safeguard her from the financial loss and did not question further, delay or stop this payment. On the other hand, the Bank rebutted her claim that such duty is not established by law and clashes with the Bank’s other obligation to effect its customer’s instruction. In fact, reference is made to Paget’s Law of Banking (15th ed):

“When executing the customer’s instruction to make a funds transfer the bank acts as its customer’s agent. Acting as agent the bank owes the customer a duty to observe reasonable care and skill in and about executing the customer’s orders. The duty arises both at common law and under statute.”

The Bank further pleaded, by outlining the scope of its obligations, that it had a duty i) to act in line to his customer’s mandate, and to execute reasonable care and skill in executing her instructions; and ii) to execute an instruction unless an ordinary prudent banker would have had reasonable grounds for believing that the transactions were an attempt to misappropriate the customer’s funds (i.e. [Quincecare Duty]).
The Judge stated that the Quincecare duty can be summed up in the following statement by Judge Steyn J back in the 1992 case:

“To hold that a bank is only liable when it has displayed a lack of probity would be much too restrictive an approach. On the other hand, to impose liability whenever speculation might suggest dishonesty would impose wholly impractical standards on bankers. In my judgment the sensible compromise, which strikes a fair balance between competing considerations, is simply to say that a banker must refrain from executing an order if and for so long as the banker is “put on inquiry” in the sense that he has reasonable grounds (although not necessarily proof) for believing that the order is an attempt to misappropriate funds of the company […] And the external standard of the likely perception of the ordinary prudent banker is the governing one.”

Reference was also made to other judgements, namely Singularis Holdings Ltd (in liq) v Daiwa Capital Markets Europe Ltd [2019] UKSC 50; [2019] 3 WLR 997 wherein Lady Hale stated that:

” […] there would be liability if the bank executed the order knowing it to be dishonestly given, or shut its eyes to the obvious fact of the dishonesty, or acted recklessly in failing to make such inquiries as an honest and reasonable man would make; and the bank should refrain from executing an order if and for so long as it was put on inquiry by having reasonable grounds for believing that the order was an attempt to misappropriate funds.”

Moreover, Judge Russen gave another dimension to the Quincecare duty by referring to May LJ’s statement in Lipkin Gorman v Karpnale Ltd case, which said that “having in mind the vast numbers of cheques which are presented for payment every day in this country […] it is, in my opinion, only when the circumstances are such that any reasonable cashier would hesitate to authorise payment without inquiry, that a cheque should not be paid immediately on presentation and such inquiry made.”

Judge Russen HC in the present judgement highlighted that the authorities show that the Quincecare duty has morphed into an integral part of a credit institution’s obligation to act on its customer’s instructions. However, it is clear from the above extract that a bank is not to be held responsible where the uncertainty about a client’s instruction’s legitimacy is “merely speculative” – thereby rendering the Bank’s primary obligation to treat its customer’s mandate at face value. Another proposition which emanated was that “a bank is not required to act as an amateur detective”.

The Court held that it was convinced that the Quincecare duty should only be narrowed to cases where suspicion which has been raised, or had to objectively been raised, that is one of attempted misappropriation of the customer’s funds by an agent of the customer. The Court asserted that “it is a duty of care framed by concepts of knowledge (actual or constructive) rather than further negligence in failing to follow the rules of some code. If a bank is to be held to the standards of something equivalent to a code for intervention – for present purposes, in the case of suspected APP fraud – then it needs to know its terms. There was no such code in March 2018 and the observation of May LJ in Lipkin Gorman is a clear indication that judges in later cases should not proceed as if a set of detailed rules had been laid down.”

Categorically, Judge Russen stated that “it would plainly be commercially unrealistic to expect bank staff to ask such questions whenever any payment instruction is authorised by the customer attending the bank in person, regardless of the sum involved.” The rationale behind this argument is that a bank cannot be expected to carry out such urgent detective work or treated as a guardian to customer’s commercial wisdom in giving payment instructions. Lastly, the Court also outlined that the limits of the scope of the Quincecare duty are sufficiently evident to showcase that the duty does not support a legal obligation on part of the credit institution to have had in place any policies and procedures to prevent APP fraud.

This judgement is not only important for banks to be aware of their obligations at law but also for individuals effecting payments and giving out payment instructions. As is clearly evident from news portals, fraud is on the rise and therefore everyone should exercise caution when effecting payment. When receiving payment details online, through portals or emails, it would be worthwhile double checking the facts, confirming details by means of calls, or obtaining further evidence from third parties that the details are genuine and the payment is required. Lastly, as soon as one is made aware of any instance of fraud, one should instantly liaise with the bank to ask whether the payment can be stopped or reversed.

First published in The Malta Independent.