News

     

Paul Brehony examines the landmark UKSC judgment in Philipp v Barclays Bank UK PLC in Compliance Monitor

By Paul Brehony

Partner Paul Brehony examines the recent landmark UK Supreme Court judgment in Philipp v Barclays Bank UK PLC, putting the wider Quincecare duty back under lock and key.

Paul’s article was published in Compliance Monitor, 31 August 2023, and can be found here

In the aftermath of the Court of Appeal’s decision in Philipp v Barclays last year, we published an article in this very title captioned “Quincecare unchained?”.  In a much-awaited appeal, the Supreme Court has unanimously re-applied the manacles to the duty.

The Quincecare duty first came to light in the Barclays v Quincecare judgment in 1988 (although not reported until later) and sets out circumstances in which a bank may be liable to its customer for allowing payments to be made where the payment instructions are given fraudulently. In such circumstances, the customer’s bank may be liable where it is ‘on inquiry’ (i.e., a reasonable banker would have grounds to believe) that the payment may be fraudulent without first taking steps to satisfy itself that the proposed payment is legitimate. Importantly, the Quincecare duty had only ever been applied in circumstances focussing on principles of agency where the bad actor was the individual actually giving the payment instruction (e.g., a company employee or director diverting corporate funds to his own personal account).

This was all changed by the Court of Appeal decision in Philipp v Barclays in March 2022, which adopted an expansive view of wording in the 1988 judgment to determine that the duty could, in principle, apply to frauds perpetrated by a third party. In this instance, Mrs Philipp and her husband fell victim to an elaborate APP fraud (the generic term to describe frauds where the victim is induced to make voluntarily a payment to the fraudsters bank account – a classic case would be where a fraudster infiltrates the victim’s email system to provide false account details for payment of an otherwise legitimate invoice). For further insight into the Court of Appeal’s reasons for adopting a broad view see our analysis last year: https://www.compliancemonitor.com/uk-regulation/financial-crime/fraud/quincecare-unchained-a-wider-duty-for-banks–1.htm

Ultimately, however, the Supreme Court took a very different view. Lord Leggatt gave the leading judgment (with which the rest of the Court agreed) and described the Court of Appeal’s decision as “inconsistent with first principles of banking law”. His Lordship went on to conclude that the reasoning underlying the “Quincecare” duty is “flawed at each stage”, but that the leading cases on that duty could be explained on an alternative basis, one which focused on principles of agency.

The history of the case 

The case concerned whether a bank owed a duty to its customer to refrain from executing an authorised payment instruction, when the bank had reasonable grounds for believing that the instruction had been induced by fraud. Mrs Philipp had been the victim of “authorised push payment” (or “APP”) fraud, by which she was persuaded to transfer substantial sums from her account at Barclays to the UAE. She alleged that there were numerous “red flags” (for example, as to the size and destination of the payments) which Barclays ought to have appreciated and warned her about, and ultimately refused to execute the instructions.

In summarily dismissing Mrs Philipp’s claim at first instance, the first instance Judge agreed with the prevailing orthodoxy and held that the Quincecare duty was restricted to circumstances in which an agent of a company authorised a payment deliberately to perpetrate a fraud. Accordingly, the duty could not apply to protect individuals and did not extend to circumstances such as authorised push payment frauds where the fraudster was a third party rather than the individual authorising payment. In those circumstances, the bank’s duty to act upon its customers’ instructions took precedence.

The Court of Appeal held that such a wider duty extending to frauds by third parties on individuals could in theory exist existed as a matter of principle – or was de minimus a triable issue, relying on the reasoning in the cases on the “Quincecare” duty.

In the Supreme Court, Mrs Philipp (supported by the Consumers’ Association who intervened) sought to justify that conclusion on a number of bases, including that APP fraud was a significant new problem, to which the common law needed to respond.

The ultimate outcome

The Supreme Court has emphatically rejected that approach. It agreed with Barclays that such matters were ones of social policy best dealt with by legislature, which was already active in this heavily regulated area.

The UKSC went on to conclude that the duty was unsupportable as a matter of principle. The “Quincecare” duty cases could only be explained on the basis that the bank did not, in fact, have a properly authorised payment instruction. That reasoning did not apply in a case like Mrs Philipp’s, as she had unquestionably authorised the payments in question.  It concluded that the Court of Appeal’s interpretation of the duty was in essence at odds with the central tenet of the bank and customer relationship, namely that a banker’s primary duty was to exercise the mandate in accordance with customer’s instructions. Notably, the UKSC has allowed Mrs Philipp’s claim to proceed in one respect: her claim that her bank owed her a duty to act more promptly in trying to recover the sums lost requires a full investigation and so must be determined at trial.

Where are we now?

The UKSC judgment concludes a recent line of cases which have suggested a widening of the Quincecare duty and, while entirely sound in its reasoning, reduces the avenues through which victims of fraud might recover their losses. Our contacts in the third-party funding world (who perhaps have enough on their plate currently given the recent PACCAR decision) have, unsurprisingly, universally reported a sudden drop-off in Quincecare grounded enquiries.

Now, perhaps, the biggest gap for victims of fraud is that claims against a fraudster’s bank (generally the receiving bank) remain difficult under English law, notwithstanding the measures in place requiring banks to apply rigorous diligence to their customers and to monitor for potentially fraudulent activity from CDD, source of funds, AML checks and fraud detection systems. Nevertheless, there remain a number of claims proceeding through the courts which seek to push the boundaries of when victims may be able to recover sums from the fraudster’s bank, although the recent decision in Technimont -v- Natwest has ruled out any potential clawback claims under the doctrine of unjust enrichment.

Partly in acknowledgment of the Supreme Court’s delegation of responsibility to legislators rather than the banks, the UK Government has – during the lifetime of Mrs Philipp’s claim – responded to some extent to the growing problem of APP fraud. The Financial Services and Markets Act 2023, which received Royal Assent on 29 June 2023, does provide for a mandatory reimbursement scheme to be applied in some circumstances “where the payment order is executed subsequent to fraud or dishonesty“. The scheme provides (subject to adjustment through a dispute resolution process) for a 50-50 allocation of losses between the sending and receiving providers. Presently, however, qualifying cases are limited to payments executed over the Faster Payments Scheme and victims who can benefit are confined to consumers, charities and “micro-enterprises”, thus afford larger corporations little protection and also do not bite against transactions with an international element.

For those entities, there remains some considerable frustration that, while banks (both paying and receiving) are required to have extensive KYC and real-time fraud monitoring systems in place, those systems do not necessarily prevent payments from being made even when an alert has been triggered, and, where the systems fail to meet intended standards, there is limited or no recourse for victims.

The UKSC decision in Philipp has, however, left open the possibility for claims where a bank receives reliable information which is unknown to the customer, that the customer’s payment instruction has been procured by fraud, but nevertheless executes that instruction without first alerting the customer and checking it still wishes to proceed. However, the UKSC also made clear that such an obligation would not have been triggered in Philipp as all of the circumstances that Mrs Philipp alleged should have put the Bank on notice of a potential fraud were matters already known to Mrs Philipp herself (such as the size of the payments, the fact that the payments were to be made to the UAE and that Mrs Philipp had no prior relationship with the receiving companies). Such an implied obligation could potentially apply, however, where a bank’s fraud monitoring systems are triggered, without the customer being on notice of the alert or the circumstances giving rise to it. Of course, this is a limited avenue, but one that is likely to be explored by future victims of APP fraud.

As noted above, Mrs Philipp’s legal journey is not quite over as one aspect of her case did survive the UKSC’s ruling. In addition to her claim that the Bank breached its duties to her by making the payments in the first place, Mrs Philipp also alleged that the Bank failed to act sufficiently promptly to recover her lost funds once it had become aware of the fraud. The UKSC agreed that this was, indeed, arguable, and should be determined at trial. It remains to be seen if this line of fact sensitive argument will bear fruit – albeit not quinces, although it should be remembered that the duty in its pre-Philipp form is still actionable.

As a final observation, it will seem curious to many observers that the UK banking and financial services sectors are required to have very sophisticated fraud monitoring, AML and KYC tools in place but, where they fail to operate as they should and customers are defrauded, those customers will still find it very difficult to claim. Ironically, in that situation, it would seem possible that a claim in negligence might subsist against a bank whose fraud monitoring systems fails to operate as they should and, had they done so, the bank would have been under an obligation to check with its customer. A Quincecare jam perhaps?

Latest news

All news