During the pandemic, the world has embraced technological change, and incidents of vishing, smishing and phishing have soared. UK Finance described the increase in fraud as a threat to national security, after it was revealed that £754m was stolen from bank customers during the first half of 2021.

Kate-Gee

Kate Gee

Paul-Brehony

Paul Brehony

Fraudsters are no longer sending obviously rogue emails claiming to need money in exchange for some dubious get-rich-quick scheme in a far-flung country; those were by comparison very easy to spot. Fraudsters have become more inventive, more convincing and more persistent, often conducting elaborate (and plausible) backstories to give credence to their statements and contacting victims via different media.

Simon Fawell

Simon Fawell

Banks are under growing pressure to identify possible frauds and do more to protect customers. The recent Court of Appeal decision in Fiona Lorraine Philipp v Barclays [2021] EWHC 10 (Comm) concerning the scope of the Quincecare duty potentially widens the circumstances in which banks will have to take steps to protect customers where fraud is suspected.

Quincecare recap

The Quincecare duty is not new – it originated in Barclays Bank plc v Quincecare Ltd [1992] 4 All ER 363 over 30 years ago. It set the foundation for a bank’s obligation to protect its customers from fraud but was thought to be restricted to very specific cases in which the payment instruction itself was fraudulent.

Lord Steyn’s ruling found that bank-customer relationships included ‘an implied term […] that the bank would observe reasonable skill and care’ when carrying out the instructions of a customer. Banks would be in breach of that duty if they executed payment instructions when they were ‘on inquiry’, (that is, a reasonable banker would have grounds to believe) that the instruction may be fraudulent unless they took sufficient further steps to satisfy themselves that the proposed payment was legitimate. Where a bank was (or ought to have been, judged on the standard of a reasonable banker) ‘on inquiry’ yet made payment anyway, it would be liable to the customer for the value of the fraudulent payment.

In Philipp v Barclays, Dr and Mrs Philipp were deceived into transferring over £700,000 to a fraudster’s foreign account. Mrs Philipp properly authorised the instruction to the bank. She subsequently asked Barclays to recover the lost money and, shortly after, issued proceedings against the bank. Mrs Philipp argued that Barclays had breached its duty of care to her as it should have more thoroughly questioned her actions and blocked her account.

In summarily dismissing Mrs Philipp’s claim at first instance, the judge held that the Quincecare duty was restricted to circumstances in which an agent of a company authorised a payment in order to perpetrate a fraud. Accordingly, the duty could not apply to protect individuals and did not extend to circumstances such as authorised push payment (APP) frauds where the fraudster was a third party rather than the individual authorising payment. Instead, the bank’s duty to act upon its customers’ instructions took precedence. This has now been overturned.

Court of Appeal in Philipp v Barclays

The court overturned the first instance decision and held that the Quincecare duty does extend to APP fraud, where legitimate payment instructions are given, but the customer has been tricked by a fraudster.  The court ruled that the Quincecare duty may apply to any payment where the bank has reason to suspect the customer may have fallen victim to fraud. The third party or agency requirement identified by the first instance judge was a red herring and merely a peculiarity of the facts of the preceding cases. If the bank was ‘on inquiry’ that a fraud may be taking place, the onus is on the bank to show that it has taken the appropriate steps to discharge that duty before executing the payment instructions in question. Put bluntly, this leaves banks potentially on the hook for a wider range of fraud claims, where the customer has properly authorised the payment, but induced by fraud.

Importantly, the court did not determine whether the Quincecare duty was engaged on the facts or whether Barclays had complied with its Quincecare duties; those were matters for trial.

Given its potentially significant ramifications in the financial services sector, we anticipate that Barclays will appeal the decision to the Supreme Court.  Nevertheless, until any such appeal is brought and determined, the Court of Appeal ruling represents a significant milestone for fraud victims seeking to reclaim money from their banks.

What next?

As the maelstrom of fraud cases shows no sign of slowing, the widened Quincecare duty umbrella may provide fraud claimants some shelter from the storm. Certainly, victims of fraud will be looking at potential claims against their banks as an early port of call.

An expanded Quincecare duty puts banks in an unenviable situation. The tension between (i) preventing fraud and avoiding payouts to customers who fall foul of scams, and (ii) providing an efficient and cost-effective banking service will be difficult to manage.

Banks have been required to bolster their fraud monitoring mechanisms to protect customers and will likely need to do more in the future.

The Court of Appeal ruling in Philipp means that, where potential frauds are flagged and the bank fails to take appropriate prevention measures, it could be on the hook to its customer.

 

Kate Gee is counsel and Paul Brehony and Simon Fawell are partners, at Signature Litigation