In its recent judgment in RBS v JP SPC 4 & another  UKPC 18 the Privy Council has provided an important insight into the scope of the Quincecare duty and the extent to which banks can be held liable for fraudulent activities perpetrated using their customers’ accounts.
We recently commented on the Court of Appeal’s ruling in Philipp v Barclays  EWCA Civ 318, which found that banks could owe a duty to non-corporate customers not to process their instructions where they may be the victims of payment fraud.
However, in RBS v JP SPC, the Privy Council has outlined an important limitation to the duties owed by banks, finding in this case that the bank did not owe a duty of care in the tort of negligence to a non-customer known to be the beneficial owner of monies held in the account of the bank’s customer and who had allegedly been defrauded by that customer.
JP SPC 4 is a fund that established an investment scheme involving the provision of loans, which were managed by the bank’s customer, a company based in the Isle of Man. The fund alleges its funds were fraudulently paid out of the loan manager’s accounts, rather than being used for the purpose of the investment scheme. The fund cited several factors, including that the bank had re-named its customer’s accounts as “client accounts” and had designated those accounts as high-risk, as evidence that the bank was on notice of the alleged fraud and owed the fund a duty not to execute its customer’s instructions.
The Privy Council rejected the argument that the Quincecare duty could apply beyond a bank’s customers to third parties with whom it has no contractual relationship. It is also rejected other arguments including that there should be any incremental development to the duties owed by a bank beyond the current scope of Quincecare. In this regard, it stated that in circumstances where a bank has not assumed any responsibilities or provided any services to a third party, it would not be just or reasonable to impose a duty in respect of that third party and the development of authorities in this manner would represent an “unacceptable burden on banks going outside their contractual relationship with their customers”
This is another important decision in this area and should offer some comfort to financial institutions, limiting the extent to which they can be held liable to non-customers who are victims of frauds perpetrated by customers. Nevertheless, as payment fraud becomes more prevalent and complex, it will be interesting to see whether there will be further development of the duties owed in these scenarios.
There is nothing in principle or in the cases to support the idea that the tortious duty of care owed by a bank to its customer to exercise reasonable care and skill…can be extended across to a third party with whom the bank has no contractual relationship even if the bank knew or ought to have known that the third party was the beneficial owner of the moneys in the customer’s account.