Quincecare duties have been a hot topic over the last few years, and there is no sign that development of this area of the law is slowing. The judiciary are still trying to determine where the boundaries lie, in what many think is an all too interventionist legal principle.
Since the establishment of the Quincecare duty in Barclays Bank plc v Quincecare Ltd. it seemed that its scope would keep expanding to include almost all relationships involving banks, especially following Singularis Holdings Ltd (in Official Liquidation) v Daiwa Capital Markets Europe Ltd.
That was at least until the decisions in Stanford International Bank v HSBC Bank plc and then Federal Republic of Nigeria v JP Morgan Chase Bank NA which were the first signs of the judiciary rowing back.
The first instance decision in Philipp v Barclays Bank UK plc seemed to continue this trend, finding that the Quincecare duty did not extend to requiring a bank to refuse to carry out a customer’s instructions where the risks had been raised with the customer and their instructions were valid and not (themselves) given fraudulently.
However, last year the Court of Appeal cast this into doubt. The Court of Appeal reversed the summary judgment entered by the High Court, finding that in theory, the Quincecare duty could apply whenever the bank was put on inquiry (i.e. had reasonable grounds to believe) that a customer’s instruction would have the effect of misappropriating funds as the result of fraud and that the matter should be considered at trial.
Barclays appealed to the Supreme Court, and the matter was heard in February 2023. If the Supreme Court decides to uphold the Court of Appeal decision, the impact on the legal landscape will be significant. Authorised push payment fraud (‘APP fraud’) is one of the most common crimes reported, with hundreds of thousands of cases recorded in 2021 and a total of £583.2m stolen from victims in the UK. In the first half of 2022, £249.1m was lost. The question for the Supreme Court was whether the Quincecare duty should be expanded to circumstances in which the bank has received instructions directly from its individual customer, as opposed to through an agent.
What is the Quincecare duty?
In a relationship between a bank and its customer, the general rule is that the bank will comply with instructions given in accordance with its mandate promptly and effectively. The Quincecare duty is secondary to this duty. It originates from the case of Barclays Bank plc v Quincecare Ltd. The duty requires a bank to refrain from carrying out its customer’s instructions if it has reasonable grounds to believe (or, is ‘put on inquiry’) that the instructions are the result of fraud and would have the effect of misappropriating funds.
Quincecare concerned the misappropriation of funds belonging to Quincecare Limited by its own chairman. Until recently the duty applied to banks who took instructions from directors or agents of companies in relation to company accounts and where the bank was on notice in relation to a potential fraud.
Recent developments
Recently, the landscape has started to change and cases have sought to extend the scope of the duty in Quincecare.
Singularis Holdings Ltd (in Official Liquidation) v Daiwa Capital Markets Europe Ltd [2019]
In this Supreme Court decision, a claim for breach of the Quincecare duty was struck out. The claim was brought by the liquidators of Stanford International Bank, which had been used as a vehicle in a Ponzi scheme. During the operation of the scheme, HSBC had carried out a payment instruction to discharge debts to third parties, and it was alleged that HSBC had done this wrongfully: that it had sufficient notice of the fraud and as a result of the payments Stanford had lost the chance to discharge its debts for less than full value in the process of its liquidation.
The claim was struck out on the basis that Stanford had not suffered a loss: the effect of the payments was to discharge a valid debt, and while the payments had reduced the value of Stanford’s assets, they also reduced the value of their debts by the same amount. There was therefore no loss to Stanford.
In this case, Lord Sales also commented (obiter) that the Quincecare duty should retain a narrow application, in order to avoid interference with ordinary commerce. He emphasised that the purpose of the Quincecare duty was to balance the bank’s duty to carry out its customer’s instructions promptly and effectively, with the need to provide reassurance as to the legitimacy of those instructions.
ROYAL BANK OF SCOTLAND INTERNATIONAL LTD (RESPONDENT) V JP SPC 4 AND ANOTHER (APPELLANTS) [2022]
This is a Privy Council decision with persuasive authority in this jurisdiction. JP SPC 4, a Cayman-based fund, had set up a scheme by which monies were loaned to fund litigation in England & Wales. These loans were made through an Isle of Man company, which held two bank accounts with RBS. Individuals at the Isle of Man company allegedly misappropriated funds in the RBS accounts for their own benefit. The fund claimed that it was the beneficial owner of these funds, and relied on the Quincecare duty to found a claim against the bank.
(Reverse) summary judgment was entered against the fund, and upheld by the Privy Council on the basis that the authorities did not support the extension of the Quincecare duty to beneficial owners of funds held by a bank’s customer. The Quincecare duty arises as a consequence of the bank’s contractual relationship with its customer.
TULIP TRADING LTD V BITCOIN ASSOCIATION FOR BSV [2022]
This decision followed an application challenging the jurisdiction of the English court. In relation to whether there was a serious issue to be tried, Tulip claimed that it owned a substantial amount of bitcoin but (due to a hack of the digital keys) was unable to access or use it. It alleged that the Bitcoin Association owed it fiduciary and/or tortious duties and based its arguments on the Quincecare duty. It sought to draw a parallel between the digital currency networks and financial institutions. The judge disagreed, finding that the starting point for a Quincecare duty was the contractual relationship between bank and customer, in which the bank acts as agent for the customer in carrying out its instructions.
FEDERAL REPUBLIC OF NIGERIA V JP MORGAN CHASE BANK NA [2022]
The history of this is complex and involves long-running disputes and allegations of corruption in relation to an oil production licence. Proceedings were settled in 2006 with resolution agreements obtained in 2011. It provided for Malabu, a subsidiary of Shell plc, to receive payments in return for the surrender of its claims. The amount in question was held by JP Morgan, and paid out on instruction from the former Attorney General of the claimant state to Malabu. On receiving the payment instructions, JP Morgan sought the consent of the (now former) Attorney General that the instructions were legitimate, as well as the Serious Organised Crime Agency. The consents were given.
It transpired that the former Attorney General was a party to the fraud, and the FRN brought proceedings against JP Morgan for breach of its Quincecare duty and gross negligence.
A key issue was that the underlying settlement agreements were not of themselves fraudulent. Further, while there were red flags as to the risk of corruption given the history of the case, the bank’s requisite knowledge in relation to these payments was not made out. Finally, the contract between the bank and the FRN contained a clause excluding liability in tort save in instances of gross negligence. The threshold for gross negligence, which would have here meant that the risk of fraud was “obvious” to the bank, was not met. Notably, the result may have differed if the contract had provided for ordinary negligence.
Background to Philipp
The facts of Philip are as follows. In March 2018 Ms Philipp and her husband were deceived by fraudsters into making a transfer of around £700,000 from Ms Philipp’s Barclays account. Ms Philip believed that she was making the transfer to a secure account at the recommendation of the FCA and National Crime Agency. She was in fact transferring the funds to the account of a fraudster in the United Arab Emirates.
Once the fraud was discovered, it was too late to recover the funds. Ms Philipp therefore started proceedings against Barclays, claiming that it had breached its Quincecare duty to exercise reasonable skill and care in executing the instructions of its customers and have policies and procedures in place to detect APP fraud and to protect her, as its customer, from the consequences of the fraud.
Barclays brought an application for summary judgment, which was granted. The High Court found that the Quincecare duty does not extend to an individual customer who gives the bank a valid payment instruction, even if it is the result of fraud. The High Court found that extending the duty to cover this circumstance would be overly onerous and would require banks to undertake “urgent detective work” in relation to each individual customer’s instructions.
This decision was overturned on appeal. The Court of Appeal decided that the issue was not suitable for summary assessment, and that the proper forum for the dispute was at trial. At the end of 2022, Barclays was granted permission to appeal to the Supreme Court.
The effects of a Supreme Court judgment
If the Supreme Court widens the scope of the Quincecare duty to include retail customers, it will significantly increase the risk of liability for banks.
In a contract between a bank and a retail customer (as opposed to a corporate customer) the retail customer has a mandate to give instructions to the bank, and the bank has a duty to carry out those instructions promptly and effectively.
If the Quincecare duty is extended to include retail customers, this will likely lead to serious delay in the processing of transactions, as risk-averse financial institutions seek to comply with their new obligations and to protect themselves from the risk of liability. If the transaction were (for example) for the purposes of purchasing an asset, the retail customer may be placed in the position of losing that asset if the bank delays or declines to process the transaction in accordance with its obligations. This in turn may open the bank to liability in breach of mandate.
Of particular interest in Philip is that the bank and authorities tried to warn Ms Philipp several times. Ms Philipp had been so thoroughly deceived that she concealed the true nature of the transfer even from Barclays, and these warnings were not heeded until it was too late. It will be interesting to see whether the Supreme Court decides to extend the duty to the extent that a bank must interrogate the wisdom of their retail customers’ decisions, or limit the scope to instances where the bank is acting as agent. If the former, the decision would be a positive for customers who are targeted by increasingly sophisticated frauds with particularly awful consequences – such as the loss of a lifetime’s savings. However, the ease and convenience of day-to-day transactions may be significantly affected as banks delay processing or simply refuse to carry out instructions in order to protect themselves from liability, or request waivers of liability from those customers before proceeding.
Measures already in place
In any case, matters have moved on considerably since the date of the first instance decision in 2018. In May 2019 the Contingent Reimbursement Model (CRM) came into force, designed to reduce the impact of APP fraud by ensuring victims are reimbursed where they have acted appropriately. Under this measure the signatories (which include major lending institutions) have provided interim funding to reimburse victims since 2019. If a bank and customer have both acted appropriately, the customer is reimbursed by the bank which can then claim the sum from the interim fund. There are, however, limits on what payments are covered by the CRM. It is not compulsory, and it can be very difficult for a victim of fraud to successfully claim reimbursement from the CRM. In addition, international payments are not included, which is a significant caveat, given that a large proportion of APP frauds result in funds being sent overseas, as indeed in the case of Philip.
Confirmation of Payee (CoP) checks have also helped to prevent misdirected payments where account names do not match.
In May 2022, the Treasury announced legislation permitting the Payment Systems Regulator (PSR) to compel reimbursement to victims of APP fraud. The PSR has since launched a consultation on mandatory reimbursement for victims of APP fraud, and indicated that it would obtain a regulatory power to compel reimbursement from the Financial Services and Markets Bill. The PSR intends mandatory reimbursement provisions to be in place by the end of 2024. The practical effect of this proposal remains to be seen.
Conclusion
The Supreme Court trial took place at the start of February 2023 and we await the judgment. If the Court of Appeal’s decision is upheld, the extension of the Quincecare duty will likely provide additional protection to victims of APP fraud, by plugging the gaps in the measures described above. For example, the Quincecare duty may provide a solution for victims in relation to overseas payments or where a victim’s bank is not a signatory to the CRM. On the other hand, the extension of the duty would create further obligations on a bank, which are likely to cause serious delays in processing transactions. As described above, this could have a significant effect on the ease of trading and commerce.
In any event, it is important to bear in mind the historical application of the Quincecare duty. So far, only in Singularis has a bank been found to have breached its Quincecare duty. The Supreme Court may decide that, even though the Quincecare duty applies to retail customers, the issue is so fact-specific that its scope will be limited, and it may be extremely difficult for victims of fraud to rely on it. In any event, the judgment should provide some much-needed clarity on the scope and application of this duty.
