Quincecare duties: the differing obligations of a bank to protect you against fraud
15 April 2024
Once upon a time, there was a young solicitor in Hong Kong who was asked to represent a company whose former directors had paid more than US$50 million out of its bank account for their own benefit – and there was no real chance of getting the money back from the former directors.
Not quite the case of George Best, who was reported as saying: “I spent a lot of money on booze, birds, and fast cars. The rest I just squandered”. But the prospect of proceedings against the former directors was a non-starter.
The short read
The company therefore pursued a claim against the bank: it was a claim in debt, further or alternatively, a claim in damages for breach of a duty of care owed in contract and/or tort not to give effect to the payment instructions in circumstances where the Bank knew of facts which would lead a reasonable and honest banker to consider that “there was a serious or real possibility that [the company] might be being defrauded… by the giving of that payment instruction”. There was an alternative plea that the bank was reckless and turned a blind eye to the improper character of the transactions by acting on the instructions without making inquiries or informing at least one of the independent directors.
I was the young solicitor that first intimated the claim on behalf of the company. I left and came back to England, and others pursued the claim. My former colleagues were ultimately successful in the Court of Final Appeal in Hong Kong, and got judgment against the bank, with interest: PT Asuransi Tugu Pratama Indonesia TBK v Citibank NA [2023] HKCFA 3.
I therefore have a passing interest in claims by customers for breach of duty in cases against banks.
These duties are generally called a “Quincecare duty”, after the first case that considered this sort of claim; and the duty is to refuse to comply with a payment instruction in circumstances where the bank is on notice that the instruction may be part of a fraud on the customer.
The case law in England is now primarily to be found in the Supreme Court case of Philipp v Barclays Bank UK PLC [2023] UKSC 25. This has developed to distinguish between a customer who is an individual and a customer who is a company (where the person giving instructions to the bank is invariably an agent of the customer, usually a director).
If there are clear instructions from an individual to their bank, and the bank is not on notice of any fraud, you can now pretty much forget about a claim based on a Quincecare duty; but you will have a better chance of success if you are a company, and the director did not have authority to make fraudulent payments out of the account (as in the Citibank case).
There is, however, still hope for an individual – and, indeed, a company – that may have been defrauded.
There is now a mandatory reimbursement scheme under the Financial Services and Markets Act 2023, section 72 (“Liability of payment service providers for fraudulent transactions”): providing the paying and receiving banks are both based in England.
And there is also another string to the bow: a possible claim based on a “retrieval duty”, against both their own bank and the recipient bank.
If the banks are told that a fraud has been committed, and are asked to take steps to retrieve the money before it is paid out of the bank account, they should take those steps quickly and freeze any relevant bank accounts to preserve the money – backed, if need be, by an indemnity (or chain of indemnities, from one bank to the other), to protect the recipient bank from any claim by its customer (the alleged fraudster), arising as a result of the freezing of that customer’s bank account.
This is an area of developing law, and it will be interesting to see how it develops.
The long read
Last year, I wrote a short article on the Court of Appeal in England, in Philipp v Barclays Bank UK PLC [2022] EWCA Civ 318 (“Defrauded by a fraudster: can you sue your bank?”); and that case then went to the Supreme Court in England (Philipp v Barclays Bank UK PLC [2023] UKSC 25).
Mrs Philipp was the victim of an “authorised push payment” (APP) fraud. She was a teacher, and her husband, Dr Philipp, was a retired consultant occupational and public health physician. They were deceived by a fraudster (known as “JW”) into moving more than £700,000 of their savings into an account in Mrs Philipp’s name with Barclays.
Mrs Phillip was successful in her claim against Barclays in the Court of Appeal, but she lost in the Supreme Court.
The Supreme Court distinguished between two cases:
- Where the customer herself gives a payment instruction to the bank (and no agent is involved in acting on her behalf), the Supreme Court said that the validity of the instruction is not in doubt. Provided the instruction is clear, it said that no enquiries are needed by the bank to clarify or verify what the bank is authorized and required to do. Unless otherwise expressly agreed, the bank’s duty is to execute the instruction and any refusal or failure to do so will be a breach of duty by the bank.
- The position is, however, different, if a director is giving instructions on behalf of a company (or an agent is otherwise acting on behalf of the customer). In that case, the authority of an agent to sign cheques or give other payment instructions on the customer’s behalf does not include authority to defraud the customer. Accordingly, and as explained in the Press Summary from the Supreme Court, if the bank were to carry out the instruction it would therefore be making a payment which the customer has not actually authorised the bank to make. Even if the agent is acting in fraud of the customer and therefore does not actually have authority to give the instruction on behalf of the customer, the bank would still generally be entitled to rely on the agent as having apparent authority to do so; but not if the bank has reasonable grounds for believing that the instruction given by the agent is an attempt to defraud the customer and is therefore given without the customer’s authority. In that case, if the bank executes the instruction without first making inquiries to verify that the payment has been authorised by the customer and the instruction proves to have been given without the customer’s authority, the bank will be in breach of duty to the customer. The bank will also be acting without actual or even apparent authority from the customer and will therefore not be entitled to debit the payment to the customer’s account.
Mrs Phillip did, however, have an alternative claim that the bank was in breach of duty in that it had not acted promptly in trying to recall the payments that had been made, after it had been notified of the fraud. Whether there was a duty, and whether there was any realistic chance that the money would have been recovered if steps had been taken to recall the payments sooner could not be decided without a full investigation of the facts.
Even if an individual (rather than a company) will now struggle to maintain a claim against a bank if s/he has been defrauded, there is some solace in the Financial Services and Markets Act 2023, section 72 (see my article, dated 21 August 2023 “Failure to prevent fraud offence to be introduced”).
Section 72 is headed “Liability of payment service providers for fraudulent transactions”, which received Royal Assent on 29 June 2023. It provides for a mandatory reimbursement scheme – but does not extend to international payments. It would not, therefore have applied to help Mrs Phillip. The only recourse left open to her appears to have been the “duty of retrieval” claim.
It is therefore interesting to see another case come to court, relatively quickly, on the question as to whether a bank has a “duty of retrieval”: CCP Graduate School Ltd v National Westminster Bank PLC & Anor [2024] EWHC 581 (KB), before Master Brown.
In CCP Graduate School, the director instructed a bank to make payments out of its account in a total of just over £450,000 to an account with Santander, that the Claimant later understood to be under the control of a criminal gang. Only about £14,000 of the money was retrieved, the rest was lost.
Quincecare claims against NatWest and Santander were struck out. There were no doubts about the validity of the instructions, and the claim against NatWest was, in any event, time barred.
The Claimant therefore made an application to amend its pleaded case, to plead and argue, in the alternative, that even if there is no Quincecare duty to prevent payments out there is a duty in law at a certain point to take reasonable steps to retrieve or recover the sums paid out as result of the fraud (based on what is referred to as a “retrieval duty”). It sought to do so, both against its own bank, and against the recipient bank.
This was based on the argument in Phillip that Barclays should have contacted the recipient banks in the UAE (to which the funds had been sent) and asked them to freeze the funds. In that scenario, the first bank might give an indemnity to the recipient bank, against any liability it might face to its customer when preventing any payment out of the frozen bank account.
The difficulty in pursuing such a claim against the Claimant’s bank was that it was a new cause of action, and it was time-barred. If that claim had been set out and made within the limitation period, the position may have been different.
Master Brown did, however, allow the amendment to plead and pursue this “retrieval duty” claim against the recipient bank. The claim had been foreshadowed in the pleadings, and was not time barred as against Santander, the receiving bank. Santander nevertheless argued that it had no contractual relationship with the Claimant (who was, after all, the customer of NatWest, not Santander). Counsel for Santander put the point forcefully, as summarised by Master Brown: “It would be absurd to find that there was a duty on a bank to a third party when a bank does not owe such a duty to its own customers”. Master Brown answered this by saying: “these matters are for Parliamentary regulation and not the court”.
The “retrieval duty”, as against the recipient bank, would therefore be a claim based in tort, rather than contract – and, if there was a duty on the customer’s bank, it is at least arguable that it would be anomalous if the bank that operates the account of the criminal gang (who can be assumed to have perpetrated the fraud) was not under a similar duty; not least if Santander had at least some measure of control over the payments and the movement of money from the account held by the fraudulent gang, it might be assumed that it was is in a special position to take steps to recover the sums due.
Master Brown said that he should not strike out the case against Santander, based on a retrieval duty and added “Whether or not it could be described as a developing area of law, there is to mind is some uncertainty as to whether any such duty lies on the bank of those who can be assumed to have perpetrated the fraud”.
A difficult area, perhaps – but a claim based on a retrieval duty could be made, in time, on the facts, against the customer’s bank based in contract and tort, and against the recipient bank based in tort.
Services
The content of this article is for general information only. It is not, and should not be taken as, legal advice. If you require any further information in relation to this article please contact the author in the first instance. Law covered as at April 2024.