Broadly speaking, consumers have available to them two core methods of payment to another party. Authorised push payments or ‘APP’ which involve an individual paying (pushing) money to a recipient such as by the handing over of cash, executing cheques, and authorising one off bank transfers, and pull payments where the recipient requests (pulls) money from the payer, for example, direct debits. As the title of this article suggests, it is the former method and the frauds which take advantage of them – scams whereby banks’ customers are lured into making large transfers to a malicious payee account – that are under the media spotlight and for which Barclays, a bank, has been particularly successful in abdicating responsibility following the High Court’s decision in Philipp v Barclays Bank UK Plc  EWHC 10 (Comm) (18 January 2021).
Consumers have always faced economic crime and fraudsters attempting to part them from their money. And although APP scams are what one might call an evolved species of a problem time immemorial, they are nothing novel and are the collateral of easy access fin-tech, ‘faster payments’ and banking ‘apps’. Which?, the consumer rights watchdog, identified the risk to the public of APP scams as early as 2016, banks have been on notice for some years, and The Contingent Reimbursement Model came into force in May 2019 creating a voluntary reimbursement strategy for firms to compensate their customers for loss. The Code, a manifestation of the banks’ reaction to payment frauds, is a fragile regime because it is anchored to domestic payments only, lacks teeth and robust funding model to keep it going. However its intentions are good, and seeks to address APP fraud, for example, “[w]here a Firm has sufficient concern that a payment maybe an APP scam, it should take appropriate action to delay the payment while it investigates”.
But what happens if the Code is determined not to apply to particular circumstances (there is a distinction for instance between financial fraud and product fraud) or as a matter of construction, the Code cannot apply because the APP is international? The answer is not straightforward.
A Bank’s Implied Duty – ‘Quincecare’
Save for raising a successful complaint to the Financial Services Ombudsman or ‘FOS’, consumers have believed that the banker’s ever-expanding implied legal obligations may protect them, or what lawyers call a ‘Quincecare duty’ – an implied negative duty imposed on a bank to its customer to refrain from executing an order or making payments if the bank has reasonable grounds for believing that the instruction is an attempt to misappropriate the funds of that customer – will provide adequate recourse. But the law is slow and following the High Court’s decision in Philipp (supra) the protections have been dealt a blow: the scope of a bank’s ‘Quincecare duty’ has been held not to extend to APP frauds.
The Judgment runs to over 100 paragraphs but, in a nutshell, Mrs Philipp and her husband, a doctor, were tricked into transferring nearly £1 million to fraudsters playing the roles of FCA employees in an elaborate pension protection scheme. As ever, by the time the police investigated the matter (Mrs Philipp initially ignored early warning signs), the damage had been done to the Philipps. In this case the international transfers or APPs made by Mrs Philipp were bank accounts in the UAE, not the UK, using “BIPS Priority”, Barclay’s international payments system, and so the Code, notwithstanding the self-help option coming into force after the fraud, was of no assistance. Proceedings were therefore issued by Mrs Philipp against Barclays to recover the funds on the basis that this Quincecare duty owed to her by the bank had been breached. The court however did not agree and struck out Mrs Philipp’s claim because it was, in the court’s word, an “impermissible” attempt to promote the duty of care from a basic duty on Barclays to refrain from executing an order if it has reasonable grounds (although not necessarily proof) for believing that the order is an attempt to defraud the customer, to a duty to protect the customer from the consequences and damage of her own actions (in spite of the underlying fraud). It is instructive because Mrs Philipp authorised the payment, and for that the court held that for Barclays to have disregarded that instruction would have amounted to an insurmountable conflict with the established duty upon a bank to comply with its customer’s mandate. The court made clear that the bank’s primary duty is contractual, that is to say, to act on the customer’s payment instructions, which is what it did here. The duty was held to be confined to situations where an agent of the customer sought to misappropriate funds, as had been the case in previously decided cases such as Singularis Holdings Ltd (In Official Liquidation) v Daiwa Capital Markets Europe Ltd  UKSC 50, and does not assist those that are, in effect, architects of their own misfortune.
It is perhaps too early to say to what level the decision has stemmed the application of Quincecare obligations on banks to protect their customers from fraud. The decision is unlikely to be appealed and is perhaps now time barred. The Code, which it is hoped is here to stay but which is a lottery for consumers because firms are slow to join and indeed funding is due to dry-up in June, will prima facie meet domestic payments and FOS is an efficient adjudicator of things gone wrong. Nonetheless, it is suffice to say that Philipp serves as a salutary reminder that customers bear at least some responsibility and until the FCO issues refreshed guidance, and the Code is unshackled, banks’ customers ought to think twice before authorising a payment.
Writer’s note: Edwin Coe’s Group and Financial Litigation team are here to help and should readers have questions arising from this or their own situations, they are invited to write to Thomas.Johnson@EdwinCoe.com.
If you aren’t receiving our legal updates directly to your mailbox, please sign up now
Please note that this blog is provided for general information only. It is not intended to amount to advice on which you should rely. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content of this blog.
Edwin Coe LLP is a Limited Liability Partnership, registered in England & Wales (No.OC326366). The Firm is authorised and regulated by the Solicitors Regulation Authority. A list of members of the LLP is available for inspection at our registered office address: 2 Stone Buildings, Lincoln’s Inn, London, WC2A 3TH. “Partner” denotes a member of the LLP or an employee or consultant with the equivalent standing.