Call us on +44 (0)20 7465 4300
22 June 2022

APP fraud, Payments Services and Quincecare: Ripe for reform?

In our article in March (Authorised Push Payment Fraud and Quincecare – (In)adequate Consumer Protection) we reported on the findings in Court of Appeal’s judgment in Philipp v Barclays Bank UK Plc [2022] EWCA Civ 2018 in relation to Quincecare and the potential for a significant expansion in the scope of the duty.

In this companion article, we consider the development of the current principles in more detail and the prospect of legislative reform in this increasingly important area of banking law, which has the potential to significantly reframe the nature of the relationship between retail banks and other payments systems providers and their customers.

The evolution of the Quincecare duty

The origins of the Quincecare duty are comparatively recent and rest on a narrow body of authority.  The first of the limited number of authorities is the seminal case of Barclays Bank plc v Quincecare Ltd [1992] 4 All ER 363, where at 376 Steyn J held that:

“a banker must refrain from executing an order if and for so long as the banker is ‘put on inquiry’ in the sense that he has reasonable grounds (although not necessarily proof) for believing that the order is an attempt to misappropriate the funds of the company”

The Quincecare duty was therefore originally conceived as a negative duty, providing that in certain circumstances a bank is obliged to refrain from carrying out a customer’s instructions (as opposed to any positive obligation to probe or further investigate suspicious activity).  Notwithstanding the potentially expansive scope of the duty, historically it has attracted relatively little attention.  Until recently its operation has been confined to internal fraud cases, see for example Singularis v Daiwa [2020] AC 1189, where at 35 the purpose of the duty was described as being “to protect the company against just the sort of misappropriation of its funds as took place here.  By definition, this is done by a trusted agent of the company who is authorised to withdraw its money from the account”.     

The recent surge of authorised push payment (“APP”) fraud however has given the duty a renewed purpose and attention.  Notwithstanding some recent academic criticism[1], the existence of the Quincecare duty is now a firmly established feature of the banking law landscape – even if its precise scope remains to be authoritatively determined.  The latter naturally remains a point of significant interest for the retail payments industry, and with good reason.  As noted in our previous article, the Court of Appeal in Philipp v Barclays Bank UK Plc[2022] EWCACiv 318 considered whether the Quincecare duty should extend to require banks to take reasonable steps to protect their customers from APP fraud.  There, the customer Mrs Philipp lost £700,000 when fraudsters deceived her into believing she was assisting a Financial Conduct Authority / National Crime Agency investigation. Barclays maintains that the instructions given by Mrs Philipp were valid and that extending the Quincecare duty to this situation would set an inappropriately high standard for retail banks.  Notwithstanding the bank’s arguments to the contrary, the Court of Appeal held that:-

  1. the duty “[…] does not depend on the fact that the bank is instructed by an agent of the customer of the bank”; and it follows that
  2. “[…] it is, therefore, at least possible in principle that a relevant duty of care could arise in the case of a customer instructing their bank to make a payment when that customer is the victim of APP fraud.”[2]

As matters stand, Philipp is therefore not authority for the proposition that a duty of care arises (i) in the case of a customer instructing their bank to make a payment when that customer is a victim of APP fraud; or (ii) in any case in which a bank is on inquiry that the instruction is an attempt to misappropriate funds.  Those are questions for trial.  However, as observed by Mrs Justice Cockerill when considering Philipp at 152 of The Federal Republic of Nigeria v JPMorgan Chase [2022] EWHC 1447 (Comm), “it is fairly clear that the obiter view of the Court of Appeal was that such a duty would logically arise”. 

Should those proceedings not be resolved between the parties, these and other issues relevant to the scope of the Quincecare duty as it applies to APP fraud will be ventilated at trial.  This raises the prospect of further developments in this previously unfashionable branch of banking law that is increasingly important for not only customers of traditional retail banks, but those of the fast-growing fintech retail payments sector as well.

Legislative reform?

The importance of these issues has not escaped the regulatory authorities, with incremental reforms introduced in recent years in parallel with developments in the Quincecare duty.  The Contingent Reimbursement Model Code or CRM Code, for example, which sets out consumer protection standards to help reduce the frequency of APP fraud, was introduced in May 2019 following consultation between the payments industry and the Payments Systems Regulator.

Under the CRM Code signatory banks and other relevant payments providers committed to protect their customers with better procedures to detect, prevent, and respond to APP scams and to reimburse those customers who are not to blame for the success of a scam.  This is a positive development, and a reflection of the industry’s awareness of the challenges presented by APP fraud.  However the protections provided by the CRM Code, like Quincecare, are imperfect.  The CRM Code is voluntary and outcomes for affected customers vary depending on the approach adopted by the bank in question.   The scope of Quincecare remains uncertain, and short of advancing Quincecare-style complaints through Financial Ombudsman Service (which is able to apply a more flexible standard than the courts when assessing APP fraud complaints) it can be a difficult and expensive claim to pursue through the courts for all but a small minority of individual complainants.

Legislative reform has seemed imminent for some time.  It may now be a step closer.  The Financial Services and Markets Bill announced in this year’s Queen’s Speech will address some of the concerns outlined above.  The bill is intended to enhance consumer protection, it is said, by allowing the Payments Systems Regulator to require banks to reimburse customers affected by APP fraud.  Details for the proposed legislative changes remain to be announced, but on 8 June 2022 in response to a written question in Parliament, Economic Secretary to the Treasury John Glen MP said:

The Government is committed to tackling fraud within payment networks, including to protect people against Authorised Push Payment (APP) fraud.  This is a priority.

The recent Queen’s Speech therefore confirmed that the government will legislate, when Parliamentary time allows, to remove barriers in law so that the Payment Systems Regulator is able to require banks to reimburse APP fraud losses.

As matters stand, under regulation 90 of the Payment Services Regulations 2017, where a payment is executed in accordance with the unique identifier provided by the customer (e.g. account number and sort code), a payment service provider is said to have correctly executed the payment.  The government’s proposed amendment:

“[W]ill make clear that this does not affect the ability of the PSR [Payment Systems Regulator] to use its existing regulatory powers in relation to APP scams. This will enable the PSR to establish a liability framework for APP scams using its existing powers, and ultimately improve reimbursement outcomes for victims of APP scams”.[3]

Precisely what this will look like will become clear later in the year, with the Payment Systems Regulator reported to be likely to publish a consultation on its preferred approach to APP scam reimbursement in Autumn 2022.


APP fraud is an expanding and serious issue for the payments industry and consumers alike.  Refinement and clarification of the scope of the Quincecare duty and regulatory reform to enhance consumer protection should be welcomed by all interested parties.  The outcome of Philipp and the draft text of the Financial Services and Markets Bill will no doubt attract a great deal of justified attention.

If you would like to discuss any aspect of this case please contact a member of the Dispute Resolution Team.

[1] See the critique by Professor Peter Watts QC: “The Quincecare Duty: Misconceived and Misdelivered” at JBL [2020] 403 referred to at paragraph 145 of The Federal Republic of Nigeria v JPMorgan Chase [2022] EWHC 1447 (Comm).

[2] Philipp v Barclays Bank UK Plc [2022] EWCA Civ 318, at 78.