Philipp v Barclays Bank plc [2023] UKSC 25

17/07/2023

On Wednesday 12th July, the Supreme Court handed down its judgment in Philipp v Barclays Bank plc [2023] UKSC 25, in which Hugh Sims KC, Christopher Hare, Lucy Walker and Jay Jagasia (instructed by Squire Biggs Law) appeared for the Respondent, Mrs Philipp.

The background to the appeal concerned an instruction given by Mrs Philipp to the Appellant, Barclays Bank plc (“Barclays”), to transfer £700,000 in two payments from her current account to third-party bank accounts in the United Arab Emirates. Mrs Philipp’s payment instruction was the result of a fraud perpetrated on her by unidentified individuals who convinced her that the funds needed to be transferred to “safe accounts” as a matter of urgency. Such “authorised push payment” frauds (or “APP frauds”) have mushroomed in recent years. The fundamental issue at the heart of the appeal in Philipp concerned a bank’s liability to its customer when a payment instruction is the product of APP fraud.

The appeal itself arose out of an application by Barclays to strike out Mrs Philipp’s claim that the bank owed her an implied contractual and common law duty not to execute her payment instruction without making further inquiries given that inter alia the size and destination of the payments put Barclays “on enquiry” that the funds being transferred involved a fraud being perpetrated upon Mrs Philipp. The claim was accordingly based on the so-called “Quincecare duty”, which was recognised in Barclays Bank plc v Quincecare Ltd [1992] 4 All ER 363 (“Quincecare”). At first instance, HHJ Russen QC had struck out Mrs Philipp’s claim ([2021] EWHC 10 (Comm)), but the Court of Appeal subsequently allowed an appeal against that decision ([2022] QB 578). A unanimous Supreme Court (Lord Leggatt giving the Court’s judgment) allowed an appeal in part, dismissing Mrs Philipp’s primary case that Barclays owed her a duty not to execute her payment instruction. The Supreme Court, however, allowed Mrs Philipp’s alternative case — that Barclays owed a duty to take reasonable steps to recover the fraudulent payments — to proceed to trial. With respect to Mrs Philipp’s primary case, Lord Leggatt stated (at [63]) that:

“…the [bank]’s duty to exercise reasonable skill and care only arises where the validity or content of the customer’s instruction is unclear or leaves the bank with a choice about how to carry out the instruction … Where the bank receives a valid payment order which is clear and leaves no room for interpretation or choice about what is required in order to carry out the order, the bank’s duty is simply to execute the order by making the requisite payment. The duty of care does not apply.”

On that basis, Lord Leggatt concluded (at [68]) that the reasoning adopted by Steyn J in
Quincecare was based upon a false premise and that the case law applying Quincecare should
instead be rationalised (at [97]) on the basis of the paying bank’s notice of the lack of authority
on the part of the corporate customer’s agent (usually a signatory on the account who is intent
upon defrauding his company) to give the payment instruction. As the corporate customer’s
agent would accordingly have neither actual nor apparent authority to bind the customer to the
payment instruction, the corporate customer would have coterminous claims against the paying
bank for breach of its mandate and for breach of its duty to act with reasonable care (at [91]and [96]). The Supreme Court emphasised that, if Quincecare had been correctly decided, the
approach of the Court of Appeal in Philipp would have been “a logical approach to take” and
would accordingly have been left undisturbed; as Quincecare was flawed, however, so
logically was the Court of Appeal’s decision.

In short, and subject to two caveats, Philipp decides that the common law affords no significant
protection to personal customers who fall victim to APP fraud. Such individuals will now have
to wait for regulatory or statutory protection to be put in place. In contrast, Philipp not only
preserves existing protection but also affords enhanced protection to corporate customers
(when the bank has reasonable grounds for suspecting that the customer’s agent is perpetrating
a fraud on the account), since they may now choose to pursue a breach of mandate claim, if
their concern is simply to recover monies paid out, without having to prove any counterfactual
or face a contributory negligence argument. Philipp also (at [98]–[99]) affords protection to
joint accountholders (when the bank has reasonable grounds for suspecting that one signatory
is defrauding the other) and to customers lacking mental capacity (when the bank has
reasonable grounds for suspecting that this might be the case).

Philipp accordingly leaves the common law in an odd situation where corporate customers
receive greater protection than personal customers and where relief for customers may depend
upon the happenstance of an account being jointly held. Ironically, given Lord Leggatt’s desire
to provide certainty in payment systems, Philipp risks creating neither legal nor commercial
certainty: banks will still have to investigate the circumstances surrounding payment
instructions to test their validity and Philipp leaves less clear the current status of Singularis
Holdings Ltd v Daiwa Capital Markets Europe Ltd [2020] AC 1189, Nigeria v JP Morgan Chase Bank NA [2019] EWCA Civ 1641 and Stanford International Bank Ltd v HSBC Bank plc [2023] 2 WLR 79 (all of which assumed the correctness of the Quincecare duty).

As indicated above, there are two caveats to Lord Leggatt’s approach that may yet provide avenues of recourse for bank customers in the future. The first caveat (at [107]–[109]) is based upon the decision of McGarvie J in Ryan v Bank of New South Wales [1978] VR 555 at 579, namely where the bank has knowledge about the risk of fraud on an account that is not shared by the customer. According to Lord Leggatt (at [109]):

“Thus, if a bank receives reliable information from a source such as the police suggesting that a customer’s payment instruction had (unknown to the customer) been procured by fraud, it may be right for the bank to refrain from executing the instruction without alerting the customer to this information and verifying whether the customer wishes to proceed with the transaction.”

It is not exactly clear why cases of APP fraud do not similarly involve such asymmetry of information, given banks’ unique ability to “join the dots”, but Lord Leggatt is clear (at [109]) that “circumstances such as the destination and amount of payment which the customer has instructed the bank to make” do not involve such an asymmetry of information since the customer will also be aware of these matters (albeit probably not their significance).

The second caveat relates to that part of Mr Philipp’s claim that will now proceed to trial, namely the extent of a bank’s post-execution duties to its customers to trace and recover fraudulent payments. Whilst Lord Leggatt (at [117]) suggested that such a duty would only arise once the customer had sufficient information to countermand the instruction (even if the bank had by that time become aware of the fraud affecting the payment), this suggestion sits somewhat uneasily with his Lordship’s reliance on informational asymmetries as the basis for imposing duties on banks. Lower courts may well highlight this inconsistency in reasoning to assist the growing number of personal customers, like Mrs Philipp, to obtain at least some relief when the victim of APP fraud.